This commit was manufactured by cvs2git to create tag 'v9_0_0rc2'.

"allow-query", the databases were still being
                        attached causing reference leaks.

.cvsignore

@@ -0,0 +1,7 @@
+Makefile
+config.log
+config.h
+config.cache
+config.status
+libtool
+isc-config.sh

.gitignore

@@ -1,53 +0,0 @@
-Makefile
-config.log
-config.h
-config.cache
-config.status
-libtool
-isc-config.sh
-configure.lineno
-autom4te.cache
-*.o
-*.lo
-*.so
-*.a
-*.la
-*_test
-timestamp
-ans.run
-lwresd.run
-named.run
-named.memstats
-gen.dSYM/
-.libs/
-.deps/
-.dirstamp
-unit/atf-src/atf-c++/atf-c++.pc
-unit/atf-src/atf-c/atf-c.pc
-unit/atf-src/atf-c/defs.h
-unit/atf-src/atf-c/detail/process_helpers
-unit/atf-src/atf-config/atf-config
-unit/atf-src/atf-report/atf-report
-unit/atf-src/atf-report/fail_helper
-unit/atf-src/atf-report/misc_helpers
-unit/atf-src/atf-report/pass_helper
-unit/atf-src/atf-run/atf-run
-unit/atf-src/atf-run/bad_metadata_helper
-unit/atf-src/atf-run/expect_helpers
-unit/atf-src/atf-run/misc_helpers
-unit/atf-src/atf-run/pass_helper
-unit/atf-src/atf-run/several_tcs_helper
-unit/atf-src/atf-run/zero_tcs_helper
-unit/atf-src/atf-sh/atf-check
-unit/atf-src/atf-sh/atf-sh
-unit/atf-src/atf-sh/misc_helpers
-unit/atf-src/atf-version/atf-version
-unit/atf-src/atf-version/revision.h
-unit/atf-src/atf-version/revision.h.stamp
-unit/atf-src/bconfig.h
-unit/atf-src/bootstrap/atconfig
-unit/atf-src/doc/atf.7
-unit/atf-src/stamp-h1
-unit/atf-src/test-programs/c_helpers
-unit/atf-src/test-programs/cpp_helpers
-unit/atf-src/test-programs/sh_helpers

Atffile

@@ -1,5 +0,0 @@
-Content-Type: application/X-atf-atffile; version="1"
-
-prop: test-suite = bind9
-
-tp: lib

COPYRIGHT

@@ -1,538 +1,14 @@
-Copyright (C) 2004-2014  Internet Systems Consortium, Inc. ("ISC")
-Copyright (C) 1996-2003  Internet Software Consortium.
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-
-	Portions of this code release fall under one or more of the
-	following Copyright notices.  Please see individual source
-	files for details.
-
-	For binary releases also see: OpenSSL-LICENSE.
-
-Copyright (C) 1996-2001  Nominum, Inc.
+Copyright (C) 1996-2000  Internet Software Consortium.
 
 Permission to use, copy, modify, and distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
 copyright notice and this permission notice appear in all copies.
 
-THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
-OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 1995-2000 by Network Associates, Inc.
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
-ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
-FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the
-above copyright notice and this permission notice appear in all
-copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET
-DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
-USE OR PERFORMANCE OF THIS SOFTWARE.
-
-The development of Dynamically Loadable Zones (DLZ) for Bind 9 was
-conceived and contributed by Rob Butler.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the
-above copyright notice and this permission notice appear in all
-copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER
-DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
-USE OR PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1987, 1990, 1993, 1994
-     The Regents of the University of California.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. Neither the name of the University nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) The Internet Society 2005.  This version of
-this module is part of RFC 4178; see the RFC itself for
-full legal notices.
-
-(The above copyright notice is per RFC 3978 5.6 (a), q.v.)
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 2004 Masarykova universita
-(Masaryk University, Brno, Czech Republic)
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice,
-   this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the University nor the names of its contributors may
-   be used to endorse or promote products derived from this software
-   without specific prior written permission.
- 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
-(Royal Institute of Technology, Stockholm, Sweden). 
-All rights reserved. 
-
-Redistribution and use in source and binary forms, with or without 
-modification, are permitted provided that the following conditions 
-are met: 
-
-1. Redistributions of source code must retain the above copyright 
-   notice, this list of conditions and the following disclaimer. 
-
-2. Redistributions in binary form must reproduce the above copyright 
-   notice, this list of conditions and the following disclaimer in the 
-   documentation and/or other materials provided with the distribution. 
-
-3. Neither the name of the Institute nor the names of its contributors 
-   may be used to endorse or promote products derived from this software 
-   without specific prior written permission. 
-
-THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-SUCH DAMAGE. 
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1998 Doug Rabson
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright ((c)) 2002, Rice University
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-    notice, this list of conditions and the following disclaimer.
-
-    * Redistributions in binary form must reproduce the above
-    copyright notice, this list of conditions and the following
-    disclaimer in the documentation and/or other materials provided
-    with the distribution.
-
-    * Neither the name of Rice University (RICE) nor the names of its
-    contributors may be used to endorse or promote products derived
-    from this software without specific prior written permission.
-
-
-This software is provided by RICE and the contributors on an "as is"
-basis, without any representations or warranties of any kind, express
-or implied including, but not limited to, representations or
-warranties of non-infringement, merchantability or fitness for a
-particular purpose. In no event shall RICE or contributors be liable
-for any direct, indirect, incidental, special, exemplary, or
-consequential damages (including, but not limited to, procurement of
-substitute goods or services; loss of use, data, or profits; or
-business interruption) however caused and on any theory of liability,
-whether in contract, strict liability, or tort (including negligence
-or otherwise) arising in any way out of the use of this software, even
-if advised of the possibility of such damage.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1993 by Digital Equipment Corporation.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies, and that
-the name of Digital Equipment Corporation not be used in advertising or
-publicity pertaining to distribution of the document or software without
-specific, written prior permission.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
-CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
 DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
 PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
 ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
 SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright 2000 Aaron D. Gifford.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. Neither the name of the copyright holder nor the names of contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
- 
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1998 Doug Rabson.
-Copyright (c) 2001 Jake Burkholder.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. Neither the name of the project nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1999-2000 by Nortel Networks Corporation
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS
-ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS
-BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
-OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
-WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
-ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 2000-2002 Japan Network Information Center.  All rights reserved.
- 
-By using this file, you agree to the terms and conditions set forth bellow.
-
-                        LICENSE TERMS AND CONDITIONS 
-
-The following License Terms and Conditions apply, unless a different
-license is obtained from Japan Network Information Center ("JPNIC"),
-a Japanese association, Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda,
-Chiyoda-ku, Tokyo 101-0047, Japan.
-
-1. Use, Modification and Redistribution (including distribution of any
-   modified or derived work) in source and/or binary forms is permitted
-   under this License Terms and Conditions.
-
-2. Redistribution of source code must retain the copyright notices as they
-   appear in each source code file, this License Terms and Conditions.
-
-3. Redistribution in binary form must reproduce the Copyright Notice,
-   this License Terms and Conditions, in the documentation and/or other
-   materials provided with the distribution.  For the purposes of binary
-   distribution the "Copyright Notice" refers to the following language:
-   "Copyright (c) 2000-2002 Japan Network Information Center.  All rights
-   reserved."
-
-4. The name of JPNIC may not be used to endorse or promote products
-   derived from this Software without specific prior written approval of
-   JPNIC.
-
-5. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY JPNIC
-   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL JPNIC BE LIABLE
-   FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-   SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-   ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 2004  Nominet, Ltd.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND NOMINET DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Portions Copyright RSA Security Inc.
-
-License to copy and use this software is granted provided that it is
-identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-(Cryptoki)" in all material mentioning or referencing this software.
-
-License is also granted to make and use derivative works provided that
-such works are identified as "derived from the RSA Security Inc. PKCS #11
-Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-referencing the derived work.
-
-RSA Security Inc. makes no representations concerning either the
-merchantability of this software or the suitability of this software for
-any particular purpose. It is provided "as is" without express or implied
-warranty of any kind.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1996, David Mazieres <dm@uun.org>
-Copyright (c) 2008, Damien Miller <djm@openbsd.org>
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
------------------------------------------------------------------------------
-
-Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in
-   the documentation and/or other materials provided with the
-   distribution.
-
-3. All advertising materials mentioning features or use of this
-   software must display the following acknowledgment:
-   "This product includes software developed by the OpenSSL Project
-   for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-
-4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-   endorse or promote products derived from this software without
-   prior written permission. For written permission, please contact
-   licensing@OpenSSL.org.
-
-5. Products derived from this software may not be called "OpenSSL"
-   nor may "OpenSSL" appear in their names without prior written
-   permission of the OpenSSL Project.
-
-6. Redistributions of any form whatsoever must retain the following
-   acknowledgment:
-   "This product includes software developed by the OpenSSL Project
-   for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-
-THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-OF THE POSSIBILITY OF SUCH DAMAGE.
-
------------------------------------------------------------------------------
-
-Copyright (c) 1995, 1997, 1998 The NetBSD Foundation, Inc.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
-``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
-BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
-

FAQ

@@ -1,893 +0,0 @@
-Frequently Asked Questions about BIND 9
-
-Copyright © 2004-2010, 2013 Internet Systems Consortium, Inc. ("ISC")
-
-Copyright © 2000-2003 Internet Software Consortium.
-
------------------------------------------------------------------------
-
-1. Compilation and Installation Questions
-
-Q: I'm trying to compile BIND 9, and "make" is failing due to files not
-   being found. Why?
-
-A: Using a parallel or distributed "make" to build BIND 9 is not
-   supported, and doesn't work. If you are using one of these, use normal
-   make or gmake instead.
-
-Q: Isn't "make install" supposed to generate a default named.conf?
-
-A: Short Answer: No.
-
-   Long Answer: There really isn't a default configuration which fits any
-   site perfectly. There are lots of decisions that need to be made and
-   there is no consensus on what the defaults should be. For example
-   FreeBSD uses /etc/namedb as the location where the configuration files
-   for named are stored. Others use /var/named.
-
-   What addresses to listen on? For a laptop on the move a lot you may
-   only want to listen on the loop back interfaces.
-
-   Who do you offer recursive service to? Is there are firewall to
-   consider? If so is it stateless or stateful. Are you directly on the
-   Internet? Are you on a private network? Are you on a NAT'd network? The
-   answers to all these questions change how you configure even a caching
-   name server.
-
-2. Configuration and Setup Questions
-
-Q: Why does named log the warning message "no TTL specified - using SOA
-   MINTTL instead"?
-
-A: Your zone file is illegal according to RFC1035. It must either have a
-   line like:
-
-   $TTL 86400
-
-   at the beginning, or the first record in it must have a TTL field, like
-   the "84600" in this example:
-
-   example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )
-
-Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master
-   file bar: ran out of space"?
-
-A: This is often caused by TXT records with missing close quotes. Check
-   that all TXT records containing quoted strings have both open and close
-   quotes.
-
-Q: How do I restrict people from looking up the server version?
-
-A: Put a "version" option containing something other than the real version
-   in the "options" section of named.conf. Note doing this will not
-   prevent attacks and may impede people trying to diagnose problems with
-   your server. Also it is possible to "fingerprint" nameservers to
-   determine their version.
-
-Q: How do I restrict only remote users from looking up the server version?
-
-A: The following view statement will intercept lookups as the internal
-   view that holds the version information will be matched last. The
-   caveats of the previous answer still apply, of course.
-
-   view "chaos" chaos {
-           match-clients { <those to be refused>; };
-           allow-query { none; };
-           zone "." {
-                   type hint;
-                   file "/dev/null";  // or any empty file
-           };
-   };
-
-Q: What do "no source of entropy found" or "could not open entropy source
-   foo" mean?
-
-A: The server requires a source of entropy to perform certain operations,
-   mostly DNSSEC related. These messages indicate that you have no source
-   of entropy. On systems with /dev/random or an equivalent, it is used by
-   default. A source of entropy can also be defined using the
-   random-device option in named.conf.
-
-Q: I'm trying to use TSIG to authenticate dynamic updates or zone
-   transfers. I'm sure I have the keys set up correctly, but the server is
-   rejecting the TSIG. Why?
-
-A: This may be a clock skew problem. Check that the the clocks on the
-   client and server are properly synchronised (e.g., using ntp).
-
-Q: I see a log message like the following. Why?
-
-   couldn't open pid file '/var/run/named.pid': Permission denied
-
-A: You are most likely running named as a non-root user, and that user
-   does not have permission to write in /var/run. The common ways of
-   fixing this are to create a /var/run/named directory owned by the named
-   user and set pid-file to "/var/run/named/named.pid", or set pid-file to
-   "named.pid", which will put the file in the directory specified by the
-   directory option (which, in this case, must be writable by the named
-   user).
-
-Q: I can query the nameserver from the nameserver but not from other
-   machines. Why?
-
-A: This is usually the result of the firewall configuration stopping the
-   queries and / or the replies.
-
-Q: How can I make a server a slave for both an internal and an external
-   view at the same time? When I tried, both views on the slave were
-   transferred from the same view on the master.
-
-A: You will need to give the master and slave multiple IP addresses and
-   use those to make sure you reach the correct view on the other machine.
-
-   Master: 10.0.1.1 (internal), 10.0.1.2 (external, IP alias)
-       internal:
-           match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
-                   notify-source 10.0.1.1;
-                   transfer-source 10.0.1.1;
-                   query-source address 10.0.1.1;
-       external:
-           match-clients { any; };
-           recursion no;   // don't offer recursion to the world
-           notify-source 10.0.1.2;
-           transfer-source 10.0.1.2;
-           query-source address 10.0.1.2;
-
-   Slave: 10.0.1.3 (internal), 10.0.1.4 (external, IP alias)
-       internal:
-           match-clients { !10.0.1.2; !10.0.1.4; 10.0.1/24; };
-           notify-source 10.0.1.3;
-           transfer-source 10.0.1.3;
-           query-source address 10.0.1.3;
-      external:
-           match-clients { any; };
-           recursion no;   // don't offer recursion to the world
-           notify-source 10.0.1.4;
-           transfer-source 10.0.1.4;
-           query-source address 10.0.1.4;
-
-   You put the external address on the alias so that all the other dns
-   clients on these boxes see the internal view by default.
-
-A: BIND 9.3 and later: Use TSIG to select the appropriate view.
-
-   Master 10.0.1.1:
-           key "external" {
-                   algorithm hmac-sha256;
-                   secret "xxxxxxxxxxxxxxxxxxxxxxxx";
-           };
-           view "internal" {
-                   match-clients { !key external; // reject message ment for the
-                                                  // external view.
-                                   10.0.1/24; };  // accept from these addresses.
-                   ...
-           };
-           view "external" {
-                   match-clients { key external; any; };
-                   server 10.0.1.2 { keys external; };  // tag messages from the
-                                                        // external view to the
-                                                        // other servers for the
-                                                        // view.
-                   recursion no;
-                   ...
-           };
-
-   Slave 10.0.1.2:
-           key "external" {
-                   algorithm hmac-sha256;
-                   secret "xxxxxxxxxxxxxxxxxxxxxxxx";
-           };
-           view "internal" {
-                   match-clients { !key external; 10.0.1/24; };
-                   ...
-           };
-           view "external" {
-                   match-clients { key external; any; };
-                   server 10.0.1.1 { keys external; };
-                   recursion no;
-                   ...
-           };
-
-Q: I get error messages like "multiple RRs of singleton type" and "CNAME
-   and other data" when transferring a zone. What does this mean?
-
-A: These indicate a malformed master zone. You can identify the exact
-   records involved by transferring the zone using dig then running
-   named-checkzone on it.
-
-   dig axfr example.com @master-server > tmp
-   named-checkzone example.com tmp
-
-   A CNAME record cannot exist with the same name as another record except
-   for the DNSSEC records which prove its existence (NSEC).
-
-   RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other
-   data should be present; this ensures that the data for a canonical name
-   and its aliases cannot be different. This rule also insures that a
-   cached CNAME can be used without checking with an authoritative server
-   for other RR types."
-
-Q: I get error messages like "named.conf:99: unexpected end of input"
-   where 99 is the last line of named.conf.
-
-A: There are unbalanced quotes in named.conf.
-
-A: Some text editors (notepad and wordpad) fail to put a line title
-   indication (e.g. CR/LF) on the last line of a text file. This can be
-   fixed by "adding" a blank line to the end of the file. Named expects to
-   see EOF immediately after EOL and treats text files where this is not
-   met as truncated.
-
-Q: How do I share a dynamic zone between multiple views?
-
-A: You choose one view to be master and the second a slave and transfer
-   the zone between views.
-
-   Master 10.0.1.1:
-           key "external" {
-                   algorithm hmac-sha256;
-                   secret "xxxxxxxxxxxxxxxxxxxxxxxx";
-           };
-
-           key "mykey" {
-                   algorithm hmac-sha256;
-                   secret "yyyyyyyyyyyyyyyyyyyyyyyy";
-           };
-
-           view "internal" {
-                   match-clients { !key external; 10.0.1/24; };
-                   server 10.0.1.1 {
-                           /* Deliver notify messages to external view. */
-                           keys { external; };
-                   };
-                   zone "example.com" {
-                           type master;
-                           file "internal/example.db";
-                           allow-update { key mykey; };
-                           also-notify { 10.0.1.1; };
-                   };
-           };
-
-           view "external" {
-                   match-clients { key external; any; };
-                   zone "example.com" {
-                           type slave;
-                           file "external/example.db";
-                           masters { 10.0.1.1; };
-                           transfer-source 10.0.1.1;
-                           // allow-update-forwarding { any; };
-                           // allow-notify { ... };
-                   };
-           };
-
-Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading
-   master file primaries/wireless.ietf56.ietf.org: no owner".
-
-A: This error is produced when a line in the master file contains leading
-   white space (tab/space) but the is no current record owner name to
-   inherit the name from. Usually this is the result of putting white
-   space before a comment, forgetting the "@" for the SOA record, or
-   indenting the master file.
-
-Q: Why are my logs in GMT (UTC).
-
-A: You are running chrooted (-t) and have not supplied local timezone
-   information in the chroot area.
-
-   FreeBSD: /etc/localtime
-   Solaris: /etc/TIMEZONE and /usr/share/lib/zoneinfo
-   OSF: /etc/zoneinfo/localtime
-
-   See also tzset(3) and zic(8).
-
-Q: I get "rndc: connect failed: connection refused" when I try to run
-   rndc.
-
-A: This is usually a configuration error.
-
-   First ensure that named is running and no errors are being reported at
-   startup (/var/log/messages or equivalent). Running "named -g <usual
-   arguments>" from a title can help at this point.
-
-   Secondly ensure that named is configured to use rndc either by
-   "rndc-confgen -a", rndc-confgen or manually. The Administrators
-   Reference manual has details on how to do this.
-
-   Old versions of rndc-confgen used localhost rather than 127.0.0.1 in /
-   etc/rndc.conf for the default server. Update /etc/rndc.conf if
-   necessary so that the default server listed in /etc/rndc.conf matches
-   the addresses used in named.conf. "localhost" has two address
-   (127.0.0.1 and ::1).
-
-   If you use "rndc-confgen -a" and named is running with -t or -u ensure
-   that /etc/rndc.conf has the correct ownership and that a copy is in the
-   chroot area. You can do this by re-running "rndc-confgen -a" with
-   appropriate -t and -u arguments.
-
-Q: I get "transfer of 'example.net/IN' from 192.168.4.12#53: failed while
-   receiving responses: permission denied" error messages.
-
-A: These indicate a filesystem permission error preventing named creating
-   / renaming the temporary file. These will usually also have other
-   associated error messages like
-
-   "dumping master file: sl/tmp-XXXX5il3sQ: open: permission denied"
-
-   Named needs write permission on the directory containing the file.
-   Named writes the new cache file to a temporary file then renames it to
-   the name specified in named.conf to ensure that the contents are always
-   complete. This is to prevent named loading a partial zone in the event
-   of power failure or similar interrupting the write of the master file.
-
-   Note file names are relative to the directory specified in options and
-   any chroot directory ([<chroot dir>/][<options dir>]).
-
-   If named is invoked as "named -t /chroot/DNS" with the following
-   named.conf then "/chroot/DNS/var/named/sl" needs to be writable by the
-   user named is running as.
-
-   options {
-           directory "/var/named";
-   };
-
-   zone "example.net" {
-           type slave;
-           file "sl/example.net";
-           masters { 192.168.4.12; };
-   };
-
-Q: I want to forward all DNS queries from my caching nameserver to another
-   server. But there are some domains which have to be served locally, via
-   rbldnsd.
-
-   How do I achieve this ?
-
-A: options {
-           forward only;
-           forwarders { <ip.of.primary.nameserver>; };
-   };
-
-   zone "sbl-xbl.spamhaus.org" {
-           type forward; forward only;
-           forwarders { <ip.of.rbldns.server> port 530; };
-   };
-
-   zone "list.dsbl.org" {
-           type forward; forward only;
-           forwarders { <ip.of.rbldns.server> port 530; };
-   };
-
-
-Q: Can you help me understand how BIND 9 uses memory to store DNS zones?
-
-   Some times it seems to take several times the amount of memory it needs
-   to store the zone.
-
-A: When reloading a zone named my have multiple copies of the zone in
-   memory at one time. The zone it is serving and the one it is loading.
-   If reloads are ultra fast it can have more still.
-
-   e.g. Ones that are transferring out, the one that it is serving and the
-   one that is loading.
-
-   BIND 8 destroyed the zone before loading and also killed off outgoing
-   transfers of the zone.
-
-   The new strategy allows slaves to get copies of the new zone regardless
-   of how often the master is loaded compared to the transfer time. The
-   slave might skip some intermediate versions but the transfers will
-   complete and it will keep reasonably in sync with the master.
-
-   The new strategy also allows the master to recover from syntax and
-   other errors in the master file as it still has an in-core copy of the
-   old contents.
-
-Q: I want to use IPv6 locally but I don't have a external IPv6 connection.
-   External lookups are slow.
-
-A: You can use server clauses to stop named making external lookups over
-   IPv6.
-
-   server fd81:ec6c:bd62::/48 { bogus no; }; // site ULA prefix
-   server ::/0 { bogus yes; };
-
-3. Operations Questions
-
-Q: How to change the nameservers for a zone?
-
-A: Step 1: Ensure all nameservers, new and old, are serving the same zone
-   content.
-
-   Step 2: Work out the maximum TTL of the NS RRset in the parent and
-   child zones. This is the time it will take caches to be clear of a
-   particular version of the NS RRset. If you are just removing
-   nameservers you can skip to Step 6.
-
-   Step 3: Add new nameservers to the NS RRset for the zone and wait until
-   all the servers for the zone are answering with this new NS RRset.
-
-   Step 4: Inform the parent zone of the new NS RRset then wait for all
-   the parent servers to be answering with the new NS RRset.
-
-   Step 5: Wait for cache to be clear of the old NS RRset. See Step 2 for
-   how long. If you are just adding nameservers you are done.
-
-   Step 6: Remove any old nameservers from the zones NS RRset and wait for
-   all the servers for the zone to be serving the new NS RRset.
-
-   Step 7: Inform the parent zone of the new NS RRset then wait for all
-   the parent servers to be answering with the new NS RRset.
-
-   Step 8: Wait for cache to be clear of the old NS RRset. See Step 2 for
-   how long.
-
-   Step 9: Turn off the old nameservers or remove the zone entry from the
-   configuration of the old nameservers.
-
-   Step 10: Increment the serial number and wait for the change to be
-   visible in all nameservers for the zone. This ensures that zone
-   transfers are still working after the old servers are decommissioned.
-
-   Note: the above procedure is designed to be transparent to dns clients.
-   Decommissioning the old servers too early will result in some clients
-   not being able to look up answers in the zone.
-
-   Note: while it is possible to run the addition and removal stages
-   together it is not recommended.
-
-4. General Questions
-
-Q: I keep getting log messages like the following. Why?
-
-   Dec 4 23:47:59 client 10.0.0.1#1355: updating zone 'example.com/IN':
-   update failed: 'RRset exists (value dependent)' prerequisite not
-   satisfied (NXRRSET)
-
-A: DNS updates allow the update request to test to see if certain
-   conditions are met prior to proceeding with the update. The message
-   above is saying that conditions were not met and the update is not
-   proceeding. See doc/rfc/rfc2136.txt for more details on prerequisites.
-
-Q: I keep getting log messages like the following. Why?
-
-   Jun 21 12:00:00.000 client 10.0.0.1#1234: update denied
-
-A: Someone is trying to update your DNS data using the RFC2136 Dynamic
-   Update protocol. Windows 2000 machines have a habit of sending dynamic
-   update requests to DNS servers without being specifically configured to
-   do so. If the update requests are coming from a Windows 2000 machine,
-   see <http://support.microsoft.com/support/kb/articles/q246/8/04.asp>
-   for information about how to turn them off.
-
-Q: When I do a "dig . ns", many of the A records for the root servers are
-   missing. Why?
-
-A: This is normal and harmless. It is a somewhat confusing side effect of
-   the way BIND 9 does RFC2181 trust ranking and of the efforts BIND 9
-   makes to avoid promoting glue into answers.
-
-   When BIND 9 first starts up and primes its cache, it receives the root
-   server addresses as additional data in an authoritative response from a
-   root server, and these records are eligible for inclusion as additional
-   data in responses. Subsequently it receives a subset of the root server
-   addresses as additional data in a non-authoritative (referral) response
-   from a root server. This causes the addresses to now be considered
-   non-authoritative (glue) data, which is not eligible for inclusion in
-   responses.
-
-   The server does have a complete set of root server addresses cached at
-   all times, it just may not include all of them as additional data,
-   depending on whether they were last received as answers or as glue. You
-   can always look up the addresses with explicit queries like "dig
-   a.root-servers.net A".
-
-Q: Why don't my zones reload when I do an "rndc reload" or SIGHUP?
-
-A: A zone can be updated either by editing zone files and reloading the
-   server or by dynamic update, but not both. If you have enabled dynamic
-   update for a zone using the "allow-update" option, you are not supposed
-   to edit the zone file by hand, and the server will not attempt to
-   reload it.
-
-Q: Why is named listening on UDP port other than 53?
-
-A: Named uses a system selected port to make queries of other nameservers.
-   This behaviour can be overridden by using query-source to lock down the
-   port and/or address. See also notify-source and transfer-source.
-
-Q: I get warning messages like "zone example.com/IN: refresh: failure
-   trying master 1.2.3.4#53: timed out".
-
-A: Check that you can make UDP queries from the slave to the master
-
-   dig +norec example.com soa @1.2.3.4
-
-   You could be generating queries faster than the slave can cope with.
-   Lower the serial query rate.
-
-   serial-query-rate 5; // default 20
-
-Q: I don't get RRSIG's returned when I use "dig +dnssec".
-
-A: You need to ensure DNSSEC is enabled (dnssec-enable yes;).
-
-Q: Can a NS record refer to a CNAME.
-
-A: No. The rules for glue (copies of the *address* records in the parent
-   zones) and additional section processing do not allow it to work.
-
-   You would have to add both the CNAME and address records (A/AAAA) as
-   glue to the parent zone and have CNAMEs be followed when doing
-   additional section processing to make it work. No nameserver
-   implementation supports either of these requirements.
-
-Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA"
-   mean?
-
-A: If the IN-ADDR.ARPA name covered refers to a internal address space you
-   are using then you have failed to follow RFC 1918 usage rules and are
-   leaking queries to the Internet. You should establish your own zones
-   for these addresses to prevent you querying the Internet's name servers
-   for these addresses. Please see <http://as112.net/> for details of the
-   problems you are causing and the counter measures that have had to be
-   deployed.
-
-   If you are not using these private addresses then a client has queried
-   for them. You can just ignore the messages, get the offending client to
-   stop sending you these messages as they are most probably leaking them
-   or setup your own zones empty zones to serve answers to these queries.
-
-   zone "10.IN-ADDR.ARPA" {
-           type master;
-           file "empty";
-   };
-
-   zone "16.172.IN-ADDR.ARPA" {
-           type master;
-           file "empty";
-   };
-
-   ...
-
-   zone "31.172.IN-ADDR.ARPA" {
-           type master;
-           file "empty";
-   };
-
-   zone "168.192.IN-ADDR.ARPA" {
-           type master;
-           file "empty";
-   };
-
-   empty:
-   @ 10800 IN SOA <name-of-server>. <contact-email>. (
-                  1 3600 1200 604800 10800 )
-   @ 10800 IN NS <name-of-server>.
-
-   Note
-
-   Future versions of named are likely to do this automatically.
-
-Q: Will named be affected by the 2007 changes to daylight savings rules in
-   the US.
-
-A: No, so long as the machines internal clock (as reported by "date -u")
-   remains at UTC. The only visible change if you fail to upgrade your OS,
-   if you are in a affected area, will be that log messages will be a hour
-   out during the period where the old rules do not match the new rules.
-
-   For most OS's this change just means that you need to update the
-   conversion rules from UTC to local time. Normally this involves
-   updating a file in /etc (which sets the default timezone for the
-   machine) and possibly a directory which has all the conversion rules
-   for the world (e.g. /usr/share/zoneinfo). When updating the OS do not
-   forget to update any chroot areas as well. See your OS's documentation
-   for more details.
-
-   The local timezone conversion rules can also be done on a individual
-   basis by setting the TZ environment variable appropriately. See your
-   OS's documentation for more details.
-
-Q: Is there a bugzilla (or other tool) database that mere mortals can have
-   (read-only) access to for bind?
-
-A: No. The BIND 9 bug database is kept closed for a number of reasons.
-   These include, but are not limited to, that the database contains
-   proprietory information from people reporting bugs. The database has in
-   the past and may in future contain unfixed bugs which are capable of
-   bringing down most of the Internet's DNS infrastructure.
-
-   The release pages for each version contain up to date lists of bugs
-   that have been fixed post release. That is as close as we can get to
-   providing a bug database.
-
-Q: Why do queries for NSEC3 records fail to return the NSEC3 record?
-
-A: NSEC3 records are strictly meta data and can only be returned in the
-   authority section. This is done so that signing the zone using NSEC3
-   records does not bring names into existence that do not exist in the
-   unsigned version of the zone.
-
-5. Operating-System Specific Questions
-
-5.1. HPUX
-
-Q: I get the following error trying to configure BIND:
-
-   checking if unistd.h or sys/types.h defines fd_set... no
-   configure: error: need either working unistd.h or sys/select.h
-
-A: You have attempted to configure BIND with the bundled C compiler. This
-   compiler does not meet the minimum compiler requirements to for
-   building BIND. You need to install a ANSI C compiler and / or teach
-   configure how to find the ANSI C compiler. The later can be done by
-   adjusting the PATH environment variable and / or specifying the
-   compiler via CC.
-
-   ./configure CC=<compiler> ...
-
-5.2. Linux
-
-Q: Why do I get the following errors:
-
-   general: errno2result.c:109: unexpected error:
-   general: unable to convert errno to isc_result: 14: Bad address
-   client: UDP client handler shutting down due to fatal receive error: unexpected error
-
-A: This is the result of a Linux kernel bug.
-
-   See: <http://marc.theaimsgroup.com/?l=linux-netdev&m=113081708031466&w=
-   2>
-
-Q: Why does named lock up when it attempts to connect over IPSEC tunnels?
-
-A: This is due to a kernel bug where the fact that a socket is marked
-   non-blocking is ignored. It is reported that setting xfrm_larval_drop
-   to 1 helps but this may have negative side effects. See: <https://
-   bugzilla.redhat.com/show_bug.cgi?id=427629> and <http://lkml.org/lkml/
-   2007/12/4/260>.
-
-   xfrm_larval_drop can be set to 1 by the following procedure:
-
-   echo "1" > proc/sys/net/core/xfrm_larval_drop
-
-Q: Why do I see 5 (or more) copies of named on Linux?
-
-A: Linux threads each show up as a process under ps. The approximate
-   number of threads running is n+4, where n is the number of CPUs. Note
-   that the amount of memory used is not cumulative; if each process is
-   using 10M of memory, only a total of 10M is used.
-
-   Newer versions of Linux's ps command hide the individual threads and
-   require -L to display them.
-
-Q: Why does BIND 9 log "permission denied" errors accessing its
-   configuration files or zones on my Linux system even though it is
-   running as root?
-
-A: On Linux, BIND 9 drops most of its root privileges on startup. This
-   including the privilege to open files owned by other users. Therefore,
-   if the server is running as root, the configuration files and zone
-   files should also be owned by root.
-
-Q: I get the error message "named: capset failed: Operation not permitted"
-   when starting named.
-
-A: The capability module, part of "Linux Security Modules/LSM", has not
-   been loaded into the kernel. See insmod(8), modprobe(8).
-
-   The relevant modules can be loaded by running:
-
-   modprobe commoncap
-   modprobe capability
-
-Q: I'm running BIND on Red Hat Enterprise Linux or Fedora Core -
-
-   Why can't named update slave zone database files?
-
-   Why can't named create DDNS journal files or update the master zones
-   from journals?
-
-   Why can't named create custom log files?
-
-A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
-
-   Red Hat have adopted the National Security Agency's SELinux security
-   policy (see <http://www.nsa.gov/selinux>) and recommendations for BIND
-   security , which are more secure than running named in a chroot and
-   make use of the bind-chroot environment unnecessary .
-
-   By default, named is not allowed by the SELinux policy to write, create
-   or delete any files EXCEPT in these directories:
-
-   $ROOTDIR/var/named/slaves
-   $ROOTDIR/var/named/data
-   $ROOTDIR/var/tmp
-
-
-   where $ROOTDIR may be set in /etc/sysconfig/named if bind-chroot is
-   installed.
-
-   The SELinux policy particularly does NOT allow named to modify the
-   $ROOTDIR/var/named directory, the default location for master zone
-   database files.
-
-   SELinux policy overrules file access permissions - so even if all the
-   files under /var/named have ownership named:named and mode rw-rw-r--,
-   named will still not be able to write or create files except in the
-   directories above, with SELinux in Enforcing mode.
-
-   So, to allow named to update slave or DDNS zone files, it is best to
-   locate them in $ROOTDIR/var/named/slaves, with named.conf zone
-   statements such as:
-
-   zone "slave.zone." IN {
-           type slave;
-           file "slaves/slave.zone.db";
-           ...
-   };
-   zone "ddns.zone." IN  {
-           type master;
-           allow-updates {...};
-           file "slaves/ddns.zone.db";
-   };
-
-
-   To allow named to create its cache dump and statistics files, for
-   example, you could use named.conf options statements such as:
-
-   options {
-           ...
-           dump-file "/var/named/data/cache_dump.db";
-           statistics-file "/var/named/data/named_stats.txt";
-           ...
-   };
-
-
-   You can also tell SELinux to allow named to update any zone database
-   files, by setting the SELinux tunable boolean parameter
-   'named_write_master_zones=1', using the system-config-securitylevel
-   GUI, using the 'setsebool' command, or in /etc/selinux/targeted/
-   booleans.
-
-   You can disable SELinux protection for named entirely by setting the
-   'named_disable_trans=1' SELinux tunable boolean parameter.
-
-   The SELinux named policy defines these SELinux contexts for named:
-
-   named_zone_t : for zone database files       - $ROOTDIR/var/named/*
-   named_conf_t : for named configuration files - $ROOTDIR/etc/{named,rndc}.*
-   named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,data}}
-
-
-   If you want to retain use of the SELinux policy for named, and put
-   named files in different locations, you can do so by changing the
-   context of the custom file locations .
-
-   To create a custom configuration file location, e.g. '/root/
-   named.conf', to use with the 'named -c' option, do:
-
-   # chcon system_u:object_r:named_conf_t /root/named.conf
-
-
-   To create a custom modifiable named data location, e.g. '/var/log/
-   named' for a log file, do:
-
-   # chcon system_u:object_r:named_cache_t /var/log/named
-
-
-   To create a custom zone file location, e.g. /root/zones/, do:
-
-   # chcon system_u:object_r:named_zone_t /root/zones/{.,*}
-
-
-   See these man-pages for more information : selinux(8), named_selinux
-   (8), chcon(1), setsebool(8)
-
-Q: I'm running BIND on Ubuntu -
-
-   Why can't named update slave zone database files?
-
-   Why can't named create DDNS journal files or update the master zones
-   from journals?
-
-   Why can't named create custom log files?
-
-A: Ubuntu uses AppArmor <http://en.wikipedia.org/wiki/AppArmor> in
-   addition to normal file system permissions to protect the system.
-
-   Adjust the paths to use those specified in /etc/apparmor.d/
-   usr.sbin.named or adjust /etc/apparmor.d/usr.sbin.named to allow named
-   to write at the location specified in named.conf.
-
-Q: Listening on individual IPv6 interfaces does not work.
-
-A: This is usually due to "/proc/net/if_inet6" not being available in the
-   chroot file system. Mount another instance of "proc" in the chroot file
-   system.
-
-   This can be be made permanent by adding a second instance to /etc/
-   fstab.
-
-   proc /proc           proc defaults 0 0
-   proc /var/named/proc proc defaults 0 0
-
-5.3. Windows
-
-Q: Zone transfers from my BIND 9 master to my Windows 2000 slave fail.
-   Why?
-
-A: This may be caused by a bug in the Windows 2000 DNS server where DNS
-   messages larger than 16K are not handled properly. This can be worked
-   around by setting the option "transfer-format one-answer;". Also check
-   whether your zone contains domain names with embedded spaces or other
-   special characters, like "John\032Doe\213s\032Computer", since such
-   names have been known to cause Windows 2000 slaves to incorrectly
-   reject the zone.
-
-Q: I get "Error 1067" when starting named under Windows.
-
-A: This is the service manager saying that named exited. You need to
-   examine the Application log in the EventViewer to find out why.
-
-   Common causes are that you failed to create "named.conf" (usually "C:\
-   windows\dns\etc\named.conf") or failed to specify the directory in
-   named.conf.
-
-   options {
-           Directory "C:\windows\dns\etc";
-   };
-
-5.4. FreeBSD
-
-Q: I have FreeBSD 4.x and "rndc-confgen -a" just sits there.
-
-A: /dev/random is not configured. Use rndcontrol(8) to tell the kernel to
-   use certain interrupts as a source of random events. You can make this
-   permanent by setting rand_irqs in /etc/rc.conf.
-
-   rand_irqs="3 14 15"
-
-   See also <http://people.freebsd.org/~dougb/randomness.html>.
-
-5.5. Solaris
-
-Q: How do I integrate BIND 9 and Solaris SMF
-
-A: Sun has a blog entry describing how to do this.
-
-   <http://blogs.sun.com/roller/page/anay/Weblog?catname=%2FSolaris>
-
-5.6. Apple Mac OS X
-
-Q: How do I run BIND 9 on Apple Mac OS X?
-
-A: If you run Tiger(Mac OS 10.4) or later then this is all you need to do:
-
-   % sudo rndc-confgen  > /etc/rndc.conf
-
-   Copy the key statement from /etc/rndc.conf into /etc/rndc.key, e.g.:
-
-   key "rndc-key" {
-           algorithm hmac-sha256;
-           secret "uvceheVuqf17ZwIcTydddw==";
-   };
-
-   Then start the relevant service:
-
-   % sudo service org.isc.named start
-
-   This is persistent upon a reboot, so you will have to do it only once.
-
-A: Alternatively you can just generate /etc/rndc.key by running:
-
-   % sudo rndc-confgen -a
-
-   Then start the relevant service:
-
-   % sudo service org.isc.named start
-
-   Named will look for /etc/rndc.key when it starts if it doesn't have a
-   controls section or the existing controls are missing keys sub-clauses.
-   This is persistent upon a reboot, so you will have to do it only once.
-

KNOWN-DEFECTS

@@ -1,15 +0,0 @@
-dnssec-signzone was designed so that it could sign a zone partially, using
-only a subset of the DNSSEC keys needed to produce a fully-signed zone.
-This permits a zone administrator, for example, to sign a zone with one
-key on one machine, move the resulting partially-signed zone to a second
-machine, and sign it again with a second key.
-
-An unfortunate side-effect of this flexibility is that dnssec-signzone
-does not check to make sure it's signing a zone with any valid keys at
-all.  An attempt to sign a zone without any keys will appear to succeed,
-producing a "signed" zone with no signatures.  There is no warning issued
-when a zone is not signed.
-
-This will be corrected in a future release.  In the meantime, ISC
-recommends examining the output of dnssec-signzone to confirm that
-the zone is properly signed by all keys before using it.

Makefile.in

@@ -1,19 +1,19 @@
-# Copyright (C) 2004-2009, 2011-2014  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 1998-2002  Internet Software Consortium.
-#
-# Permission to use, copy, modify, and/or distribute this software for any
+# Copyright (C) 1998-2000  Internet Software Consortium.
+# 
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+# SOFTWARE.
 
-# $Id$
+# $Id: Makefile.in,v 1.21.2.6 2000/07/27 01:48:49 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,76 +21,49 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-SUBDIRS =	make unit lib bin doc
+SUBDIRS =	make lib bin
 TARGETS =
-
-MANPAGES =	isc-config.sh.1
- 
-HTMLPAGES =	isc-config.sh.html
- 
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
+DISTFILES =	CHANGES COPYRIGHT Makefile.in README \
+		acconfig.h aclocal.m4 config.guess config.h.in config.h.win32 \
+		config.status.win32 config.sub configure configure.in \
+		isc-config.sh.in install-sh libtool.m4 ltconfig ltmain.sh \
+		lib make contrib \
+		version
+DOCDISTFILES =	arm draft misc rfc
+DOCMANDISTFILES = bin dnssec
+BINDISTFILES =	Makefile.in dig dnssec named nsupdate rndc tests
 
 @BIND9_MAKE_RULES@
 
 distclean::
 	rm -f config.cache config.h config.log config.status TAGS
-	rm -f libtool isc-config.sh configure.lineno
-	rm -f util/conf.sh docutil/docbook2man-wrapper.sh
+	rm -f libtool isc-config.sh
+	rm -f util/conf.sh
 
-# XXX we should clean libtool stuff too.  Only do this after we add rules
-# to make it.
-maintainer-clean::
-	rm -f configure
+cleandir: distclean
 
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
+install:: isc-config.sh
+	${INSTALL_PROGRAM} isc-config.sh ${DESTDIR}${bindir}
 
-doc man:: ${MANOBJS}
+kit: kitclean
+	mkdir bind-${VERSION}
+	@(cd bind-${VERSION}; for i in ${DISTFILES}; do ln -s ../$$i $$i; done)
+	mkdir bind-${VERSION}/doc
+	@(cd bind-${VERSION}/doc; for i in ${DOCDISTFILES}; do \
+		ln -s ../../doc/$$i $$i; done)
+	mkdir bind-${VERSION}/doc/man
+	@(cd bind-${VERSION}/doc/man; for i in ${DOCMANDISTFILES}; do \
+		ln -s ../../../doc/man/$$i $$i; done)
+	mkdir bind-${VERSION}/bin
+	@(cd bind-${VERSION}/bin; for i in ${BINDISTFILES}; do \
+		ln -s ../../bin/$$i $$i; done)
+	gtar -c -v -z -h --exclude '*CVS*' -f bind-${VERSION}.tar.gz \
+		bind-${VERSION}
+	rm -rf bind-${VERSION}
 
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \
-	${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
-
-install:: isc-config.sh installdirs
-	${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}
-	rm -f ${DESTDIR}${bindir}/bind9-config
-	@LN@ ${DESTDIR}${bindir}/isc-config.sh ${DESTDIR}${bindir}/bind9-config
-	${INSTALL_DATA} ${srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1
-	rm -f ${DESTDIR}${mandir}/man1/bind9-config.1
-	@LN@ ${DESTDIR}${mandir}/man1/isc-config.sh.1 ${DESTDIR}${mandir}/man1/bind9-config.1
+kitclean: distclean
+	rm -rf bind-${VERSION}
 
 tags:
 	rm -f TAGS
 	find lib bin -name "*.[ch]" -print | @ETAGS@ -
-
-test check:
-	@if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>&- || echo fail`"; then \
-	echo I: NOTE: The tests were not run because they require that; \
-	echo I:	the IP addresses 10.53.0.1 through 10.53.0.8 are configured; \
-	echo I:	as alias addresses on the loopback interface.  Please run; \
-	echo I:	\'bin/tests/system/ifconfig.sh up\' as root to configure; \
-	echo I:	them, then rerun the tests. Run make force-test to run the; \
-	echo I:	tests anyway.; \
-	exit 1; \
-	fi
-	${MAKE} test-force
-
-force-test: test-force
-
-test-force:
-	status=0; \
-	(cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \
-	(test -f unit/unittest.sh && $(SHELL) unit/unittest.sh) || status=1; \
-	exit $$status
-
-FAQ: FAQ.xml
-	${XSLTPROC} doc/xsl/isc-docbook-text.xsl FAQ.xml | \
-	LC_ALL=C ${W3M} -T text/html -dump -cols 72 >$@.tmp
-	mv $@.tmp $@
-
-unit::
-	sh ${top_srcdir}/unit/unittest.sh
-
-clean::
-	rm -f FAQ.tmp

NSEC3-NOTES

@@ -1,128 +0,0 @@
-
-			DNSSEC and UPDATE
-
-		Converting from insecure to secure
-
-As of BIND 9.6.0 it is possible to move a zone between being insecure
-to secure and back again.  A secure zone can be using NSEC or NSEC3.
-
-To move a zone from insecure to secure you need to configure named
-so that it can see the K* files which contain the public and private
-parts of the keys that will be used to sign the zone.  These files
-will have been generated by dnssec-keygen.  You can do this by
-placing them in the key-directory as specified in named.conf.
-
-	zone example.net {
-		type master;
-		allow-update { .... };
-		file "dynamic/example.net/example.net";
-		key-directory "dynamic/example.net";
-	};
-
-Assuming one KSK and one ZSK DNSKEY key have been generated.  Then
-this will cause the zone to be signed with the ZSK and the DNSKEY
-RRset to be signed with the KSK DNSKEY.  A NSEC chain will also be
-generated as part of the initial signing process.
-
-	% nsupdate
-	> ttl 3600
-	> update add example.net DNSKEY 256 3 7 AwEAAZn17pUF0KpbPA2c7Gz76Vb18v0teKT3EyAGfBfL8eQ8al35zz3Y I1m/SAQBxIqMfLtIwqWPdgthsu36azGQAX8=
-	> update add example.net DNSKEY 257 3 7 AwEAAd/7odU/64o2LGsifbLtQmtO8dFDtTAZXSX2+X3e/UNlq9IHq3Y0 XtC0Iuawl/qkaKVxXe2lo8Ct+dM6UehyCqk=
-	> send
-
-While the update request will complete almost immediately the zone
-will not be completely signed until named has had time to walk the
-zone and generate the NSEC and RRSIG records.  Initially the NSEC
-record at the zone apex will have the OPT bit set.  When the NSEC
-chain is complete the OPT bit will be cleared.  Additionally when
-the zone is fully signed the private type (default TYPE65534) records
-will have a non zero value for the final octet. 
-
-The private type record has 5 octets.
-	algorithm (octet 1)
-	key id in network order (octet 2 and 3)
-	removal flag (octet 4)
-	complete flag (octet 5)
-
-If you wish to go straight to a secure zone using NSEC3 you should
-also add a NSEC3PARAM record to the update request with the flags
-field set to indicate whether the NSEC3 chain will have the OPTOUT
-bit set or not.
-
-	% nsupdate
-	> ttl 3600
-	> update add example.net DNSKEY 256 3 7 AwEAAZn17pUF0KpbPA2c7Gz76Vb18v0teKT3EyAGfBfL8eQ8al35zz3Y I1m/SAQBxIqMfLtIwqWPdgthsu36azGQAX8=
-	> update add example.net DNSKEY 257 3 7 AwEAAd/7odU/64o2LGsifbLtQmtO8dFDtTAZXSX2+X3e/UNlq9IHq3Y0 XtC0Iuawl/qkaKVxXe2lo8Ct+dM6UehyCqk=
-	> update add example.net NSEC3PARAM 1 1 100 1234567890
-	> send
-
-Again the update request will complete almost immediately however the
-NSEC3PARAM record will have additional flag bits set indicating that the
-NSEC3 chain is under construction.  When the NSEC3 chain is complete the
-flags field will be set to zero. 
-
-While the initial signing and NSEC/NSEC3 chain generation is happening
-other updates are possible.
-
-		DNSKEY roll overs via UPDATE
-
-It is possible to perform key rollovers via update.  You need to
-add the K* files for the new keys so that named can find them.  You
-can then add the new DNSKEY RRs via update.  Named will then cause
-the zone to be signed with the new keys.  When the signing is
-complete the private type records will be updated so that the last
-octet is non zero.
-
-If this is for a KSK you need to inform the parent and any trust
-anchor repositories of the new KSK.
-
-You should then wait for the maximum TLL in the zone before removing the
-old DNSKEY.  If it is a KSK that is being updated you also need to wait
-for the DS RRset in the parent to be updated and its TTL to expire.
-This ensures that all clients will be able to verify at least a signature
-when you remove the old DNSKEY.
-
-The old DNSKEY can be removed via UPDATE.  Take care to specify
-the correct key.  Named will clean out any signatures generated by
-the old key after the update completes.
-
-		NSEC3PARAM rollovers via UPDATE.
-
-Add the new NSEC3PARAM record via update.  When the new NSEC3 chain
-has been generated the NSEC3PARAM flag field will be zero.  At this
-point you can remove the old NSEC3PARAM record.  The old chain will
-be removed after the update request completes.
-
-		Converting from NSEC to NSEC3
-
-To do this you just need to add a NSEC3PARAM record.  When the
-conversion is complete the NSEC chain will have been removed and
-the NSEC3PARAM record will have a zero flag field.  The NSEC3 chain
-will be generated before the NSEC chain is destroyed.
-
-		Converting from NSEC3 to NSEC
-
-To do this remove all NSEC3PARAM records with a zero flag field.  The
-NSEC chain will be generated before the NSEC3 chain is removed.
-
-		Converting from secure to insecure
-
-To do this remove all the DNSKEY records.  Any NSEC or NSEC3 chains
-will be removed as well as associated NSEC3PARAM records.  This will
-take place after the update requests completes.
-
-		Periodic re-signing.
-
-Named will periodically re-sign RRsets which have not been re-signed
-as a result of some update action.  The signature lifetimes will
-be adjusted so as to spread the re-sign load over time rather than
-all at once.
-
-		NSEC3 and OPTOUT
-
-Named only supports creating new NSEC3 chains where all the NSEC3
-records in the zone have the same OPTOUT state.  Named supports
-UPDATES to zones where the NSEC3 records in the chain have mixed
-OPTOUT state.  Named does not support changing the OPTOUT state of
-an individual NSEC3 record, the entire chain needs to be changed if
-the OPTOUT state of an individual NSEC3 needs to be changed.

README

@@ -1,428 +1,105 @@
+
 BIND 9
 
 	BIND version 9 is a major rewrite of nearly all aspects of the
-	underlying BIND architecture.  Some of the important features of
-	BIND 9 are:
+	underlying BIND architecture. This re-architecting of BIND was
+	necessitated by the expected demands of:
 
-		- DNS Security
-			DNSSEC (signed zones)
-			TSIG (signed DNS requests)
+		- Domain name system growth, particularly in very large
+		  zones such as .COM
+		- Protocol enhancements necessary to securely query and
+		  update zones
+		- Protocol enhancements necessary to take advantage of
+		  certain architectural features of IP version 6
 
-		- IP version 6
-			Answers DNS queries on IPv6 sockets
-			IPv6 resource records (AAAA)
-			Experimental IPv6 Resolver Library
+	These demands implied performance requirements that were not
+	necessarily easy to attain with the BIND version 8
+	architecture.  In particular, BIND must not only be able to
+	run on multi-processor multi-threaded systems, but must take
+	full advantage of the performance enhancements these
+	architectures can provide. In addition, the underlying data
+	storage architecture of BIND version 8 does not lend itself to
+	implementing alternative back end databases, such as would be
+	desirable for the support of multi-gigabyte zones. As such
+	zones are easily foreseeable in the relatively near future,
+	the data storage architecture needed revision. The feature
+	requirements for BIND version 9 included:
 
-		- DNS Protocol Enhancements
-			IXFR, DDNS, Notify, EDNS0
-			Improved standards conformance
+		- Scalability
+			Thread safety
+		        Multi-processor scalability
+		        Support for very large zones
 
-		- Views
-			One server process can provide multiple "views" of
-			the DNS namespace, e.g. an "inside" view to certain
-			clients, and an "outside" view to others.
+		- Security
+		        Support for DNSSEC
+		        Support for TSIG
+		        Auditability (code and operation)
+		        Firewall support (split DNS)
 
-		- Multiprocessor Support
+		- Portability
 
-		- Improved Portability Architecture
+		- Maintainability
 
+		- Protocol Enhancements
+		        IXFR, DDNS, Notify, EDNS0
+		        Improved standards conformance
+
+		- Operational enhancements
+		        High availability and reliability
+		        Support for alternative back end databases
+
+		- IP version 6 support
+		        IPv6 resource records (A6, DNAME, etc.)
+		        Bitstring labels
+		        APIs
 
 	BIND version 9 development has been underwritten by the following
 	organizations:
 
-		Sun Microsystems, Inc.
-		Hewlett Packard
-		Compaq Computer Corporation
-		IBM
-		Process Software Corporation
-		Silicon Graphics, Inc.
-		Network Associates, Inc.
-		U.S. Defense Information Systems Agency
+	        Sun Microsystems, Inc.
+	        Hewlett Packard
+	        Compaq Computer Corporation
+	        IBM
+	        Process Software Corporation
+	        Silicon Graphics, Inc.
+	        Network Associates, Inc.
+	        U.S. Defense Information Systems Agency
 		USENIX Association
 		Stichting NLnet - NLnet Foundation
-		Nominum, Inc.
 
-	For a detailed list of user-visible changes from
-	previous releases, see the CHANGES file.
 
-	For up-to-date release notes and errata, see
-	http://www.isc.org/software/bind9/releasenotes
+BIND 9.0.0rc2
 
-BIND 9.6-ESV-R11 (Extended Support Version)
- 
-	BIND 9.6-ESV-R11 is a maintenance release, fixing bugs in
-	BIND 9.6-ESV-R10, and patches the security flaws described
-	in CVE-2013-6320 and CVE-2014-0591. It also includes the
-	following functional enhancement:
+	BIND 9.0.0rc2 is a release candidate for the upcoming
+	9.0.0 release.  The only changes expected between
+	rc2 and the final release are bug fixes and documentation
+	updates.
 
-	 - "named" now preserves the capitalization of names when
-	    responding to queries.
+	The 9.0.0 release, and this release candidate, is aimed at
+	early adopters and those who wish to make use of new 9.0
+	features, such as IPv6 and DNSSEC secure resolution support.
 
-BIND 9.6-ESV-R10 (Extended Support Version)
+	We are running 9.0.0rc2 in production, and it has been
+	used as a root name server.
 
-	BIND 9.6-ESV-R10 is a maintenance release, fixing bugs in BIND
-	9.6-ESV-R9, and also patches the security flaw described in
-	CVE-2013-3919.
+	The distribution includes a new lightweight resolver library
+	and associated resolver daemon.  These should still be considered
+	experimental.
 
-BIND 9.6-ESV-R9 (Extended Support Version)
+	The server-side support for DNSSEC secured zones is stable and
+	complete with the exception of the handling of wildcard records.
+	The support for secure resolution is still to be considered
+	experimental.
 
-	BIND 9.6-ESV-R9 is a maintenance release, fixing bugs in BIND
-	9.6-ESV-R8.
-
-BIND 9.6-ESV-R8 (Extended Support Version)
-
-	BIND 9.6-ESV-R8 includes several bug fixes and patches security
-	flaws described in CVE-2012-1667, CVE-2012-3817 and CVE-2012-4244.
-
-BIND 9.6-ESV-R7 (Extended Support Version)
-
-	BIND 9.6-ESV-R7 is a maintenance release, fixing bugs in BIND
-	9.6-ESV-R6.
-
-BIND 9.6-ESV-R6 (Extended Support Version)
-
-	BIND 9.6-ESV-R6 includes a number of bug fixes and prevents a
-	security problem described in CVE-2011-4313
-
-BIND 9.6-ESV-R5 (Extended Support Version)
-
-	BIND 9.6-ESV-R5 is a maintenance release, fixing bugs in BIND
-	9.6-ESV-R4.
-
-BIND 9.6.3/BIND 9.6-ESV-R4
-
-	BIND 9.6.3/BIND 9.6-ESV-R4 is a maintenance release, fixing bugs
-	in 9.6.2.
-
-BIND 9.6.2
-
-	BIND 9.6.2 is a maintenance release, fixing bugs in 9.6.1.
-	It also introduces support for the SHA-2 DNSSEC algorithms,
-	RSASHA256 and RSASHA512.
-
-	Known issues in this release:
-
-	- A validating resolver that has been incorrectly configured with
-	  an invalid trust anchor will be unable to resolve names covered
-	  by that trust anchor.  In all current versions of BIND 9, such a
-	  resolver will also generate significant unnecessary DNS traffic
-	  while trying to validate.  The latter problem will be addressed
-	  in future BIND 9 releases.  In the meantime, to avoid these
-	  problems, exercise caution when configuring "trusted-keys":
-	  make sure all keys are correct and current when you add them,
-	  and update your configuration in a timely manner when keys
-	  roll over.
-
-BIND 9.6.1
-
-	BIND 9.6.1 is a maintenance release, fixing bugs in 9.6.0.
-
-BIND 9.6.0
-
-	BIND 9.6.0 includes a number of changes from BIND 9.5 and earlier
-	releases, including:
-
-	Full NSEC3 support
-
-	Automatic zone re-signing
-
-	New update-policy methods tcp-self and 6to4-self
-
-	The BIND 8 resolver library, libbind, has been removed from the
-	BIND 9 distribution and is now available as a separate download.
-
-	Change the default pid file location from /var/run to
-	/var/run/{named,lwresd} for improved chroot/setuid support.
-
-BIND 9.5.0
-
-	BIND 9.5.0 has a number of new features over 9.4,
-	including:
-
-	GSS-TSIG support (RFC 3645).
-
-	DHCID support.
-
-	Experimental http server and statistics support for named via xml.
-
-	More detailed statistics counters including those supported in BIND 8.
-
-	Faster ACL processing.
-
-	Use Doxygen to generate internal documentation.
-
-	Efficient LRU cache-cleaning mechanism.
-
-	NSID support.
-
-BIND 9.4.0
-
-	BIND 9.4.0 has a number of new features over 9.3,
-	including:
-
-	Implemented "additional section caching (or acache)", an
-	internal cache framework for additional section content to
-	improve response performance.  Several configuration options
-	were provided to control the behavior.
-
-	New notify type 'master-only'.  Enable notify for master
-	zones only.
-
-	Accept 'notify-source' style syntax for query-source.
-
-	rndc now allows addresses to be set in the server clauses.
-
-	New option "allow-query-cache".  This lets "allow-query"
-	be used to specify the default zone access level rather
-	than having to have every zone override the global value.
-	"allow-query-cache" can be set at both the options and view
-	levels.  If "allow-query-cache" is not set then "allow-recursion"
-	is used if set, otherwise "allow-query" is used if set
-	unless "recursion no;" is set in which case "none;" is used,
-	otherwise the default (localhost; localnets;) is used.
-
-	rndc: the source address can now be specified.
-
-	ixfr-from-differences now takes master and slave in addition
-	to yes and no at the options and view levels.
-
-	Allow the journal's name to be changed via named.conf.
-
-	'rndc notify zone [class [view]]' resend the NOTIFY messages
-	for the specified zone.
-
-	'dig +trace' now randomly selects the next servers to try.
-	Report if there is a bad delegation.
-
-	Improve check-names error messages.
-
-	Make public the function to read a key file, dst_key_read_public().
-
-	dig now returns the byte count for axfr/ixfr.
-			
-	allow-update is now settable at the options / view level.
-
-	named-checkconf now checks the logging configuration.
-
-	host now can turn on memory debugging flags with '-m'.
-
-	Don't send notify messages to self.
-
-	Perform sanity checks on NS records which refer to 'in zone' names.
-
-	New zone option "notify-delay".  Specify a minimum delay
-	between sets of NOTIFY messages.
-
-	Extend adjusting TTL warning messages.
-
-	Named and named-checkzone can now both check for non-terminal
-	wildcard records.
-
-	"rndc freeze/thaw" now freezes/thaws all zones.
-
-	named-checkconf now check acls to verify that they only
-	refer to existing acls.
-
-	The server syntax has been extended to support a range of
-	servers.
-
-	Report differences between hints and real NS rrset and
-	associated address records.
-
-	Preserve the case of domain names in rdata during zone
-	transfers.
-
-	Restructured the data locking framework using architecture
-	dependent atomic operations (when available), improving
-	response performance on multi-processor machines significantly.
-	x86, x86_64, alpha, powerpc, and mips are currently supported.
-
-	UNIX domain controls are now supported.
-
-	Add support for additional zone file formats for improving
-	loading performance.  The masterfile-format option in
-	named.conf can be used to specify a non-default format.  A
-	separate command named-compilezone was provided to generate
-	zone files in the new format.  Additionally, the -I and -O
-	options for dnssec-signzone specify the input and output
-	formats.
-
-	dnssec-signzone can now randomize signature end times
-	(dnssec-signzone -j jitter).
-
-	Add support for CH A record.
-
-	Add additional zone data constancy checks.  named-checkzone
-	has extended checking of NS, MX and SRV record and the hosts
-	they reference.  named has extended post zone load checks.
-	New zone options: check-mx and integrity-check.
-
-
-	edns-udp-size can now be overridden on a per server basis.
-
-	dig can now specify the EDNS version when making a query.
-
-	Added framework for handling multiple EDNS versions.
-
-	Additional memory debugging support to track size and mctx
-	arguments.
-
-	Detect duplicates of UDP queries we are recursing on and
-	drop them.  New stats category "duplicates".
-
-	"USE INTERNAL MALLOC" is now runtime selectable.
-
-	The lame cache is now done on a <qname,qclass,qtype> basis
-	as some servers only appear to be lame for certain query
-	types.
-
-	Limit the number of recursive clients that can be waiting
-	for a single query (<qname,qtype,qclass>) to resolve.  New
-	options clients-per-query and max-clients-per-query.
-
-	dig: report the number of extra bytes still left in the
-	packet after processing all the records.
-
-	Support for IPSECKEY rdata type.
-
-	Raise the UDP recieve buffer size to 32k if it is less than 32k.
-
-	x86 and x86_64 now have seperate atomic locking implementations.
-
-	named-checkconf now validates update-policy entries.
-
-	Attempt to make the amount of work performed in a iteration
-	self tuning.  The covers nodes clean from the cache per
-	iteration, nodes written to disk when rewriting a master
-	file and nodes destroyed per iteration when destroying a
-	zone or a cache.
-
-	ISC string copy API.
-
-	Automatic empty zone creation for D.F.IP6.ARPA and friends.
-	Note: RFC 1918 zones are not yet covered by this but are
-	likely to be in a future release.
-
-	New options: empty-server, empty-contact, empty-zones-enable
-	and disable-empty-zone.
-
-	dig now has a '-q queryname' and '+showsearch' options.
-
-	host/nslookup now continue (default)/fail on SERVFAIL.
-
-	dig now warns if 'RA' is not set in the answer when 'RD'
-	was set in the query.  host/nslookup skip servers that fail
-	to set 'RA' when 'RD' is set unless a server is explicitly
-	set.
-
-	Integrate contibuted DLZ code into named.
-
-	Integrate contibuted IDN code from JPNIC.
-
-	libbind: corresponds to that from BIND 8.4.7.
-
-BIND 9.3.0
-
-	BIND 9.3.0 has a number of new features over 9.2,
-	including:
-
-	DNSSEC is now DS based (RFC 3658).
-	See also RFC 3845, doc/draft/draft-ietf-dnsext-dnssec-*.
-
-	DNSSEC lookaside validation.
-
-	check-names is now implemented.
-	rrset-order in more complete.
-
-	IPv4/IPv6 transition support, dual-stack-servers.
-
-	IXFR deltas can now be generated when loading master files,
-	ixfr-from-differences.
-
-	It is now possible to specify the size of a journal, max-journal-size.
-
-	It is now possible to define a named set of master servers to be
-	used in masters clause, masters.
-
-	The advertised EDNS UDP size can now be set, edns-udp-size.
-
-	allow-v6-synthesis has been obsoleted.
-
-	NOTE:
-	* Zones containing MD and MF will now be rejected.
-	* dig, nslookup name. now report "Not Implemented" as
-	  NOTIMP rather than NOTIMPL.  This will have impact on scripts
-	  that are looking for NOTIMPL.
-
-	libbind: corresponds to that from BIND 8.4.5.
-
-BIND 9.2.0
-
-	BIND 9.2.0 has a number of new features over 9.1,
-	including:
-
-	  - The size of the cache can now be limited using the
-	    "max-cache-size" option.
-
-	  - The server can now automatically convert RFC1886-style
-	    recursive lookup requests into RFC2874-style lookups, 
-	    when enabled using the new option "allow-v6-synthesis".
-	    This allows stub resolvers that support AAAA records
-	    but not A6 record chains or binary labels to perform
-	    lookups in domains that make use of these IPv6 DNS
-	    features.
-
-	  - Performance has been improved.
-
-	  - The man pages now use the more portable "man" macros
-	    rather than the "mandoc" macros, and are installed
-	    by "make install".
-
-	  - The named.conf parser has been completely rewritten.
-	    It now supports "include" directives in more
-	    places such as inside "view" statements, and it no
-	    longer has any reserved words.
-
-	  - The "rndc status" command is now implemented.
-
-	  - rndc can now be configured automatically.
-
-	  - A BIND 8 compatible stub resolver library is now
-	    included in lib/bind.
-
-	  - OpenSSL has been removed from the distribution.  This
-	    means that to use DNSSEC, OpenSSL must be installed and
-	    the --with-openssl option must be supplied to configure.
-	    This does not apply to the use of TSIG, which does not
-	    require OpenSSL.
-
-	  - The source distribution now builds on Windows.
-	    See win32utils/readme1.txt and win32utils/win32-build.txt
-	    for details.
-
-	This distribution also includes a new lightweight stub
-	resolver library and associated resolver daemon that fully
-	support forward and reverse lookups of both IPv4 and IPv6
-	addresses.  This library is considered experimental and
-	is not a complete replacement for the BIND 8 resolver library.
-	Applications that use the BIND 8 res_* functions to perform
-	DNS lookups or dynamic updates still need to be linked against
-	the BIND 8 libraries.  For DNS lookups, they can also use the
-	new "getrrsetbyname()" API.
-
-	BIND 9.2 is capable of acting as an authoritative server
-	for DNSSEC secured zones.  This functionality is believed to
-	be stable and complete except for lacking support for
-	verifications involving wildcard records in secure zones.
-
-	When acting as a caching server, BIND 9.2 can be configured
-	to perform DNSSEC secure resolution on behalf of its clients.
-	This part of the DNSSEC implementation is still considered
-	experimental.  For detailed information about the state of the
-	DNSSEC implementation, see the file doc/misc/dnssec.
+	Several bugs found in rc1 have been fixed.  For a detailed 
+        list of user-visible changes, see the CHANGES file.
 
 	There are a few known bugs:
 
+		The option "query-source * port 53;" will not work as
+		expected.  Instead of the wildcard address "*", you need 
+		to use an explicit source IP address.
+
 		On some systems, IPv6 and IPv4 sockets interact in
 		unexpected ways.  For details, see doc/misc/ipv6.
 		To reduce the impact of these problems, the server
@@ -431,213 +108,86 @@ BIND 9.2.0
 		IPv6, you must specify "listen-on-v6 { any; };"
 		in the named.conf options statement.
 
-		FreeBSD prior to 4.2 (and 4.2 if running as non-root)
-		and OpenBSD prior to 2.8 log messages like
-		"fcntl(8, F_SETFL, 4): Inappropriate ioctl for device".
-		This is due to a bug in "/dev/random" and impacts the
-		server's DNSSEC support.
+		There are known problems with thread signal handling 
+		under Solaris 2.6.
 
-		OS X 10.1.4 (Darwin 5.4), OS X 10.1.5 (Darwin 5.5) and
-		OS X 10.2 (Darwin 6.0) reports errors like
-		"fcntl(3, F_SETFL, 4): Operation not supported by device".
-		This is due to a bug in "/dev/random" and impacts the
-		server's DNSSEC support.
+		The "isc_timer_reset" test sometimes fails on HP-UX 11
+		for unknown reasons, but the server itself seems to
+		run fine.
 
-		--with-libtool does not work on AIX.
-
-	A bug in some versions of the Microsoft DNS server can cause zone
-	transfers from a BIND 9 server to a W2K server to fail.  For details,
-	see the "Zone Transfers" section in doc/misc/migration.
+	If you are upgrading from BIND 8, please read the migration
+	notes in doc/misc/migration.
 
 
 Building
 
 	BIND 9 currently requires a UNIX system with an ANSI C compiler,
-	basic POSIX support, and a 64 bit integer type.
+	basic POSIX support, and a good pthreads implementation.
 
 	We've had successful builds and tests on the following systems:
 
-		COMPAQ Tru64 UNIX 5.1B
-		Fedora Core 6
-		FreeBSD 4.10, 5.2.1, 6.2
-		HP-UX 11.11
-		Mac OS X 10.5
-		NetBSD 3.x and 4.0-beta
-		OpenBSD 3.3 and up
-		Solaris 8, 9, 9 (x86), 10
-		Ubuntu 7.04, 7.10
-		Windows XP/2003/2008
+		AIX 4.3
+		COMPAQ Tru64 UNIX 4.0D
+                COMPAQ Tru64 UNIX 5 (with IPv6 EAK)
+		FreeBSD 3.4-STABLE
+		HP-UX 11
+		IRIX64 6.5
+		NetBSD-current (with unproven-pthreads-0.17)
+		Red Hat Linux 6.0, 6.1, 6.2
+		Solaris 2.6, 7, 8 (beta)
 
-	NOTE:  As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
-	Windows, including Windows NT and Windows 2000, are no longer
-	supported.
+	We have received reports of success from users of the
+	following additional platforms:
 
-	We have recent reports from the user community that a supported
-	version of BIND will build and run on the following systems:
-
-		AIX 4.3, 5L
-		CentOS 4, 4.5, 5
-		Darwin 9.0.0d1/ARM
-		Debian 4
-		Fedora Core 5, 7
-		FreeBSD 6.1
-		HP-UX 11.23 PA
-		MacOS X 10.4, 10.5
-		Red Hat Enterprise Linux 4, 5
-		SCO OpenServer 5.0.6
-		Slackware 9, 10
-		SuSE 9, 10
+		Solaris 2.8
 
 	To build, just
 
 		./configure
 		make
 
-	Do not use a parallel "make".
+        Several environment variables that can be set before running
+        configure will affect compilation:
 
-	Several environment variables that can be set before running
-	configure will affect compilation:
+            CC
+                The C compiler to use.  configure tries to figure
+                out the right one for supported systems.
 
-	    CC
-		The C compiler to use.	configure tries to figure
-		out the right one for supported systems.
+            CFLAGS
+                C compiler flags.  Defaults to include -g and/or -O2
+                as supported by the compiler.
 
-	    CFLAGS
-		C compiler flags.  Defaults to include -g and/or -O2
-		as supported by the compiler.  
+            STD_CINCLUDES
+                System header file directories.  Can be used to specify
+                where add-on thread or IPv6 support is, for example.
+                Defaults to empty string.
 
-	    STD_CINCLUDES
-		System header file directories.	 Can be used to specify
-		where add-on thread or IPv6 support is, for example.
-		Defaults to empty string.
+            STD_CDEFINES
+                Any additional preprocessor symbols you want defined.
+                Defaults to empty string.
 
-	    STD_CDEFINES
-		Any additional preprocessor symbols you want defined.
-		Defaults to empty string.
-
-		Possible settings:
-		Change the default syslog facility of named/lwresd.
-		  -DISC_FACILITY=LOG_LOCAL0	
-		Enable DNSSEC signature chasing support in dig.
-		  -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
-				    -DDIG_SIGCHASE_BU=1)
-		Disable dropping queries from particular well known ports.
-		  -DNS_CLIENT_DROPPORT=0
-		Sibling glue checking in named-checkzone is enabled by default.
-		To disable the default check set.  -DCHECK_SIBLING=0
-		named-checkzone checks out-of-zone addresses by default.
-		To disable this default set.  -DCHECK_LOCAL=0
-		To create the default pid files in ${localstatedir}/run rather
-		than ${localstatedir}/run/{named,lwresd}/ set.
-		  -DNS_RUN_PID_DIR=0
-		Enable workaround for Solaris kernel bug about /dev/poll
-		  -DISC_SOCKET_USE_POLLWATCH=1
-		  The watch timeout is also configurable, e.g.,
-		  -DISC_SOCKET_POLLWATCH_TIMEOUT=20
-
-	    LDFLAGS
-		Linker flags. Defaults to empty string.
-
-	The following need to be set when cross compiling.
-
-	    BUILD_CC
-		The native C compiler.
-	    BUILD_CFLAGS (optional)
-	    BUILD_CPPFLAGS (optional)
-		Possible Settings:
-		-DNEED_OPTARG=1		(optarg is not declared in <unistd.h>)
-	    BUILD_LDFLAGS (optional)
-	    BUILD_LIBS (optional)
-
-	To build shared libraries, specify "--with-libtool" on the
+        To build shared libraries, specify "--with-libtool" on the
 	configure command line.
 
-	For the server to support DNSSEC, you need to build it
-	with crypto support.  You must have OpenSSL 0.9.5a
-	or newer installed and specify "--with-openssl" on the
-	configure command line.  If OpenSSL is installed under
-	a nonstandard prefix, you can tell configure where to
-	look for it using "--with-openssl=/prefix".
-
-	On some platforms it is necessary to explictly request large
-	file support to handle files bigger than 2GB.  This can be
-	done by "--enable-largefile" on the configure command line.
-
-	On some platforms, BIND 9 can be built with multithreading
-	support, allowing it to take advantage of multiple CPUs.
-	You can specify whether to build a multithreaded BIND 9 
-	by specifying "--enable-threads" or "--disable-threads"
-	on the configure command line.  The default is operating
-	system dependent.
-
-	Support for the "fixed" rrset-order option can be enabled
-	or disabled by specifying "--enable-fixed-rrset" or
-	"--disable-fixed-rrset" on the configure command line.
-	The default is "disabled", to reduce memory footprint.
-
 	If your operating system has integrated support for IPv6, it
 	will be used automatically.  If you have installed KAME IPv6
 	separately, use "--with-kame[=PATH]" to specify its location.
+	
+        To see additional configure options, run "configure --help".
 
 	"make install" will install "named" and the various BIND 9 libraries.
 	By default, installation is into /usr/local, but this can be changed
 	with the "--prefix" option when running "configure".
 
-	You may specify the option "--sysconfdir" to set the directory 
-	where configuration files like "named.conf" go by default,
-	and "--localstatedir" to set the default parent directory
-	of "run/named.pid".   For backwards compatibility with BIND 8,
-	--sysconfdir defaults to "/etc" and --localstatedir defaults to
-	"/var" if no --prefix option is given.  If there is a --prefix
-	option, sysconfdir defaults to "$prefix/etc" and localstatedir
-	defaults to "$prefix/var".
-
-	To see additional configure options, run "configure --help".
-	Note that the help message does not reflect the BIND 8 
-	compatibility defaults for sysconfdir and localstatedir.
-
 	If you're planning on making changes to the BIND 9 source, you
 	should also "make depend".  If you're using Emacs, you might find
 	"make tags" helpful.
 
-	If you need to re-run configure please run "make distclean" first.
-	This will ensure that all the option changes take.
-
 	Building with gcc is not supported, unless gcc is the vendor's usual
 	compiler (e.g. the various BSD systems, Linux).
-	
-	Known compiler issues:
-	* gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
-	* gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
-	* gcc-3.3.5 powerpc generates incorrect code at -02.
-	* Irix, MipsPRO 7.4.1m is known to cause problems.
 
-	A limited test suite can be run with "make test".  Many of
-	the tests require you to configure a set of virtual IP addresses
-	on your system, and some require Perl; see bin/tests/system/README
-	for details.
-
-	SunOS 4 requires "printf" to be installed to make the shared
-	libraries.  sh-utils-1.16 provides a "printf" which compiles
-	on SunOS 4.
-
-Documentation
-
-	The BIND 9 Administrator Reference Manual is included with the
-	source distribution in DocBook XML and HTML format, in the
-	doc/arm directory.
-
-	Some of the programs in the BIND 9 distribution have man pages
-	in their directories.  In particular, the command line
-	options of "named" are documented in /bin/named/named.8.
-	There is now also a set of man pages for the lwres library.
-
-	If you are upgrading from BIND 8, please read the migration
-	notes in doc/misc/migration.  If you are upgrading from
-	BIND 4, read doc/misc/migration-4to9.
-
-	Frequently asked questions and their answers can be found in
-	FAQ.
+	Parts of the library can be tested by running "make test" from the
+	bin/tests subdirectory.
 
 
 Bug Reports and Mailing Lists
@@ -646,18 +196,56 @@ Bug Reports and Mailing Lists
 
 		bind9-bugs@isc.org
 
-	To join the BIND Users mailing list, send mail to
+	To join the BIND 9 Users mailing list, send mail to
 
-		bind-users-request@isc.org
-
-	archives of which can be found via
-
-		http://www.isc.org/ops/lists/
+		bind9-users-request@isc.org
 
 	If you're planning on making changes to the BIND 9 source
-	code, you might want to join the BIND Workers mailing list.
+	code, you might want to join the BIND 9 Workers mailing list.
 	Send mail to
 
-		bind-workers-request@isc.org
+		bind9-workers-request@isc.org
 
 
+"named" command line options
+
+	-c <config_file>
+
+	-d <debug_level>
+
+	-f				Run in the foreground.
+
+	-g				Run in the foreground and log
+					to stderr, ignoring any "logging"
+					statement in in the config file.
+
+	-n <number_of_cpus>		
+
+	-t <directory>			Chroot to <directory> before running.
+
+	-u <username>			Run as user <username> after binding
+					to privileged ports.
+
+	Use of the "-t" option while still running as "root" doesn't
+	enhance security on most systems.  The way chroot() is defined
+	allows a process with root privileges to escape the chroot jail.
+
+	The "-u" option is not currently useful on Linux kernels older
+	than 2.3.99-pre3.  Linux threads are actually processes sharing a
+	common address space.  An unfortunate side effect of this is that
+	some system calls, e.g. setuid() that in a typical pthreads
+	environment would affect all threads only affect the calling
+	thread/process on Linux.  The good news is that BIND 9 uses the
+	Linux kernel's capability mechanism to drop all root powers except
+	the ability to bind() to a privileged port.  2.3.99-pre3 and later
+	kernels allow a process to say that its capabilities should be
+	retained after setuid().  If BIND 9 is compiled with 2.3.99-pre3 or
+	later kernel .h files, the "-u" option will cause the server to
+	run with the specified user id, but it will retain the capability
+	to bind() to privileged ports.
+
+	On systems with more than one CPU, the "-n" option should be used
+	to indicate how many CPUs there are.  If the "-n" option is not
+	provided, named will attempt to determine the number of available
+	CPUs and use all of them.
+

README.idnkit

@@ -1,112 +0,0 @@
-
-			BIND-9 IDN patch
-
-	       Japan Network Information Center (JPNIC)
-
-
-* What is this patch for?
-
-This patch adds internationalized domain name (IDN) support to BIND-9.
-You'll get internationalized version of dig/host/nslookup commands.
-
-    + internationalized dig/host/nslookup
-	dig/host/nslookup accepts non-ASCII domain names in the local
-	codeset (such as Shift JIS, Big5 or ISO8859-1) determined by
-	the locale information.  The domain names are normalized and
-	converted to the encoding on the DNS protocol, and sent to DNS
-	servers.  The replies are converted back to the local codeset
-	and displayed.
-
-
-* Compilation & installation
-
-0. Prerequisite
-
-You have to build and install idnkit before building this patched version
-of bind-9.
-
-1. Running configure script
-
-Run `configure' in the top directory.  See `README' for the
-configuration options.
-
-This patch adds the following 4 options to `configure'.  You should
-at least specify `--with-idn' option to enable IDN support.
-
-    --with-idn[=IDN_PREFIX]
-	To enable IDN support, you have to specify `--with-idn' option.
-	The argument IDN_PREFIX is the install prefix of idnkit.  If
-	IDN_PREFIX is omitted, PREFIX (derived from `--prefix=PREFIX')
-	is assumed.
-
-    --with-libiconv[=LIBICONV_PREFIX]
-	Specify this option if idnkit you have installed links GNU
-	libiconv.  The argument LIBICONV_PREFIX is install prefix of
-	GNU libiconv.  If the argument is omitted, PREFIX (derived
-	from `--prefix=PREFIX') is assumed.
-
-	`--with-libiconv' is shorthand option for GNU libiconv.
-
-	    --with-libiconv=/usr/local
-
-	This is equivalent to:
-
-	    --with-iconv='-L/usr/local/lib -R/usr/local/lib -liconv'
-
-	`--with-libiconv' assumes that your C compiler has `-R'
-	option, and that the option adds the specified run-time path
-	to an executable binary.  If `-R' option of your compiler has
-	different meaning, or your compiler lacks the option, you
-	should use `--with-iconv' option instead.  Binary command
-	without run-time path information might be unexecutable.
-	In that case, you would see an error message like:
-
-	    error in loading shared libraries: libiconv.so.2: cannot
-	    open shared object file
-
-	If both `--with-libiconv' and `--with-iconv' options are
-	specified, `--with-iconv' is prior to `--with-libiconv'.
-
-    --with-iconv=ICONV_LIBSPEC
-	If your libc doesn't provide iconv(), you need to specify the
-	library containing iconv() with this option.  `ICONV_LIBSPEC'
-	is the argument(s) to `cc' or `ld' to link the library, for
-	example, `--with-iconv="-L/usr/local/lib -liconv"'.
-	You don't need to specify the header file directory for "iconv.h"
-	to the compiler, as it isn't included directly by bind-9 with
-	this patch.
-
-    --with-idnlib=IDN_LIBSPEC
-	With this option, you can explicitly specify the argument(s)
-	to `cc' or `ld' to link the idnkit's library, `libidnkit'.  If
-	this option is not specified, `-L${PREFIX}/lib -lidnkit' is
-	assumed, where ${PREFIX} is the installation prefix specified
-	with `--with-idn' option above.  You may need to use this
-	option to specify extra arguments, for example,
-	`--with-idnlib="-L/usr/local/lib -R/usr/local/lib -lidnkit"'.
-
-Please consult `README' for other configuration options.
-
-Note that if you want to specify some extra header file directories,
-you should use the environment variable STD_CINCLUDES instead of
-CFLAGS, as described in README.
-
-2. Compilation and installation
-
-After running "configure", just do
-
-	make
-	make install
-
-for compiling and installing.
-
-
-* Contact information
-
-Please see http//www.nic.ad.jp/en/idn/ for the latest news
-about idnkit and this patch.
-
-Bug reports and comments on this kit should be sent to
-mdnkit-bugs@nic.ad.jp and idn-cmt@nic.ad.jp, respectively.
-
-; $Id$

README.pkcs11

@@ -1,61 +0,0 @@
-
-			BIND-9 PKCS#11 support
-
-Prerequisite
-
-The PKCS#11 support needs a PKCS#11 OpenSSL engine based on the Solaris one,
-released the 2007-11-21 for OpenSSL 0.9.8g, with a bug fix (call to free)
-and some improvements, including user friendly PIN management.
-
-Compilation
-
-"configure --with-pkcs11 ..."
-
-PKCS#11 Libraries
-
-Tested with Solaris one with a SCA board and with openCryptoki with the
-software token.
-
-OpenSSL Engines
-
-With PKCS#11 support the PKCS#11 engine is statically loaded but at its
-initialization it dynamically loads the PKCS#11 objects.
-Even the pre commands are therefore unused they are defined with:
- SO_PATH:
-   define: PKCS11_SO_PATH
-   default: /usr/local/lib/engines/engine_pkcs11.so
- MODULE_PATH:
-   define: PKCS11_MODULE_PATH
-   default: /usr/lib/libpkcs11.so
-Without PKCS#11 support, a specific OpenSSL engine can be still used
-by defining ENGINE_ID at compile time.
-
-PKCS#11 tools
-
-The contrib/pkcs11-keygen directory contains a set of experimental tools
-to handle keys stored in a Hardware Security Module at the benefit of BIND.
-
-The patch for OpenSSL 0.9.8g is in this directory. Read its README.pkcs11
-for the way to use it (these are the original notes so with the original
-path, etc. Define OPENCRYPTOKI to use it with openCryptoki.)
-
-PIN management
-
-With the just fixed PKCS#11 OpenSSL engine, the PIN should be entered
-each time it is required. With the improved engine, the PIN should be
-entered the first time it is required or can be configured in the
-OpenSSL configuration file (aka. openssl.cnf) by adding in it:
- - at the beginning:
-	openssl_conf = openssl_def
- - at any place these sections:
-	[ openssl_def ]
-	engines = engine_section
-	[ engine_section ]
-	pkcs11 = pkcs11_section
-	[ pkcs11_section ]
-	PIN = put__your__pin__value__here
-
-Note
-
-Some names here are registered trademarks, at least Solaris is a trademark
-of Sun Microsystems Inc...

TODO

@@ -0,0 +1,18 @@
+
+1.	Rdataset/Rdatalist Union
+2.	ev_ prefix for ISC_EVENT_COMMON
+3.	Finish mempool conversion of message.c
+4.	Improve buffer & region APIs (inline?)
+5.	isc/util.h publish or perish
+6.	magic number listing
+7.	Eliminate dns_result_t and old DNS_R_ codes
+8.	Check base 64 code; does it have the problems that
+	the BIND 8 code does?
+9.	Authority is optional if we have answers?
+10.	AD bit setting.
+11.	KEY duplication (answer + additional) in any query
+12.	Fix rdata META flag to be set for TSIG, TKEY, OPT
+13.	Intergrate (replace?) old per zone SOA timers with zomemgr
+14.	RWlock for zonemgr zone list
+15.	CHAOS A's
+16.	implement "doc" checks out of zonemgr.

acconfig.h

@@ -1,23 +1,21 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2009, 2012  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id$ */
-
-/*! \file */
+/* $Id: acconfig.h,v 1.23 2000/06/22 21:48:56 tale Exp $ */
 
 /***
  *** This file is not to be included by any public header files, because
@@ -25,91 +23,76 @@
  ***/
 @TOP@
 
-/** define on DEC OSF to enable 4.4BSD style sa_len support */
+/* define on DEC OSF to enable 4.4BSD style sa_len support */
 #undef _SOCKADDR_LEN
 
-/** define if your system needs pthread_init() before using pthreads */
+/* define if your system needs pthread_init() before using pthreads */
 #undef NEED_PTHREAD_INIT
 
-/** define if your system has sigwait() */
+/* define if your system has sigwait() */
 #undef HAVE_SIGWAIT
 
-/** define if sigwait() is the UnixWare flavor */
+/* define if sigwait() is the UnixWare flavor */
 #undef HAVE_UNIXWARE_SIGWAIT
 
-/** define on Solaris to get sigwait() to work using pthreads semantics */
+/* define on Solaris to get sigwait() to work using pthreads semantics */
 #undef _POSIX_PTHREAD_SEMANTICS
 
-/** define if LinuxThreads is in use */
+/* define if LinuxThreads is in use */
 #undef HAVE_LINUXTHREADS
 
-/** define if sysconf() is available */
+/* define if sysconf() is available */
 #undef HAVE_SYSCONF
 
-/** define if sysctlbyname() is available */
-#undef HAVE_SYSCTLBYNAME
-
-/** define if catgets() is available */
+/* define if catgets() is available */
 #undef HAVE_CATGETS
 
-/** define if getifaddrs() exists */
-#undef HAVE_GETIFADDRS
-
-/** define if you have the NET_RT_IFLIST sysctl variable and sys/sysctl.h */
+/* define if you have the NET_RT_IFLIST sysctl variable. */
 #undef HAVE_IFLIST_SYSCTL
 
-/** define if tzset() is available */
-#undef HAVE_TZSET
+/* define if you need to #define _XPG4_2 before including sys/socket.h */
+#undef NEED_XPG4_2_BEFORE_SOCKET_H
 
-/** define if struct addrinfo exists */
+/* define if you need to #define _XOPEN_SOURCE_ENTENDED before including
+ * sys/socket.h
+ */
+#undef NEED_XSE_BEFORE_SOCKET_H
+
+/* define if chroot() is available */
+#undef HAVE_CHROOT
+
+/* define if struct addrinfo exists */
 #undef HAVE_ADDRINFO
 
-/** define if getaddrinfo() exists */
+/* define is getaddrinfo() exists */
 #undef HAVE_GETADDRINFO
 
-/** define if gai_strerror() exists */
-#undef HAVE_GAISTRERROR
-
-/** define if arc4random() exists */
-#undef HAVE_ARC4RANDOM
-
-/**
- * define if pthread_setconcurrency() should be called to tell the
+/* define if pthread_setconcurrency() should be called to tell the
  * OS how many threads we might want to run.
  */
 #undef CALL_PTHREAD_SETCONCURRENCY
 
-/** define if IPv6 is not disabled */
-#undef WANT_IPV6
-
-/** define if flockfile() is available */
-#undef HAVE_FLOCKFILE
-
-/** define if getc_unlocked() is available */
-#undef HAVE_GETCUNLOCKED
-
-/** Shut up warnings about sputaux in stdio.h on BSD/OS pre-4.1 */
+/* Shut up warnings about sputaux in stdio.h on BSD/OS pre-4.1 */
 #undef SHUTUP_SPUTAUX
 #ifdef SHUTUP_SPUTAUX
 struct __sFILE;
 extern __inline int __sputaux(int _c, struct __sFILE *_p);
 #endif
 
-/** Shut up warnings about missing sigwait prototype on BSD/OS 4.0* */
+/* Shut up warnings about missing sigwait prototype on BSD/OS 4.0* */
 #undef SHUTUP_SIGWAIT
 #ifdef SHUTUP_SIGWAIT
 int sigwait(const unsigned int *set, int *sig);
 #endif
 
-/** Shut up warnings from gcc -Wcast-qual on BSD/OS 4.1. */
+/* Shut up warnings from gcc -Wcast-qual on BSD/OS 4.1. */
 #undef SHUTUP_STDARG_CAST
 #if defined(SHUTUP_STDARG_CAST) && defined(__GNUC__)
-#include <stdarg.h>		/** Grr.  Must be included *every time*. */
-/**
+#include <stdarg.h>		/* Grr.  Must be included *every time*. */
+/*
  * The silly continuation line is to keep configure from
  * commenting out the #undef.
  */
-
 #undef \
 	va_start
 #define	va_start(ap, last) \
@@ -118,28 +101,4 @@ int sigwait(const unsigned int *set, int *sig);
 		_u.konst = &(last); \
 		ap = (va_list)(_u.var + __va_words(__typeof(last))); \
 	} while (0)
-#endif /** SHUTUP_STDARG_CAST && __GNUC__ */
-
-/** define if the system has a random number generating device */
-#undef PATH_RANDOMDEV
-
-/** define if pthread_attr_getstacksize() is available */
-#undef HAVE_PTHREAD_ATTR_GETSTACKSIZE
-
-/** define if pthread_attr_setstacksize() is available */
-#undef HAVE_PTHREAD_ATTR_SETSTACKSIZE
-
-/** define if you have strerror in the C library. */
-#undef HAVE_STRERROR
-
-/** Define if you are running under Compaq TruCluster. */
-#undef HAVE_TRUCLUSTER
-
-/* Define if OpenSSL includes DSA support */
-#undef HAVE_OPENSSL_DSA
-
-/* Define to the length type used by the socket API (socklen_t, size_t, int). */
-#undef ISC_SOCKADDR_LEN_T
-
-/* Define if threads need PTHREAD_SCOPE_SYSTEM */
-#undef NEED_PTHREAD_SCOPE_SYSTEM
+#endif /* SHUTUP_STDARG_CAST && __GNUC__ */

aclocal.m4

@@ -1,5 +1,2 @@
-sinclude(libtool.m4/libtool.m4)dnl
-sinclude(libtool.m4/ltoptions.m4)dnl
-sinclude(libtool.m4/ltsugar.m4)dnl
-sinclude(libtool.m4/ltversion.m4)dnl
-sinclude(libtool.m4/lt~obsolete.m4)dnl
+sinclude(./libtool.m4)dnl
+

bin/.cvsignore

@@ -0,0 +1 @@
+Makefile

bin/Makefile.in

@@ -1,25 +1,25 @@
-# Copyright (C) 2004, 2007, 2012  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 1998-2001  Internet Software Consortium.
-#
-# Permission to use, copy, modify, and/or distribute this software for any
+# Copyright (C) 1998-2000  Internet Software Consortium.
+# 
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+# SOFTWARE.
 
-# $Id$
+# $Id: Makefile.in,v 1.15.2.2 2000/06/29 00:05:25 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
-SUBDIRS =	named rndc dig dnssec tests nsupdate check
+SUBDIRS =	named rndc dig dnssec tests nsupdate
 TARGETS =
 
 @BIND9_MAKE_RULES@

bin/check/.gitignore

@@ -1,3 +0,0 @@
-.libs
-named-checkconf
-named-checkzone

bin/check/Makefile.in

@@ -1,98 +0,0 @@
-# Copyright (C) 2004-2007, 2012  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2000-2003  Internet Software Consortium.
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-
-# $Id$
-
-srcdir =	@srcdir@
-VPATH =		@srcdir@
-top_srcdir =	@top_srcdir@
-
-@BIND9_VERSION@
-
-@BIND9_MAKE_INCLUDES@
-
-CINCLUDES =	${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
-		${ISC_INCLUDES}
-
-CDEFINES = 	-DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
-CWARNINGS =
-
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@
-BIND9LIBS =	../../lib/bind9/libbind9.@A@
-
-DNSDEPLIBS =	../../lib/dns/libdns.@A@
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCDEPLIBS =	../../lib/isc/libisc.@A@
-BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
-
-LIBS =		@LIBS@
-
-SUBDIRS =
-
-# Alphabetically
-TARGETS =	named-checkconf@EXEEXT@ named-checkzone@EXEEXT@
-
-# Alphabetically
-SRCS =		named-checkconf.c named-checkzone.c check-tool.c
-
-MANPAGES =	named-checkconf.8 named-checkzone.8
-
-HTMLPAGES =	named-checkconf.html named-checkzone.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
-
-@BIND9_MAKE_RULES@
-
-named-checkconf.@O@: named-checkconf.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-		-DVERSION=\"${VERSION}\" \
-		-c ${srcdir}/named-checkconf.c
-
-named-checkzone.@O@: named-checkzone.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-		-DVERSION=\"${VERSION}\" \
-		-c ${srcdir}/named-checkzone.c
-
-named-checkconf@EXEEXT@: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
-		${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	named-checkconf.@O@ check-tool.@O@ ${BIND9LIBS} ${ISCCFGLIBS} \
-	${DNSLIBS} ${ISCLIBS} ${LIBS}
-
-named-checkzone@EXEEXT@: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	named-checkzone.@O@ check-tool.@O@ ${ISCCFGLIBS} ${DNSLIBS} \
-	${ISCLIBS} ${LIBS}
-
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
-
-install:: named-checkconf@EXEEXT@ named-checkzone@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkconf@EXEEXT@ ${DESTDIR}${sbindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkzone@EXEEXT@ ${DESTDIR}${sbindir}
-	(cd ${DESTDIR}${sbindir}; rm -f named-compilezone@EXEEXT@; ${LINK_PROGRAM} named-checkzone@EXEEXT@ named-compilezone@EXEEXT@)
-	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
-	(cd ${DESTDIR}${mandir}/man8; rm -f named-compilezone.8; ${LINK_PROGRAM} named-checkzone.8 named-compilezone.8)
-
-clean distclean::
-	rm -f ${TARGETS} r1.htm

bin/check/check-tool.c

@@ -1,697 +0,0 @@
-/*
- * Copyright (C) 2004-2010, 2012  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000-2002  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id$ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdio.h>
-
-#ifdef _WIN32
-#include <Winsock2.h>
-#endif
-
-#include "check-tool.h"
-#include <isc/buffer.h>
-#include <isc/log.h>
-#include <isc/mem.h>
-#include <isc/netdb.h>
-#include <isc/net.h>
-#include <isc/region.h>
-#include <isc/stdio.h>
-#include <isc/string.h>
-#include <isc/symtab.h>
-#include <isc/types.h>
-#include <isc/util.h>
-
-#include <dns/fixedname.h>
-#include <dns/log.h>
-#include <dns/name.h>
-#include <dns/rdata.h>
-#include <dns/rdataclass.h>
-#include <dns/rdataset.h>
-#include <dns/types.h>
-#include <dns/zone.h>
-
-#include <isccfg/log.h>
-
-#ifndef CHECK_SIBLING
-#define CHECK_SIBLING 1
-#endif
-
-#ifndef CHECK_LOCAL
-#define CHECK_LOCAL 1
-#endif
-
-#ifdef HAVE_ADDRINFO
-#ifdef HAVE_GETADDRINFO
-#ifdef HAVE_GAISTRERROR
-#define USE_GETADDRINFO
-#endif
-#endif
-#endif
-
-#define CHECK(r) \
-	do { \
-		result = (r); \
-		if (result != ISC_R_SUCCESS) \
-			goto cleanup; \
-	} while (0)
-
-#define ERR_IS_CNAME 1
-#define ERR_NO_ADDRESSES 2
-#define ERR_LOOKUP_FAILURE 3
-#define ERR_EXTRA_A 4
-#define ERR_EXTRA_AAAA 5
-#define ERR_MISSING_GLUE 5
-#define ERR_IS_MXCNAME 6
-#define ERR_IS_SRVCNAME 7
-
-static const char *dbtype[] = { "rbt" };
-
-int debug = 0;
-isc_boolean_t nomerge = ISC_TRUE;
-#if CHECK_LOCAL
-isc_boolean_t docheckmx = ISC_TRUE;
-isc_boolean_t dochecksrv = ISC_TRUE;
-isc_boolean_t docheckns = ISC_TRUE;
-#else
-isc_boolean_t docheckmx = ISC_FALSE;
-isc_boolean_t dochecksrv = ISC_FALSE;
-isc_boolean_t docheckns = ISC_FALSE;
-#endif
-unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
-			    DNS_ZONEOPT_CHECKMX |
-			    DNS_ZONEOPT_MANYERRORS |
-			    DNS_ZONEOPT_CHECKNAMES |
-			    DNS_ZONEOPT_CHECKINTEGRITY |
-#if CHECK_SIBLING
-			    DNS_ZONEOPT_CHECKSIBLING |
-#endif
-			    DNS_ZONEOPT_CHECKWILDCARD |
-			    DNS_ZONEOPT_WARNMXCNAME |
-			    DNS_ZONEOPT_WARNSRVCNAME;
-
-/*
- * This needs to match the list in bin/named/log.c.
- */
-static isc_logcategory_t categories[] = {
-	{ "",		     0 },
-	{ "client",	     0 },
-	{ "network",	     0 },
-	{ "update",	     0 },
-	{ "queries",	     0 },
-	{ "unmatched", 	     0 },
-	{ "update-security", 0 },
-	{ "query-errors",    0 },
-	{ NULL,		     0 }
-};
-
-static isc_symtab_t *symtab = NULL;
-static isc_mem_t *sym_mctx;
-
-static void
-freekey(char *key, unsigned int type, isc_symvalue_t value, void *userarg) {
-	UNUSED(type);
-	UNUSED(value);
-	isc_mem_free(userarg, key);
-}
-
-static void
-add(char *key, int value) {
-	isc_result_t result;
-	isc_symvalue_t symvalue;
-
-	if (sym_mctx == NULL) {
-		result = isc_mem_create(0, 0, &sym_mctx);
-		if (result != ISC_R_SUCCESS)
-			return;
-	}
-
-	if (symtab == NULL) {
-		result = isc_symtab_create(sym_mctx, 100, freekey, sym_mctx,
-					   ISC_FALSE, &symtab);
-		if (result != ISC_R_SUCCESS)
-			return;
-	}
-
-	key = isc_mem_strdup(sym_mctx, key);
-	if (key == NULL)
-		return;
-
-	symvalue.as_pointer = NULL;
-	result = isc_symtab_define(symtab, key, value, symvalue,
-				   isc_symexists_reject);
-	if (result != ISC_R_SUCCESS)
-		isc_mem_free(sym_mctx, key);
-}
-
-static isc_boolean_t
-logged(char *key, int value) {
-	isc_result_t result;
-
-	if (symtab == NULL)
-		return (ISC_FALSE);
-
-	result = isc_symtab_lookup(symtab, key, value, NULL);
-	if (result == ISC_R_SUCCESS)
-		return (ISC_TRUE);
-	return (ISC_FALSE);
-}
-
-static isc_boolean_t
-checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
-	dns_rdataset_t *a, dns_rdataset_t *aaaa)
-{
-#ifdef USE_GETADDRINFO
-	dns_rdataset_t *rdataset;
-	dns_rdata_t rdata = DNS_RDATA_INIT;
-	struct addrinfo hints, *ai, *cur;
-	char namebuf[DNS_NAME_FORMATSIZE + 1];
-	char ownerbuf[DNS_NAME_FORMATSIZE];
-	char addrbuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")];
-	isc_boolean_t answer = ISC_TRUE;
-	isc_boolean_t match;
-	const char *type;
-	void *ptr = NULL;
-	int result;
-
-	REQUIRE(a == NULL || !dns_rdataset_isassociated(a) ||
-		a->type == dns_rdatatype_a);
-	REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) ||
-		aaaa->type == dns_rdatatype_aaaa);
-
-	if (a == NULL || aaaa == NULL)
-		return (answer);
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_CANONNAME;
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-
-	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
-	/*
-	 * Turn off search.
-	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
-	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
-	result = getaddrinfo(namebuf, NULL, &hints, &ai);
-	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
-	switch (result) {
-	case 0:
-		/*
-		 * Work around broken getaddrinfo() implementations that
-		 * fail to set ai_canonname on first entry.
-		 */
-		cur = ai;
-		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL)
-			cur = cur->ai_next;
-		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0 &&
-		    !logged(namebuf, ERR_IS_CNAME)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' (out of zone) "
-				     "is a CNAME '%s' (illegal)",
-				     ownerbuf, namebuf,
-				     cur->ai_canonname);
-			/* XXX950 make fatal for 9.5.0 */
-			/* answer = ISC_FALSE; */
-			add(namebuf, ERR_IS_CNAME);
-		}
-		break;
-	case EAI_NONAME:
-#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
-	case EAI_NODATA:
-#endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
-		/* XXX950 make fatal for 9.5.0 */
-		return (ISC_TRUE);
-
-	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s",
-				     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
-		return (ISC_TRUE);
-	}
-
-	/*
-	 * Check that all glue records really exist.
-	 */
-	if (!dns_rdataset_isassociated(a))
-		goto checkaaaa;
-	result = dns_rdataset_first(a);
-	while (result == ISC_R_SUCCESS) {
-		dns_rdataset_current(a, &rdata);
-		match = ISC_FALSE;
-		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			if (cur->ai_family != AF_INET)
-				continue;
-			ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
-			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
-				match = ISC_TRUE;
-				break;
-			}
-		}
-		if (!match && !logged(namebuf, ERR_EXTRA_A)) {
-			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
-				     "extra GLUE A record (%s)",
-				     ownerbuf, namebuf,
-				     inet_ntop(AF_INET, rdata.data,
-					       addrbuf, sizeof(addrbuf)));
-			add(namebuf, ERR_EXTRA_A);
-			/* XXX950 make fatal for 9.5.0 */
-			/* answer = ISC_FALSE; */
-		}
-		dns_rdata_reset(&rdata);
-		result = dns_rdataset_next(a);
-	}
-
- checkaaaa:
-	if (!dns_rdataset_isassociated(aaaa))
-		goto checkmissing;
-	result = dns_rdataset_first(aaaa);
-	while (result == ISC_R_SUCCESS) {
-		dns_rdataset_current(aaaa, &rdata);
-		match = ISC_FALSE;
-		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			if (cur->ai_family != AF_INET6)
-				continue;
-			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
-			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
-				match = ISC_TRUE;
-				break;
-			}
-		}
-		if (!match && !logged(namebuf, ERR_EXTRA_AAAA)) {
-			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
-				     "extra GLUE AAAA record (%s)",
-				     ownerbuf, namebuf,
-				     inet_ntop(AF_INET6, rdata.data,
-					       addrbuf, sizeof(addrbuf)));
-			add(namebuf, ERR_EXTRA_AAAA);
-			/* XXX950 make fatal for 9.5.0. */
-			/* answer = ISC_FALSE; */
-		}
-		dns_rdata_reset(&rdata);
-		result = dns_rdataset_next(aaaa);
-	}
-
- checkmissing:
-	/*
-	 * Check that all addresses appear in the glue.
-	 */
-	if (!logged(namebuf, ERR_MISSING_GLUE)) {
-		isc_boolean_t missing_glue = ISC_FALSE;
-		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			switch (cur->ai_family) {
-			case AF_INET:
-				rdataset = a;
-				ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
-				type = "A";
-				break;
-			case AF_INET6:
-				rdataset = aaaa;
-				ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
-				type = "AAAA";
-				break;
-			default:
-				 continue;
-			}
-			match = ISC_FALSE;
-			if (dns_rdataset_isassociated(rdataset))
-				result = dns_rdataset_first(rdataset);
-			else
-				result = ISC_R_FAILURE;
-			while (result == ISC_R_SUCCESS && !match) {
-				dns_rdataset_current(rdataset, &rdata);
-				if (memcmp(ptr, rdata.data, rdata.length) == 0)
-					match = ISC_TRUE;
-				dns_rdata_reset(&rdata);
-				result = dns_rdataset_next(rdataset);
-			}
-			if (!match) {
-				dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
-					     "missing GLUE %s record (%s)",
-					     ownerbuf, namebuf, type,
-					     inet_ntop(cur->ai_family, ptr,
-						       addrbuf, sizeof(addrbuf)));
-				/* XXX950 make fatal for 9.5.0. */
-				/* answer = ISC_FALSE; */
-				missing_glue = ISC_TRUE;
-			}
-		}
-		if (missing_glue)
-			add(namebuf, ERR_MISSING_GLUE);
-	}
-	freeaddrinfo(ai);
-	return (answer);
-#else
-	return (ISC_TRUE);
-#endif
-}
-
-static isc_boolean_t
-checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
-#ifdef USE_GETADDRINFO
-	struct addrinfo hints, *ai, *cur;
-	char namebuf[DNS_NAME_FORMATSIZE + 1];
-	char ownerbuf[DNS_NAME_FORMATSIZE];
-	int result;
-	int level = ISC_LOG_ERROR;
-	isc_boolean_t answer = ISC_TRUE;
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_CANONNAME;
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-
-	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
-	/*
-	 * Turn off search.
-	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
-	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
-	result = getaddrinfo(namebuf, NULL, &hints, &ai);
-	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
-	switch (result) {
-	case 0:
-		/*
-		 * Work around broken getaddrinfo() implementations that
-		 * fail to set ai_canonname on first entry.
-		 */
-		cur = ai;
-		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL)
-			cur = cur->ai_next;
-		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
-			if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0)
-				level = ISC_LOG_WARNING;
-			if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
-				if (!logged(namebuf, ERR_IS_MXCNAME)) {
-					dns_zone_log(zone, level,
-						     "%s/MX '%s' (out of zone)"
-						     " is a CNAME '%s' "
-						     "(illegal)",
-						     ownerbuf, namebuf,
-						     cur->ai_canonname);
-					add(namebuf, ERR_IS_MXCNAME);
-				}
-				if (level == ISC_LOG_ERROR)
-					answer = ISC_FALSE;
-			}
-		}
-		freeaddrinfo(ai);
-		return (answer);
-
-	case EAI_NONAME:
-#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
-	case EAI_NODATA:
-#endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/MX '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
-		/* XXX950 make fatal for 9.5.0. */
-		return (ISC_TRUE);
-
-	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-			     "getaddrinfo(%s) failed: %s",
-			     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
-		return (ISC_TRUE);
-	}
-#else
-	return (ISC_TRUE);
-#endif
-}
-
-static isc_boolean_t
-checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
-#ifdef USE_GETADDRINFO
-	struct addrinfo hints, *ai, *cur;
-	char namebuf[DNS_NAME_FORMATSIZE + 1];
-	char ownerbuf[DNS_NAME_FORMATSIZE];
-	int result;
-	int level = ISC_LOG_ERROR;
-	isc_boolean_t answer = ISC_TRUE;
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_CANONNAME;
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-
-	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
-	/*
-	 * Turn off search.
-	 */
-	if (dns_name_countlabels(name) > 1U)
-		strcat(namebuf, ".");
-	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
-	result = getaddrinfo(namebuf, NULL, &hints, &ai);
-	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
-	switch (result) {
-	case 0:
-		/*
-		 * Work around broken getaddrinfo() implementations that
-		 * fail to set ai_canonname on first entry.
-		 */
-		cur = ai;
-		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL)
-			cur = cur->ai_next;
-		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
-			if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0)
-				level = ISC_LOG_WARNING;
-			if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
-				if (!logged(namebuf, ERR_IS_SRVCNAME)) {
-					dns_zone_log(zone, level, "%s/SRV '%s'"
-						     " (out of zone) is a "
-						     "CNAME '%s' (illegal)",
-						     ownerbuf, namebuf,
-						     cur->ai_canonname);
-					add(namebuf, ERR_IS_SRVCNAME);
-				}
-				if (level == ISC_LOG_ERROR)
-					answer = ISC_FALSE;
-			}
-		}
-		freeaddrinfo(ai);
-		return (answer);
-
-	case EAI_NONAME:
-#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
-	case EAI_NODATA:
-#endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/SRV '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
-		/* XXX950 make fatal for 9.5.0. */
-		return (ISC_TRUE);
-
-	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s",
-				     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
-		return (ISC_TRUE);
-	}
-#else
-	return (ISC_TRUE);
-#endif
-}
-
-isc_result_t
-setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
-	isc_logdestination_t destination;
-	isc_logconfig_t *logconfig = NULL;
-	isc_log_t *log = NULL;
-
-	RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
-	isc_log_registercategories(log, categories);
-	isc_log_setcontext(log);
-	dns_log_init(log);
-	dns_log_setcontext(log);
-	cfg_log_init(log);
-
-	destination.file.stream = errout;
-	destination.file.name = NULL;
-	destination.file.versions = ISC_LOG_ROLLNEVER;
-	destination.file.maximum_size = 0;
-	RUNTIME_CHECK(isc_log_createchannel(logconfig, "stderr",
-				       ISC_LOG_TOFILEDESC,
-				       ISC_LOG_DYNAMIC,
-				       &destination, 0) == ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",
-					 NULL, NULL) == ISC_R_SUCCESS);
-
-	*logp = log;
-	return (ISC_R_SUCCESS);
-}
-
-/*% load the zone */
-isc_result_t
-load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
-	  dns_masterformat_t fileformat, const char *classname,
-	  dns_zone_t **zonep)
-{
-	isc_result_t result;
-	dns_rdataclass_t rdclass;
-	isc_textregion_t region;
-	isc_buffer_t buffer;
-	dns_fixedname_t fixorigin;
-	dns_name_t *origin;
-	dns_zone_t *zone = NULL;
-
-	REQUIRE(zonep == NULL || *zonep == NULL);
-
-	if (debug)
-		fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n",
-			zonename, filename, classname);
-
-	CHECK(dns_zone_create(&zone, mctx));
-
-	dns_zone_settype(zone, dns_zone_master);
-
-	isc_buffer_constinit(&buffer, zonename, strlen(zonename));
-	isc_buffer_add(&buffer, strlen(zonename));
-	dns_fixedname_init(&fixorigin);
-	origin = dns_fixedname_name(&fixorigin);
-	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname,
-				ISC_FALSE, NULL));
-	CHECK(dns_zone_setorigin(zone, origin));
-	CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype));
-	CHECK(dns_zone_setfile2(zone, filename, fileformat));
-
-	DE_CONST(classname, region.base);
-	region.length = strlen(classname);
-	CHECK(dns_rdataclass_fromtext(&rdclass, &region));
-
-	dns_zone_setclass(zone, rdclass);
-	dns_zone_setoption(zone, zone_options, ISC_TRUE);
-	dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge);
-	if (docheckmx)
-		dns_zone_setcheckmx(zone, checkmx);
-	if (docheckns)
-		dns_zone_setcheckns(zone, checkns);
-	if (dochecksrv)
-		dns_zone_setchecksrv(zone, checksrv);
-
-	CHECK(dns_zone_load(zone));
-	if (zonep != NULL) {
-		*zonep = zone;
-		zone = NULL;
-	}
-
- cleanup:
-	if (zone != NULL)
-		dns_zone_detach(&zone);
-	return (result);
-}
-
-/*% dump the zone */
-isc_result_t
-dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
-	  dns_masterformat_t fileformat, const dns_master_style_t *style)
-{
-	isc_result_t result;
-	FILE *output = stdout;
-	const char *flags;
-
-	flags = (fileformat == dns_masterformat_text) ? "w+" : "wb+";
-
-	if (debug) {
-		if (filename != NULL && strcmp(filename, "-") != 0)
-			fprintf(stderr, "dumping \"%s\" to \"%s\"\n",
-				zonename, filename);
-		else
-			fprintf(stderr, "dumping \"%s\"\n", zonename);
-	}
-
-	if (filename != NULL && strcmp(filename, "-") != 0) {
-		result = isc_stdio_open(filename, flags, &output);
-
-		if (result != ISC_R_SUCCESS) {
-			fprintf(stderr, "could not open output "
-				"file \"%s\" for writing\n", filename);
-			return (ISC_R_FAILURE);
-		}
-	}
-
-	result = dns_zone_dumptostream2(zone, output, fileformat, style);
-
-	if (output != stdout)
-		(void)isc_stdio_close(output);
-
-	return (result);
-}
-
-#ifdef _WIN32
-void
-InitSockets(void) {
-	WORD wVersionRequested;
-	WSADATA wsaData;
-	int err;
-
-	wVersionRequested = MAKEWORD(2, 0);
-
-	err = WSAStartup( wVersionRequested, &wsaData );
-	if (err != 0) {
-		fprintf(stderr, "WSAStartup() failed: %d\n", err);
-		exit(1);
-	}
-}
-
-void
-DestroySockets(void) {
-	WSACleanup();
-}
-#endif
-

bin/check/check-tool.h

@@ -1,60 +0,0 @@
-/*
- * Copyright (C) 2004, 2005, 2007, 2010, 2012  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000-2002  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id$ */
-
-#ifndef CHECK_TOOL_H
-#define CHECK_TOOL_H
-
-/*! \file */
-
-#include <isc/lang.h>
-#include <isc/stdio.h>
-#include <isc/types.h>
-
-#include <dns/masterdump.h>
-#include <dns/types.h>
-
-ISC_LANG_BEGINDECLS
-
-isc_result_t
-setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp);
-
-isc_result_t
-load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
-	  dns_masterformat_t fileformat, const char *classname,
-	  dns_zone_t **zonep);
-
-isc_result_t
-dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
-	  dns_masterformat_t fileformat, const dns_master_style_t *style);
-
-#ifdef _WIN32
-void InitSockets(void);
-void DestroySockets(void);
-#endif
-
-extern int debug;
-extern isc_boolean_t nomerge;
-extern isc_boolean_t docheckmx;
-extern isc_boolean_t docheckns;
-extern isc_boolean_t dochecksrv;
-extern unsigned int zone_options;
-
-ISC_LANG_ENDDECLS
-
-#endif

bin/check/named-checkconf.8

@@ -1,94 +0,0 @@
-.\" Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium.
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id$
-.\"
-.hy 0
-.ad l
-.\"     Title: named\-checkconf
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: June 14, 2000
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "NAMED\-CHECKCONF" "8" "June 14, 2000" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-named\-checkconf \- named configuration file syntax checking tool
-.SH "SYNOPSIS"
-.HP 16
-\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-z\fR]
-.SH "DESCRIPTION"
-.PP
-\fBnamed\-checkconf\fR
-checks the syntax, but not the semantics, of a named configuration file.
-.SH "OPTIONS"
-.PP
-\-h
-.RS 4
-Print the usage summary and exit.
-.RE
-.PP
-\-t \fIdirectory\fR
-.RS 4
-Chroot to
-\fIdirectory\fR
-so that include directives in the configuration file are processed as if run by a similarly chrooted named.
-.RE
-.PP
-\-v
-.RS 4
-Print the version of the
-\fBnamed\-checkconf\fR
-program and exit.
-.RE
-.PP
-\-z
-.RS 4
-Perform a test load of all master zones found in
-\fInamed.conf\fR.
-.RE
-.PP
-\-j
-.RS 4
-When loading a zonefile read the journal if it exists.
-.RE
-.PP
-filename
-.RS 4
-The name of the configuration file to be checked. If not specified, it defaults to
-\fI/etc/named.conf\fR.
-.RE
-.SH "RETURN VALUES"
-.PP
-\fBnamed\-checkconf\fR
-returns an exit status of 1 if errors were detected and 0 otherwise.
-.SH "SEE ALSO"
-.PP
-\fBnamed\fR(8),
-\fBnamed\-checkzone\fR(8),
-BIND 9 Administrator Reference Manual.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
-.br

bin/check/named-checkconf.c

@@ -1,560 +0,0 @@
-/*
- * Copyright (C) 2004-2007, 2009-2013  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id$ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <errno.h>
-#include <stdlib.h>
-#include <stdio.h>
-
-#include <isc/commandline.h>
-#include <isc/dir.h>
-#include <isc/entropy.h>
-#include <isc/hash.h>
-#include <isc/log.h>
-#include <isc/mem.h>
-#include <isc/result.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <isccfg/namedconf.h>
-
-#include <bind9/check.h>
-
-#include <dns/db.h>
-#include <dns/fixedname.h>
-#include <dns/log.h>
-#include <dns/name.h>
-#include <dns/rdataclass.h>
-#include <dns/result.h>
-#include <dns/rootns.h>
-#include <dns/zone.h>
-
-#include "check-tool.h"
-
-static const char *program = "named-checkconf";
-
-isc_log_t *logc = NULL;
-
-#define CHECK(r)\
-	do { \
-		result = (r); \
-		if (result != ISC_R_SUCCESS) \
-			goto cleanup; \
-	} while (0)
-
-/*% usage */
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr, "usage: %s [-h] [-j] [-v] [-z] [-t directory] "
-		"[named.conf]\n", program);
-	exit(1);
-}
-
-/*% directory callback */
-static isc_result_t
-directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) {
-	isc_result_t result;
-	const char *directory;
-
-	REQUIRE(strcasecmp("directory", clausename) == 0);
-
-	UNUSED(arg);
-	UNUSED(clausename);
-
-	/*
-	 * Change directory.
-	 */
-	directory = cfg_obj_asstring(obj);
-	result = isc_dir_chdir(directory);
-	if (result != ISC_R_SUCCESS) {
-		cfg_obj_log(obj, logc, ISC_LOG_ERROR,
-			    "change directory to '%s' failed: %s\n",
-			    directory, isc_result_totext(result));
-		return (result);
-	}
-
-	return (ISC_R_SUCCESS);
-}
-
-static isc_boolean_t
-get_maps(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
-	int i;
-	for (i = 0;; i++) {
-		if (maps[i] == NULL)
-			return (ISC_FALSE);
-		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
-			return (ISC_TRUE);
-	}
-}
-
-static isc_boolean_t
-get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
-	const cfg_listelt_t *element;
-	const cfg_obj_t *checknames;
-	const cfg_obj_t *type;
-	const cfg_obj_t *value;
-	isc_result_t result;
-	int i;
-
-	for (i = 0;; i++) {
-		if (maps[i] == NULL)
-			return (ISC_FALSE);
-		checknames = NULL;
-		result = cfg_map_get(maps[i], "check-names", &checknames);
-		if (result != ISC_R_SUCCESS)
-			continue;
-		if (checknames != NULL && !cfg_obj_islist(checknames)) {
-			*obj = checknames;
-			return (ISC_TRUE);
-		}
-		for (element = cfg_list_first(checknames);
-		     element != NULL;
-		     element = cfg_list_next(element)) {
-			value = cfg_listelt_value(element);
-			type = cfg_tuple_get(value, "type");
-			if (strcasecmp(cfg_obj_asstring(type), "master") != 0)
-				continue;
-			*obj = cfg_tuple_get(value, "mode");
-			return (ISC_TRUE);
-		}
-	}
-}
-
-static isc_result_t
-config_get(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
-	int i;
-
-	for (i = 0;; i++) {
-		if (maps[i] == NULL)
-			return (ISC_R_NOTFOUND);
-		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
-			return (ISC_R_SUCCESS);
-	}
-}
-
-static isc_result_t
-configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) {
-	isc_result_t result;
-	dns_db_t *db = NULL;
-	dns_rdataclass_t rdclass;
-	isc_textregion_t r;
-
-	if (zfile == NULL)
-		return (ISC_R_FAILURE);
-
-	DE_CONST(zclass, r.base);
-	r.length = strlen(zclass);
-	result = dns_rdataclass_fromtext(&rdclass, &r);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	result = dns_rootns_create(mctx, rdclass, zfile, &db);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	dns_db_detach(&db);
-	return (ISC_R_SUCCESS);
-}
-
-/*% configure the zone */
-static isc_result_t
-configure_zone(const char *vclass, const char *view,
-	       const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
-	       const cfg_obj_t *config, isc_mem_t *mctx)
-{
-	int i = 0;
-	isc_result_t result;
-	const char *zclass;
-	const char *zname;
-	const char *zfile = NULL;
-	const cfg_obj_t *maps[4];
-	const cfg_obj_t *zoptions = NULL;
-	const cfg_obj_t *classobj = NULL;
-	const cfg_obj_t *typeobj = NULL;
-	const cfg_obj_t *fileobj = NULL;
-	const cfg_obj_t *dbobj = NULL;
-	const cfg_obj_t *obj = NULL;
-	const cfg_obj_t *fmtobj = NULL;
-	dns_masterformat_t masterformat;
-
-	zone_options = DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_MANYERRORS;
-
-	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
-	classobj = cfg_tuple_get(zconfig, "class");
-	if (!cfg_obj_isstring(classobj))
-		zclass = vclass;
-	else
-		zclass = cfg_obj_asstring(classobj);
-
-	zoptions = cfg_tuple_get(zconfig, "options");
-	maps[i++] = zoptions;
-	if (vconfig != NULL)
-		maps[i++] = cfg_tuple_get(vconfig, "options");
-	if (config != NULL) {
-		cfg_map_get(config, "options", &obj);
-		if (obj != NULL)
-			maps[i++] = obj;
-	}
-	maps[i] = NULL;
-
-	cfg_map_get(zoptions, "type", &typeobj);
-	if (typeobj == NULL)
-		return (ISC_R_FAILURE);
-
-	cfg_map_get(zoptions, "file", &fileobj);
-	if (fileobj != NULL)
-		zfile = cfg_obj_asstring(fileobj);
-
-	/*
-	 * Check hints files for hint zones.
-	 * Skip loading checks for any type other than master.
-	 */
-	if (strcasecmp(cfg_obj_asstring(typeobj), "hint") == 0)
-		return (configure_hint(zfile, zclass, mctx));
-	else if ((strcasecmp(cfg_obj_asstring(typeobj), "master") != 0))
-		return (ISC_R_SUCCESS);
-
-	if (zfile == NULL)
-		return (ISC_R_FAILURE);
-
-	cfg_map_get(zoptions, "database", &dbobj);
-	if (dbobj != NULL)
-		return (ISC_R_SUCCESS);
-
-	obj = NULL;
-	if (get_maps(maps, "check-mx", &obj)) {
-		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKMX;
-			zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKMX;
-			zone_options |= DNS_ZONEOPT_CHECKMXFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
-			zone_options &= ~DNS_ZONEOPT_CHECKMX;
-			zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
-		} else
-			INSIST(0);
-	} else {
-		zone_options |= DNS_ZONEOPT_CHECKMX;
-		zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
-	}
-
-	obj = NULL;
-	if (get_maps(maps, "check-integrity", &obj)) {
-		if (cfg_obj_asboolean(obj))
-			zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-		else
-			zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
-	} else
-		zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-
-	obj = NULL;
-	if (get_maps(maps, "check-mx-cname", &obj)) {
-		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
-			zone_options |= DNS_ZONEOPT_WARNMXCNAME;
-			zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
-			zone_options &= ~DNS_ZONEOPT_WARNMXCNAME;
-			zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
-			zone_options |= DNS_ZONEOPT_WARNMXCNAME;
-			zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
-		} else
-			INSIST(0);
-	} else {
-		zone_options |= DNS_ZONEOPT_WARNMXCNAME;
-		zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
-	}
-
-	obj = NULL;
-	if (get_maps(maps, "check-srv-cname", &obj)) {
-		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
-			zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
-			zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
-			zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME;
-			zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
-			zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
-			zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
-		} else
-			INSIST(0);
-	} else {
-		zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
-		zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
-	}
-
-	obj = NULL;
-	if (get_maps(maps, "check-sibling", &obj)) {
-		if (cfg_obj_asboolean(obj))
-			zone_options |= DNS_ZONEOPT_CHECKSIBLING;
-		else
-			zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-	}
-
-	obj = NULL;
-	if (get_maps(maps, "check-spf", &obj)) {
-		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKSPF;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
-			zone_options &= ~DNS_ZONEOPT_CHECKSPF;
-		} else
-			INSIST(0);
-	} else {
-		zone_options |= DNS_ZONEOPT_CHECKSPF;
-	}
-
-	obj = NULL;
-	if (get_checknames(maps, &obj)) {
-		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKNAMES;
-			zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKNAMES;
-			zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
-			zone_options &= ~DNS_ZONEOPT_CHECKNAMES;
-			zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
-		} else
-			INSIST(0);
-	} else {
-	       zone_options |= DNS_ZONEOPT_CHECKNAMES;
-	       zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
-	}
-
-	masterformat = dns_masterformat_text;
-	fmtobj = NULL;
-	result = config_get(maps, "masterfile-format", &fmtobj);
-	if (result == ISC_R_SUCCESS) {
-		const char *masterformatstr = cfg_obj_asstring(fmtobj);
-		if (strcasecmp(masterformatstr, "text") == 0)
-			masterformat = dns_masterformat_text;
-		else if (strcasecmp(masterformatstr, "raw") == 0)
-			masterformat = dns_masterformat_raw;
-		else
-			INSIST(0);
-	}
-
-	result = load_zone(mctx, zname, zfile, masterformat, zclass, NULL);
-	if (result != ISC_R_SUCCESS)
-		fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
-			dns_result_totext(result));
-	return (result);
-}
-
-/*% configure a view */
-static isc_result_t
-configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
-	       const cfg_obj_t *vconfig, isc_mem_t *mctx)
-{
-	const cfg_listelt_t *element;
-	const cfg_obj_t *voptions;
-	const cfg_obj_t *zonelist;
-	isc_result_t result = ISC_R_SUCCESS;
-	isc_result_t tresult;
-
-	voptions = NULL;
-	if (vconfig != NULL)
-		voptions = cfg_tuple_get(vconfig, "options");
-
-	zonelist = NULL;
-	if (voptions != NULL)
-		(void)cfg_map_get(voptions, "zone", &zonelist);
-	else
-		(void)cfg_map_get(config, "zone", &zonelist);
-
-	for (element = cfg_list_first(zonelist);
-	     element != NULL;
-	     element = cfg_list_next(element))
-	{
-		const cfg_obj_t *zconfig = cfg_listelt_value(element);
-		tresult = configure_zone(vclass, view, zconfig, vconfig,
-					 config, mctx);
-		if (tresult != ISC_R_SUCCESS)
-			result = tresult;
-	}
-	return (result);
-}
-
-
-/*% load zones from the configuration */
-static isc_result_t
-load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx) {
-	const cfg_listelt_t *element;
-	const cfg_obj_t *classobj;
-	const cfg_obj_t *views;
-	const cfg_obj_t *vconfig;
-	const char *vclass;
-	isc_result_t result = ISC_R_SUCCESS;
-	isc_result_t tresult;
-
-	views = NULL;
-
-	(void)cfg_map_get(config, "view", &views);
-	for (element = cfg_list_first(views);
-	     element != NULL;
-	     element = cfg_list_next(element))
-	{
-		const char *vname;
-
-		vclass = "IN";
-		vconfig = cfg_listelt_value(element);
-		if (vconfig != NULL) {
-			classobj = cfg_tuple_get(vconfig, "class");
-			if (cfg_obj_isstring(classobj))
-				vclass = cfg_obj_asstring(classobj);
-		}
-		vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
-		tresult = configure_view(vclass, vname, config, vconfig, mctx);
-		if (tresult != ISC_R_SUCCESS)
-			result = tresult;
-	}
-
-	if (views == NULL) {
-		tresult = configure_view("IN", "_default", config, NULL, mctx);
-		if (tresult != ISC_R_SUCCESS)
-			result = tresult;
-	}
-	return (result);
-}
-
-/*% The main processing routine */
-int
-main(int argc, char **argv) {
-	int c;
-	cfg_parser_t *parser = NULL;
-	cfg_obj_t *config = NULL;
-	const char *conffile = NULL;
-	isc_mem_t *mctx = NULL;
-	isc_result_t result;
-	int exit_status = 0;
-	isc_entropy_t *ectx = NULL;
-	isc_boolean_t load_zones = ISC_FALSE;
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((c = isc_commandline_parse(argc, argv, "dhjt:vz")) != EOF) {
-		switch (c) {
-		case 'd':
-			debug++;
-			break;
-
-		case 'j':
-			nomerge = ISC_FALSE;
-			break;
-
-		case 't':
-			result = isc_dir_chroot(isc_commandline_argument);
-			if (result != ISC_R_SUCCESS) {
-				fprintf(stderr, "isc_dir_chroot: %s\n",
-					isc_result_totext(result));
-				exit(1);
-			}
-			break;
-
-		case 'v':
-			printf(VERSION "\n");
-			exit(0);
-
-		case 'z':
-			load_zones = ISC_TRUE;
-			docheckmx = ISC_FALSE;
-			docheckns = ISC_FALSE;
-			dochecksrv = ISC_FALSE;
-			break;
-
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-			/* FALLTHROUGH */
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (isc_commandline_index + 1 < argc)
-		usage();
-	if (argv[isc_commandline_index] != NULL)
-		conffile = argv[isc_commandline_index];
-	if (conffile == NULL || conffile[0] == '\0')
-		conffile = NAMED_CONFFILE;
-
-#ifdef _WIN32
-	InitSockets();
-#endif
-
-	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
-
-	RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
-
-	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
-		      == ISC_R_SUCCESS);
-
-	dns_result_register();
-
-	RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS);
-
-	cfg_parser_setcallback(parser, directory_callback, NULL);
-
-	if (cfg_parse_file(parser, conffile, &cfg_type_namedconf, &config) !=
-	    ISC_R_SUCCESS)
-		exit(1);
-
-	result = bind9_check_namedconf(config, logc, mctx);
-	if (result != ISC_R_SUCCESS)
-		exit_status = 1;
-
-	if (result == ISC_R_SUCCESS && load_zones) {
-		result = load_zones_fromconfig(config, mctx);
-		if (result != ISC_R_SUCCESS)
-			exit_status = 1;
-	}
-
-	cfg_obj_destroy(parser, &config);
-
-	cfg_parser_destroy(&parser);
-
-	dns_name_destroy();
-
-	isc_log_destroy(&logc);
-
-	isc_hash_destroy();
-	isc_entropy_detach(&ectx);
-
-	isc_mem_destroy(&mctx);
-
-#ifdef _WIN32
-	DestroySockets();
-#endif
-
-	return (exit_status);
-}

bin/check/named-checkconf.docbook

@@ -1,172 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-	       [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2004, 2005, 2007, 2012  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002  Internet Software Consortium.
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id$ -->
-<refentry id="man.named-checkconf">
-  <refentryinfo>
-    <date>June 14, 2000</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>named-checkconf</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <docinfo>
-    <copyright>
-      <year>2004</year>
-      <year>2005</year>
-      <year>2007</year>
-      <year>2012</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <holder>Internet Software Consortium.</holder>
-    </copyright>
-  </docinfo>
-
-  <refnamediv>
-    <refname><application>named-checkconf</application></refname>
-    <refpurpose>named configuration file syntax checking tool</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>named-checkconf</command>
-      <arg><option>-h</option></arg>
-      <arg><option>-v</option></arg>
-      <arg><option>-j</option></arg>
-      <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg choice="req">filename</arg>
-      <arg><option>-z</option></arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>named-checkconf</command>
-      checks the syntax, but not the semantics, of a named
-      configuration file.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Print the usage summary and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Chroot to <filename>directory</filename> so that
-            include
-            directives in the configuration file are processed as if
-            run by a similarly chrooted named.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v</term>
-        <listitem>
-          <para>
-            Print the version of the <command>named-checkconf</command>
-            program and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-z</term>
-        <listitem>
-          <para>
-	    Perform a test load of all master zones found in
-	    <filename>named.conf</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-j</term>
-        <listitem>
-          <para>
-            When loading a zonefile read the journal if it exists.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>filename</term>
-        <listitem>
-          <para>
-            The name of the configuration file to be checked.  If not
-            specified, it defaults to <filename>/etc/named.conf</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-
-  </refsect1>
-
-  <refsect1>
-    <title>RETURN VALUES</title>
-    <para><command>named-checkconf</command>
-      returns an exit status of 1 if
-      errors were detected and 0 otherwise.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>named-checkzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/check/named-checkconf.html

@@ -1,96 +0,0 @@
-<!--
- - Copyright (C) 2004, 2005, 2007, 2012 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id$ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>named-checkconf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.named-checkconf"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">named-checkconf</span> &#8212; named configuration file syntax checking tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543390"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">named-checkconf</strong></span>
-      checks the syntax, but not the semantics, of a named
-      configuration file.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543402"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Print the usage summary and exit.
-          </p></dd>
-<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Chroot to <code class="filename">directory</code> so that
-            include
-            directives in the configuration file are processed as if
-            run by a similarly chrooted named.
-          </p></dd>
-<dt><span class="term">-v</span></dt>
-<dd><p>
-            Print the version of the <span><strong class="command">named-checkconf</strong></span>
-            program and exit.
-          </p></dd>
-<dt><span class="term">-z</span></dt>
-<dd><p>
-	    Perform a test load of all master zones found in
-	    <code class="filename">named.conf</code>.
-          </p></dd>
-<dt><span class="term">-j</span></dt>
-<dd><p>
-            When loading a zonefile read the journal if it exists.
-          </p></dd>
-<dt><span class="term">filename</span></dt>
-<dd><p>
-            The name of the configuration file to be checked.  If not
-            specified, it defaults to <code class="filename">/etc/named.conf</code>.
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543510"></a><h2>RETURN VALUES</h2>
-<p><span><strong class="command">named-checkconf</strong></span>
-      returns an exit status of 1 if
-      errors were detected and 0 otherwise.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543522"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543552"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/check/named-checkzone.8

@@ -1,286 +0,0 @@
-.\" Copyright (C) 2004-2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium.
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id$
-.\"
-.hy 0
-.ad l
-.\"     Title: named\-checkzone
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: June 13, 2000
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "NAMED\-CHECKZONE" "8" "June 13, 2000" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
-.SH "SYNOPSIS"
-.HP 16
-\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
-.HP 18
-\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
-.SH "DESCRIPTION"
-.PP
-\fBnamed\-checkzone\fR
-checks the syntax and integrity of a zone file. It performs the same checks as
-\fBnamed\fR
-does when loading a zone. This makes
-\fBnamed\-checkzone\fR
-useful for checking zone files before configuring them into a name server.
-.PP
-\fBnamed\-compilezone\fR
-is similar to
-\fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by
-\fBnamed\fR. When manually specified otherwise, the check levels must at least be as strict as those specified in the
-\fBnamed\fR
-configuration file.
-.SH "OPTIONS"
-.PP
-\-d
-.RS 4
-Enable debugging.
-.RE
-.PP
-\-h
-.RS 4
-Print the usage summary and exit.
-.RE
-.PP
-\-q
-.RS 4
-Quiet mode \- exit code only.
-.RE
-.PP
-\-v
-.RS 4
-Print the version of the
-\fBnamed\-checkzone\fR
-program and exit.
-.RE
-.PP
-\-j
-.RS 4
-When loading the zone file read the journal if it exists.
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Specify the class of the zone. If not specified, "IN" is assumed.
-.RE
-.PP
-\-i \fImode\fR
-.RS 4
-Perform post\-load zone integrity checks. Possible modes are
-\fB"full"\fR
-(default),
-\fB"full\-sibling"\fR,
-\fB"local"\fR,
-\fB"local\-sibling"\fR
-and
-\fB"none"\fR.
-.sp
-Mode
-\fB"full"\fR
-checks that MX records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). Mode
-\fB"local"\fR
-only checks MX records which refer to in\-zone hostnames.
-.sp
-Mode
-\fB"full"\fR
-checks that SRV records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). Mode
-\fB"local"\fR
-only checks SRV records which refer to in\-zone hostnames.
-.sp
-Mode
-\fB"full"\fR
-checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). It also checks that glue address records in the zone match those advertised by the child. Mode
-\fB"local"\fR
-only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone.
-.sp
-Mode
-\fB"full\-sibling"\fR
-and
-\fB"local\-sibling"\fR
-disable sibling glue checks but are otherwise the same as
-\fB"full"\fR
-and
-\fB"local"\fR
-respectively.
-.sp
-Mode
-\fB"none"\fR
-disables the checks.
-.RE
-.PP
-\-f \fIformat\fR
-.RS 4
-Specify the format of the zone file. Possible formats are
-\fB"text"\fR
-(default) and
-\fB"raw"\fR.
-.RE
-.PP
-\-F \fIformat\fR
-.RS 4
-Specify the format of the output file specified. Possible formats are
-\fB"text"\fR
-(default) and
-\fB"raw"\fR. For
-\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
-.RE
-.PP
-\-k \fImode\fR
-.RS 4
-Perform
-\fB"check\-names"\fR
-checks with the specified failure mode. Possible modes are
-\fB"fail"\fR
-(default for
-\fBnamed\-compilezone\fR),
-\fB"warn"\fR
-(default for
-\fBnamed\-checkzone\fR) and
-\fB"ignore"\fR.
-.RE
-.PP
-\-m \fImode\fR
-.RS 4
-Specify whether MX records should be checked to see if they are addresses. Possible modes are
-\fB"fail"\fR,
-\fB"warn"\fR
-(default) and
-\fB"ignore"\fR.
-.RE
-.PP
-\-M \fImode\fR
-.RS 4
-Check if a MX record refers to a CNAME. Possible modes are
-\fB"fail"\fR,
-\fB"warn"\fR
-(default) and
-\fB"ignore"\fR.
-.RE
-.PP
-\-n \fImode\fR
-.RS 4
-Specify whether NS records should be checked to see if they are addresses. Possible modes are
-\fB"fail"\fR
-(default for
-\fBnamed\-compilezone\fR),
-\fB"warn"\fR
-(default for
-\fBnamed\-checkzone\fR) and
-\fB"ignore"\fR.
-.RE
-.PP
-\-o \fIfilename\fR
-.RS 4
-Write zone output to
-\fIfilename\fR. If
-\fIfilename\fR
-is
-\fI\-\fR
-then write to standard out. This is mandatory for
-\fBnamed\-compilezone\fR.
-.RE
-.PP
-\-s \fIstyle\fR
-.RS 4
-Specify the style of the dumped zone file. Possible styles are
-\fB"full"\fR
-(default) and
-\fB"relative"\fR. The full format is most suitable for processing automatically by a separate script. On the other hand, the relative format is more human\-readable and is thus suitable for editing by hand. For
-\fBnamed\-checkzone\fR
-this does not cause any effects unless it dumps the zone contents. It also does not have any meaning if the output format is not text.
-.RE
-.PP
-\-S \fImode\fR
-.RS 4
-Check if a SRV record refers to a CNAME. Possible modes are
-\fB"fail"\fR,
-\fB"warn"\fR
-(default) and
-\fB"ignore"\fR.
-.RE
-.PP
-\-t \fIdirectory\fR
-.RS 4
-Chroot to
-\fIdirectory\fR
-so that include directives in the configuration file are processed as if run by a similarly chrooted named.
-.RE
-.PP
-\-T \fImode\fR
-.RS 4
-Check if Sender Policy Framework records (TXT and SPF) both exist or both don't exist. A warning is issued if they don't match. Possible modes are
-\fB"warn"\fR
-(default),
-\fB"ignore"\fR.
-.RE
-.PP
-\-w \fIdirectory\fR
-.RS 4
-chdir to
-\fIdirectory\fR
-so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in
-\fInamed.conf\fR.
-.RE
-.PP
-\-D
-.RS 4
-Dump zone file in canonical format. This is always enabled for
-\fBnamed\-compilezone\fR.
-.RE
-.PP
-\-W \fImode\fR
-.RS 4
-Specify whether to check for non\-terminal wildcards. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034). Possible modes are
-\fB"warn"\fR
-(default) and
-\fB"ignore"\fR.
-.RE
-.PP
-zonename
-.RS 4
-The domain name of the zone being checked.
-.RE
-.PP
-filename
-.RS 4
-The name of the zone file.
-.RE
-.SH "RETURN VALUES"
-.PP
-\fBnamed\-checkzone\fR
-returns an exit status of 1 if errors were detected and 0 otherwise.
-.SH "SEE ALSO"
-.PP
-\fBnamed\fR(8),
-\fBnamed\-checkconf\fR(8),
-RFC 1035,
-BIND 9 Administrator Reference Manual.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
-.br

bin/check/named-checkzone.c

@@ -1,486 +0,0 @@
-/*
- * Copyright (C) 2004-2013  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id$ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdlib.h>
-
-#include <isc/app.h>
-#include <isc/commandline.h>
-#include <isc/dir.h>
-#include <isc/entropy.h>
-#include <isc/hash.h>
-#include <isc/log.h>
-#include <isc/mem.h>
-#include <isc/socket.h>
-#include <isc/string.h>
-#include <isc/task.h>
-#include <isc/timer.h>
-#include <isc/util.h>
-
-#include <dns/db.h>
-#include <dns/fixedname.h>
-#include <dns/log.h>
-#include <dns/masterdump.h>
-#include <dns/name.h>
-#include <dns/rdataclass.h>
-#include <dns/rdataset.h>
-#include <dns/result.h>
-#include <dns/types.h>
-#include <dns/zone.h>
-
-#include "check-tool.h"
-
-static int quiet = 0;
-static isc_mem_t *mctx = NULL;
-static isc_entropy_t *ectx = NULL;
-dns_zone_t *zone = NULL;
-dns_zonetype_t zonetype = dns_zone_master;
-static int dumpzone = 0;
-static const char *output_filename;
-static char *prog_name = NULL;
-static const dns_master_style_t *outputstyle = NULL;
-static enum { progmode_check, progmode_compile } progmode;
-
-#define ERRRET(result, function) \
-	do { \
-		if (result != ISC_R_SUCCESS) { \
-			if (!quiet) \
-				fprintf(stderr, "%s() returned %s\n", \
-					function, dns_result_totext(result)); \
-			return (result); \
-		} \
-	} while (0)
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr,
-		"usage: %s [-djqvD] [-c class] "
-		"[-f inputformat] [-F outputformat] "
-		"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
-		"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
-		"[-i (full|full-sibling|local|local-sibling|none)] "
-		"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
-		"[-W (ignore|warn)] "
-		"%s zonename filename\n",
-		prog_name,
-		progmode == progmode_check ? "[-o filename]" : "{-o filename}");
-	exit(1);
-}
-
-static void
-destroy(void) {
-	if (zone != NULL)
-		dns_zone_detach(&zone);
-	dns_name_destroy();
-}
-
-/*% main processing routine */
-int
-main(int argc, char **argv) {
-	int c;
-	char *origin = NULL;
-	char *filename = NULL;
-	isc_log_t *lctx = NULL;
-	isc_result_t result;
-	char classname_in[] = "IN";
-	char *classname = classname_in;
-	const char *workdir = NULL;
-	const char *inputformatstr = NULL;
-	const char *outputformatstr = NULL;
-	dns_masterformat_t inputformat = dns_masterformat_text;
-	dns_masterformat_t outputformat = dns_masterformat_text;
-	isc_boolean_t logdump = ISC_FALSE;
-	FILE *errout = stdout;
-
-	outputstyle = &dns_master_style_full;
-
-	prog_name = strrchr(argv[0], '/');
-	if (prog_name == NULL)
-		prog_name = strrchr(argv[0], '\\');
-	if (prog_name != NULL)
-		prog_name++;
-	else
-		prog_name = argv[0];
-	/*
-	 * Libtool doesn't preserve the program name prior to final
-	 * installation.  Remove the libtool prefix ("lt-").
-	 */
-	if (strncmp(prog_name, "lt-", 3) == 0)
-		prog_name += 3;
-
-#define PROGCMP(X) \
-	(strcasecmp(prog_name, X) == 0 || strcasecmp(prog_name, X ".exe") == 0)
-
-	if (PROGCMP("named-checkzone"))
-		progmode = progmode_check;
-	else if (PROGCMP("named-compilezone"))
-		progmode = progmode_compile;
-	else
-		INSIST(0);
-
-	/* Compilation specific defaults */
-	if (progmode == progmode_compile) {
-		zone_options |= (DNS_ZONEOPT_CHECKNS |
-				 DNS_ZONEOPT_FATALNS |
-				 DNS_ZONEOPT_CHECKSPF |
-				 DNS_ZONEOPT_CHECKNAMES |
-				 DNS_ZONEOPT_CHECKNAMESFAIL |
-				 DNS_ZONEOPT_CHECKWILDCARD);
-	} else
-		zone_options |= DNS_ZONEOPT_CHECKSPF;
-
-#define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((c = isc_commandline_parse(argc, argv,
-				       "c:df:hi:jk:m:n:qs:t:o:vw:DF:M:S:T:W:"))
-	       != EOF) {
-		switch (c) {
-		case 'c':
-			classname = isc_commandline_argument;
-			break;
-
-		case 'd':
-			debug++;
-			break;
-
-		case 'i':
-			if (ARGCMP("full")) {
-				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY |
-						DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = ISC_TRUE;
-				docheckns = ISC_TRUE;
-				dochecksrv = ISC_TRUE;
-			} else if (ARGCMP("full-sibling")) {
-				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = ISC_TRUE;
-				docheckns = ISC_TRUE;
-				dochecksrv = ISC_TRUE;
-			} else if (ARGCMP("local")) {
-				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-				zone_options |= DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = ISC_FALSE;
-				docheckns = ISC_FALSE;
-				dochecksrv = ISC_FALSE;
-			} else if (ARGCMP("local-sibling")) {
-				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = ISC_FALSE;
-				docheckns = ISC_FALSE;
-				dochecksrv = ISC_FALSE;
-			} else if (ARGCMP("none")) {
-				zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
-				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = ISC_FALSE;
-				docheckns = ISC_FALSE;
-				dochecksrv = ISC_FALSE;
-			} else {
-				fprintf(stderr, "invalid argument to -i: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'f':
-			inputformatstr = isc_commandline_argument;
-			break;
-
-		case 'F':
-			outputformatstr = isc_commandline_argument;
-			break;
-
-		case 'j':
-			nomerge = ISC_FALSE;
-			break;
-
-		case 'k':
-			if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKNAMES;
-				zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
-			} else if (ARGCMP("fail")) {
-				zone_options |= DNS_ZONEOPT_CHECKNAMES |
-						DNS_ZONEOPT_CHECKNAMESFAIL;
-			} else if (ARGCMP("ignore")) {
-				zone_options &= ~(DNS_ZONEOPT_CHECKNAMES |
-						  DNS_ZONEOPT_CHECKNAMESFAIL);
-			} else {
-				fprintf(stderr, "invalid argument to -k: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'n':
-			if (ARGCMP("ignore")) {
-				zone_options &= ~(DNS_ZONEOPT_CHECKNS|
-						  DNS_ZONEOPT_FATALNS);
-			} else if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKNS;
-				zone_options &= ~DNS_ZONEOPT_FATALNS;
-			} else if (ARGCMP("fail")) {
-				zone_options |= DNS_ZONEOPT_CHECKNS|
-						DNS_ZONEOPT_FATALNS;
-			} else {
-				fprintf(stderr, "invalid argument to -n: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'm':
-			if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKMX;
-				zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
-			} else if (ARGCMP("fail")) {
-				zone_options |= DNS_ZONEOPT_CHECKMX |
-						DNS_ZONEOPT_CHECKMXFAIL;
-			} else if (ARGCMP("ignore")) {
-				zone_options &= ~(DNS_ZONEOPT_CHECKMX |
-						  DNS_ZONEOPT_CHECKMXFAIL);
-			} else {
-				fprintf(stderr, "invalid argument to -m: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'q':
-			quiet++;
-			break;
-
-		case 't':
-			result = isc_dir_chroot(isc_commandline_argument);
-			if (result != ISC_R_SUCCESS) {
-				fprintf(stderr, "isc_dir_chroot: %s: %s\n",
-					isc_commandline_argument,
-					isc_result_totext(result));
-				exit(1);
-			}
-			break;
-
-		case 's':
-			if (ARGCMP("full"))
-				outputstyle = &dns_master_style_full;
-			else if (ARGCMP("relative")) {
-				outputstyle = &dns_master_style_default;
-			} else {
-				fprintf(stderr,
-					"unknown or unsupported style: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'o':
-			output_filename = isc_commandline_argument;
-			break;
-
-		case 'v':
-			printf(VERSION "\n");
-			exit(0);
-
-		case 'w':
-			workdir = isc_commandline_argument;
-			break;
-
-		case 'D':
-			dumpzone++;
-			break;
-
-		case 'M':
-			if (ARGCMP("fail")) {
-				zone_options &= ~DNS_ZONEOPT_WARNMXCNAME;
-				zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
-			} else if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_WARNMXCNAME;
-				zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
-			} else if (ARGCMP("ignore")) {
-				zone_options |= DNS_ZONEOPT_WARNMXCNAME;
-				zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
-			} else {
-				fprintf(stderr, "invalid argument to -M: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'S':
-			if (ARGCMP("fail")) {
-				zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME;
-				zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
-			} else if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
-				zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
-			} else if (ARGCMP("ignore")) {
-				zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
-				zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
-			} else {
-				fprintf(stderr, "invalid argument to -S: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'T':
-			if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKSPF;
-			} else if (ARGCMP("ignore")) {
-				zone_options &= ~DNS_ZONEOPT_CHECKSPF;
-			} else {
-				fprintf(stderr, "invalid argument to -T: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'W':
-			if (ARGCMP("warn"))
-				zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
-			else if (ARGCMP("ignore"))
-				zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD;
-			break;
-
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					prog_name, isc_commandline_option);
-			/* FALLTHROUGH */
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				prog_name, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (workdir != NULL) {
-		result = isc_dir_chdir(workdir);
-		if (result != ISC_R_SUCCESS) {
-			fprintf(stderr, "isc_dir_chdir: %s: %s\n",
-				workdir, isc_result_totext(result));
-			exit(1);
-		}
-	}
-
-	if (inputformatstr != NULL) {
-		if (strcasecmp(inputformatstr, "text") == 0)
-			inputformat = dns_masterformat_text;
-		else if (strcasecmp(inputformatstr, "raw") == 0)
-			inputformat = dns_masterformat_raw;
-		else {
-			fprintf(stderr, "unknown file format: %s\n",
-			    inputformatstr);
-			exit(1);
-		}
-	}
-
-	if (outputformatstr != NULL) {
-		if (strcasecmp(outputformatstr, "text") == 0)
-			outputformat = dns_masterformat_text;
-		else if (strcasecmp(outputformatstr, "raw") == 0)
-			outputformat = dns_masterformat_raw;
-		else {
-			fprintf(stderr, "unknown file format: %s\n",
-				outputformatstr);
-			exit(1);
-		}
-	}
-
-	if (progmode == progmode_compile) {
-		dumpzone = 1;	/* always dump */
-		logdump = !quiet;
-		if (output_filename == NULL) {
-			fprintf(stderr,
-				"output file required, but not specified\n");
-			usage();
-		}
-	}
-
-	if (output_filename != NULL)
-		dumpzone = 1;
-
-	/*
-	 * If we are outputing to stdout then send the informational
-	 * output to stderr.
-	 */
-	if (dumpzone &&
-	    (output_filename == NULL ||
-	     strcmp(output_filename, "-") == 0 ||
-	     strcmp(output_filename, "/dev/fd/1") == 0 ||
-	     strcmp(output_filename, "/dev/stdout") == 0)) {
-		errout = stderr;
-		logdump = ISC_FALSE;
-	}
-
-	if (isc_commandline_index + 2 != argc)
-		usage();
-
-#ifdef _WIN32
-	InitSockets();
-#endif
-
-	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
-	if (!quiet)
-		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
-			      == ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
-		      == ISC_R_SUCCESS);
-
-	dns_result_register();
-
-	origin = argv[isc_commandline_index++];
-	filename = argv[isc_commandline_index++];
-	result = load_zone(mctx, origin, filename, inputformat, classname,
-			   &zone);
-
-	if (result == ISC_R_SUCCESS && dumpzone) {
-		if (logdump) {
-			fprintf(errout, "dump zone to %s...", output_filename);
-			fflush(errout);
-		}
-		result = dump_zone(origin, zone, output_filename,
-				   outputformat, outputstyle);
-		if (logdump)
-			fprintf(errout, "done\n");
-	}
-
-	if (!quiet && result == ISC_R_SUCCESS)
-		fprintf(errout, "OK\n");
-	destroy();
-	if (lctx != NULL)
-		isc_log_destroy(&lctx);
-	isc_hash_destroy();
-	isc_entropy_detach(&ectx);
-	isc_mem_destroy(&mctx);
-#ifdef _WIN32
-	DestroySockets();
-#endif
-	return ((result == ISC_R_SUCCESS) ? 0 : 1);
-}

bin/check/named-checkzone.docbook

@@ -1,472 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-	       [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2004-2007, 2009, 2012, 2013  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002  Internet Software Consortium.
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id$ -->
-<refentry id="man.named-checkzone">
-  <refentryinfo>
-    <date>June 13, 2000</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>named-checkzone</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <docinfo>
-    <copyright>
-      <year>2004</year>
-      <year>2005</year>
-      <year>2006</year>
-      <year>2007</year>
-      <year>2009</year>
-      <year>2012</year>
-      <year>2013</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <holder>Internet Software Consortium.</holder>
-    </copyright>
-  </docinfo>
-
-  <refnamediv>
-    <refname><application>named-checkzone</application></refname>
-    <refname><application>named-compilezone</application></refname>
-    <refpurpose>zone file validity checking or converting tool</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>named-checkzone</command>
-      <arg><option>-d</option></arg>
-      <arg><option>-h</option></arg>
-      <arg><option>-j</option></arg>
-      <arg><option>-q</option></arg>
-      <arg><option>-v</option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
-      <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
-      <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
-      <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-D</option></arg>
-      <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="req">zonename</arg>
-      <arg choice="req">filename</arg>
-    </cmdsynopsis>
-    <cmdsynopsis>
-      <command>named-compilezone</command>
-      <arg><option>-d</option></arg>
-      <arg><option>-j</option></arg>
-      <arg><option>-q</option></arg>
-      <arg><option>-v</option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-C <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-f <replaceable class="parameter">format</replaceable></option></arg>
-      <arg><option>-F <replaceable class="parameter">format</replaceable></option></arg>
-      <arg><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
-      <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
-      <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-D</option></arg>
-      <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
-      <arg choice="req">zonename</arg>
-      <arg choice="req">filename</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>named-checkzone</command>
-      checks the syntax and integrity of a zone file.  It performs the
-      same checks as <command>named</command> does when loading a
-      zone.  This makes <command>named-checkzone</command> useful for
-      checking zone files before configuring them into a name server.
-    </para>
-    <para>
-        <command>named-compilezone</command> is similar to
-	<command>named-checkzone</command>, but it always dumps the
-        zone contents to a specified file in a specified format.
-	Additionally, it applies stricter check levels by default,
-        since the dump output will be used as an actual zone file
-	loaded by <command>named</command>.
-	When manually specified otherwise, the check levels must at
-        least be as strict as those specified in the
-	<command>named</command> configuration file.
-     </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-d</term>
-        <listitem>
-          <para>
-            Enable debugging.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Print the usage summary and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-q</term>
-        <listitem>
-          <para>
-            Quiet mode - exit code only.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v</term>
-        <listitem>
-          <para>
-            Print the version of the <command>named-checkzone</command>
-            program and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-j</term>
-        <listitem>
-          <para>
-            When loading the zone file read the journal if it exists.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-        <listitem>
-          <para>
-            Specify the class of the zone.  If not specified, "IN" is assumed.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-i <replaceable class="parameter">mode</replaceable></term>
-	<listitem>
-	  <para>
-	      Perform post-load zone integrity checks.  Possible modes are
-	      <command>"full"</command> (default),
-	      <command>"full-sibling"</command>,
-	      <command>"local"</command>,
-	      <command>"local-sibling"</command> and
-	      <command>"none"</command>.
-	  </para>
-	  <para>
-	      Mode <command>"full"</command> checks that MX records
-	      refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  Mode <command>"local"</command> only
-	      checks MX records which refer to in-zone hostnames.
-	  </para>
-	  <para>
-	      Mode <command>"full"</command> checks that SRV records
-	      refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  Mode <command>"local"</command> only
-	      checks SRV records which refer to in-zone hostnames.
-	  </para>
-	  <para>
-	      Mode <command>"full"</command> checks that delegation NS
-	      records refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  It also checks that glue address records
-	      in the zone match those advertised by the child.
-	      Mode <command>"local"</command> only checks NS records which
-	      refer to in-zone hostnames or that some required glue exists,
-	      that is when the nameserver is in a child zone.
-	  </para>
-	  <para>
-	      Mode <command>"full-sibling"</command> and
-	      <command>"local-sibling"</command> disable sibling glue
-	      checks but are otherwise the same as <command>"full"</command>
-	      and <command>"local"</command> respectively.
-	  </para>
-	  <para>
-	      Mode <command>"none"</command> disables the checks.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-f <replaceable class="parameter">format</replaceable></term>
-	<listitem>
-	  <para>
-	    Specify the format of the zone file.
-	    Possible formats are <command>"text"</command> (default)
-	    and <command>"raw"</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-F <replaceable class="parameter">format</replaceable></term>
-	<listitem>
-	  <para>
-	    Specify the format of the output file specified.
-	    Possible formats are <command>"text"</command> (default)
-	    and <command>"raw"</command>.
-	    For <command>named-checkzone</command>,
-	    this does not cause any effects unless it dumps the zone
-	    contents.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-k <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-          <para>
-            Perform <command>"check-names"</command> checks with the
-	    specified failure mode.
-            Possible modes are <command>"fail"</command>
-	    (default for <command>named-compilezone</command>),
-            <command>"warn"</command>
-	    (default for <command>named-checkzone</command>) and
-            <command>"ignore"</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-m <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-          <para>
-            Specify whether MX records should be checked to see if they
-            are addresses.  Possible modes are <command>"fail"</command>,
-            <command>"warn"</command> (default) and
-            <command>"ignore"</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-M <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-	  <para>
-	    Check if a MX record refers to a CNAME.
-            Possible modes are <command>"fail"</command>,
-            <command>"warn"</command> (default) and
-            <command>"ignore"</command>.
-	  </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-n <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-          <para>
-            Specify whether NS records should be checked to see if they
-            are addresses.
-	    Possible modes are <command>"fail"</command>
-	    (default for <command>named-compilezone</command>),
-            <command>"warn"</command>
-	    (default for <command>named-checkzone</command>) and
-            <command>"ignore"</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-o <replaceable class="parameter">filename</replaceable></term>
-        <listitem>
-          <para>
-            Write zone output to <filename>filename</filename>.
-	    If <filename>filename</filename> is <filename>-</filename> then
-	    write to standard out.
-	    This is mandatory for <command>named-compilezone</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-s <replaceable class="parameter">style</replaceable></term>
-	<listitem>
-	  <para>
-	    Specify the style of the dumped zone file.
-	    Possible styles are <command>"full"</command> (default)
-	    and <command>"relative"</command>.
-	    The full format is most suitable for processing
-	    automatically by a separate script.
-	    On the other hand, the relative format is more
-	    human-readable and is thus suitable for editing by hand.
-	    For <command>named-checkzone</command>
-	    this does not cause any effects unless it dumps the zone
-	    contents.
-	    It also does not have any meaning if the output format
-	    is not text.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-S <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-	  <para>
-	    Check if a SRV record refers to a CNAME.
-            Possible modes are <command>"fail"</command>,
-            <command>"warn"</command> (default) and
-            <command>"ignore"</command>.
-	  </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Chroot to <filename>directory</filename> so that
-            include
-            directives in the configuration file are processed as if
-            run by a similarly chrooted named.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-T <replaceable class="parameter">mode</replaceable></term>
-	<listitem>
-	  <para>
-	    Check if Sender Policy Framework records (TXT and SPF)
-	    both exist or both don't exist.  A warning is issued
-	    if they don't match.  Possible modes are
-	    <command>"warn"</command> (default), <command>"ignore"</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-w <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            chdir to <filename>directory</filename> so that
-            relative
-            filenames in master file $INCLUDE directives work.  This
-            is similar to the directory clause in
-            <filename>named.conf</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-D</term>
-        <listitem>
-          <para>
-            Dump zone file in canonical format.
-	    This is always enabled for <command>named-compilezone</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-W <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-          <para>
-            Specify whether to check for non-terminal wildcards.
-            Non-terminal wildcards are almost always the result of a
-            failure to understand the wildcard matching algorithm (RFC 1034).
-            Possible modes are <command>"warn"</command> (default)
-            and
-            <command>"ignore"</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>zonename</term>
-        <listitem>
-          <para>
-            The domain name of the zone being checked.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>filename</term>
-        <listitem>
-          <para>
-            The name of the zone file.
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-
-  </refsect1>
-
-  <refsect1>
-    <title>RETURN VALUES</title>
-    <para><command>named-checkzone</command>
-      returns an exit status of 1 if
-      errors were detected and 0 otherwise.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>  
-      </citerefentry>,
-      <citetitle>RFC 1035</citetitle>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/check/named-checkzone.html

@@ -1,269 +0,0 @@
-<!--
- - Copyright (C) 2004-2007, 2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id$ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>named-checkzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.named-checkzone"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">named-checkzone</span>, <span class="application">named-compilezone</span> &#8212; zone file validity checking or converting tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
-<div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543698"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">named-checkzone</strong></span>
-      checks the syntax and integrity of a zone file.  It performs the
-      same checks as <span><strong class="command">named</strong></span> does when loading a
-      zone.  This makes <span><strong class="command">named-checkzone</strong></span> useful for
-      checking zone files before configuring them into a name server.
-    </p>
-<p>
-        <span><strong class="command">named-compilezone</strong></span> is similar to
-	<span><strong class="command">named-checkzone</strong></span>, but it always dumps the
-        zone contents to a specified file in a specified format.
-	Additionally, it applies stricter check levels by default,
-        since the dump output will be used as an actual zone file
-	loaded by <span><strong class="command">named</strong></span>.
-	When manually specified otherwise, the check levels must at
-        least be as strict as those specified in the
-	<span><strong class="command">named</strong></span> configuration file.
-     </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543733"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-d</span></dt>
-<dd><p>
-            Enable debugging.
-          </p></dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Print the usage summary and exit.
-          </p></dd>
-<dt><span class="term">-q</span></dt>
-<dd><p>
-            Quiet mode - exit code only.
-          </p></dd>
-<dt><span class="term">-v</span></dt>
-<dd><p>
-            Print the version of the <span><strong class="command">named-checkzone</strong></span>
-            program and exit.
-          </p></dd>
-<dt><span class="term">-j</span></dt>
-<dd><p>
-            When loading the zone file read the journal if it exists.
-          </p></dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
-            Specify the class of the zone.  If not specified, "IN" is assumed.
-          </p></dd>
-<dt><span class="term">-i <em class="replaceable"><code>mode</code></em></span></dt>
-<dd>
-<p>
-	      Perform post-load zone integrity checks.  Possible modes are
-	      <span><strong class="command">"full"</strong></span> (default),
-	      <span><strong class="command">"full-sibling"</strong></span>,
-	      <span><strong class="command">"local"</strong></span>,
-	      <span><strong class="command">"local-sibling"</strong></span> and
-	      <span><strong class="command">"none"</strong></span>.
-	  </p>
-<p>
-	      Mode <span><strong class="command">"full"</strong></span> checks that MX records
-	      refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  Mode <span><strong class="command">"local"</strong></span> only
-	      checks MX records which refer to in-zone hostnames.
-	  </p>
-<p>
-	      Mode <span><strong class="command">"full"</strong></span> checks that SRV records
-	      refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  Mode <span><strong class="command">"local"</strong></span> only
-	      checks SRV records which refer to in-zone hostnames.
-	  </p>
-<p>
-	      Mode <span><strong class="command">"full"</strong></span> checks that delegation NS
-	      records refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  It also checks that glue address records
-	      in the zone match those advertised by the child.
-	      Mode <span><strong class="command">"local"</strong></span> only checks NS records which
-	      refer to in-zone hostnames or that some required glue exists,
-	      that is when the nameserver is in a child zone.
-	  </p>
-<p>
-	      Mode <span><strong class="command">"full-sibling"</strong></span> and
-	      <span><strong class="command">"local-sibling"</strong></span> disable sibling glue
-	      checks but are otherwise the same as <span><strong class="command">"full"</strong></span>
-	      and <span><strong class="command">"local"</strong></span> respectively.
-	  </p>
-<p>
-	      Mode <span><strong class="command">"none"</strong></span> disables the checks.
-	  </p>
-</dd>
-<dt><span class="term">-f <em class="replaceable"><code>format</code></em></span></dt>
-<dd><p>
-	    Specify the format of the zone file.
-	    Possible formats are <span><strong class="command">"text"</strong></span> (default)
-	    and <span><strong class="command">"raw"</strong></span>.
-	  </p></dd>
-<dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt>
-<dd><p>
-	    Specify the format of the output file specified.
-	    Possible formats are <span><strong class="command">"text"</strong></span> (default)
-	    and <span><strong class="command">"raw"</strong></span>.
-	    For <span><strong class="command">named-checkzone</strong></span>,
-	    this does not cause any effects unless it dumps the zone
-	    contents.
-	  </p></dd>
-<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
-            Perform <span><strong class="command">"check-names"</strong></span> checks with the
-	    specified failure mode.
-            Possible modes are <span><strong class="command">"fail"</strong></span>
-	    (default for <span><strong class="command">named-compilezone</strong></span>),
-            <span><strong class="command">"warn"</strong></span>
-	    (default for <span><strong class="command">named-checkzone</strong></span>) and
-            <span><strong class="command">"ignore"</strong></span>.
-          </p></dd>
-<dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
-            Specify whether MX records should be checked to see if they
-            are addresses.  Possible modes are <span><strong class="command">"fail"</strong></span>,
-            <span><strong class="command">"warn"</strong></span> (default) and
-            <span><strong class="command">"ignore"</strong></span>.
-          </p></dd>
-<dt><span class="term">-M <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
-	    Check if a MX record refers to a CNAME.
-            Possible modes are <span><strong class="command">"fail"</strong></span>,
-            <span><strong class="command">"warn"</strong></span> (default) and
-            <span><strong class="command">"ignore"</strong></span>.
-	  </p></dd>
-<dt><span class="term">-n <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
-            Specify whether NS records should be checked to see if they
-            are addresses.
-	    Possible modes are <span><strong class="command">"fail"</strong></span>
-	    (default for <span><strong class="command">named-compilezone</strong></span>),
-            <span><strong class="command">"warn"</strong></span>
-	    (default for <span><strong class="command">named-checkzone</strong></span>) and
-            <span><strong class="command">"ignore"</strong></span>.
-          </p></dd>
-<dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt>
-<dd><p>
-            Write zone output to <code class="filename">filename</code>.
-	    If <code class="filename">filename</code> is <code class="filename">-</code> then
-	    write to standard out.
-	    This is mandatory for <span><strong class="command">named-compilezone</strong></span>.
-          </p></dd>
-<dt><span class="term">-s <em class="replaceable"><code>style</code></em></span></dt>
-<dd><p>
-	    Specify the style of the dumped zone file.
-	    Possible styles are <span><strong class="command">"full"</strong></span> (default)
-	    and <span><strong class="command">"relative"</strong></span>.
-	    The full format is most suitable for processing
-	    automatically by a separate script.
-	    On the other hand, the relative format is more
-	    human-readable and is thus suitable for editing by hand.
-	    For <span><strong class="command">named-checkzone</strong></span>
-	    this does not cause any effects unless it dumps the zone
-	    contents.
-	    It also does not have any meaning if the output format
-	    is not text.
-	  </p></dd>
-<dt><span class="term">-S <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
-	    Check if a SRV record refers to a CNAME.
-            Possible modes are <span><strong class="command">"fail"</strong></span>,
-            <span><strong class="command">"warn"</strong></span> (default) and
-            <span><strong class="command">"ignore"</strong></span>.
-	  </p></dd>
-<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Chroot to <code class="filename">directory</code> so that
-            include
-            directives in the configuration file are processed as if
-            run by a similarly chrooted named.
-          </p></dd>
-<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
-	    Check if Sender Policy Framework records (TXT and SPF)
-	    both exist or both don't exist.  A warning is issued
-	    if they don't match.  Possible modes are
-	    <span><strong class="command">"warn"</strong></span> (default), <span><strong class="command">"ignore"</strong></span>.
-	  </p></dd>
-<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            chdir to <code class="filename">directory</code> so that
-            relative
-            filenames in master file $INCLUDE directives work.  This
-            is similar to the directory clause in
-            <code class="filename">named.conf</code>.
-          </p></dd>
-<dt><span class="term">-D</span></dt>
-<dd><p>
-            Dump zone file in canonical format.
-	    This is always enabled for <span><strong class="command">named-compilezone</strong></span>.
-          </p></dd>
-<dt><span class="term">-W <em class="replaceable"><code>mode</code></em></span></dt>
-<dd><p>
-            Specify whether to check for non-terminal wildcards.
-            Non-terminal wildcards are almost always the result of a
-            failure to understand the wildcard matching algorithm (RFC 1034).
-            Possible modes are <span><strong class="command">"warn"</strong></span> (default)
-            and
-            <span><strong class="command">"ignore"</strong></span>.
-          </p></dd>
-<dt><span class="term">zonename</span></dt>
-<dd><p>
-            The domain name of the zone being checked.
-          </p></dd>
-<dt><span class="term">filename</span></dt>
-<dd><p>
-            The name of the zone file.
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544377"></a><h2>RETURN VALUES</h2>
-<p><span><strong class="command">named-checkzone</strong></span>
-      returns an exit status of 1 if
-      errors were detected and 0 otherwise.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544389"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
-      <em class="citetitle">RFC 1035</em>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544422"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/check/win32/checktool.dsp

@@ -1,113 +0,0 @@
-# Microsoft Developer Studio Project File - Name="checktool" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
-
-CFG=checktool - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "checktool.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "checktool.mak" CFG="checktool - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "checktool - Win32 Release" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE "checktool - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "checktool - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fdchecktool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /out:"Release/checktool.lib"
-
-!ELSEIF  "$(CFG)" == "checktool - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fdchecktool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /debug out:"Debug/checktool.lib"
-
-!ENDIF 
-
-# Begin Target
-
-# Name "checktool - Win32 Release"
-# Name "checktool - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# Begin Group "Main Dns Lib"
-
-# PROP Default_Filter "c"
-# Begin Source File
-
-SOURCE=..\check-tool.c
-# End Source File
-# End Group
-# End Target
-# End Project

bin/check/win32/checktool.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "checktool"=".\checktool.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/check/win32/namedcheckconf.dsp

@@ -1,107 +0,0 @@
-# Microsoft Developer Studio Project File - Name="namedcheckconf" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=namedcheckconf - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "namedcheckconf.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "namedcheckconf.mak" CFG="namedcheckconf - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "namedcheckconf - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "namedcheckconf - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "namedcheckconf - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/checktool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkconf.exe"
-
-!ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/checktool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "namedcheckconf - Win32 Release"
-# Name "namedcheckconf - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\named-checkconf.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE="..\check-tool.h"
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/check/win32/namedcheckconf.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "namedcheckconf"=".\namedcheckconf.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/check/win32/namedcheckconf.mak

@@ -1,404 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on namedcheckconf.dsp
-!IF "$(CFG)" == ""
-CFG=namedcheckconf - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to namedcheckconf - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "namedcheckconf - Win32 Release" && "$(CFG)" != "namedcheckconf - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "namedcheckconf.mak" CFG="namedcheckconf - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "namedcheckconf - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "namedcheckconf - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "namedcheckconf - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "namedcheckconf - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-# Begin Custom Macros
-OutDir=.\Release
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Release\named-checkconf.exe" "$(OUTDIR)\namedcheckconf.bsc"
-
-!ELSE 
-
-ALL : "libdns - Win32 Release" "libisccfg - Win32 Release" "libisc - Win32 Release" "..\..\..\Build\Release\named-checkconf.exe" "$(OUTDIR)\namedcheckconf.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libisc - Win32 ReleaseCLEAN" "libisccfg - Win32 ReleaseCLEAN" "libdns - Win32 ReleaseCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\check-tool.obj"
-	-@erase "$(INTDIR)\check-tool.sbr"
-	-@erase "$(INTDIR)\named-checkconf.obj"
-	-@erase "$(INTDIR)\named-checkconf.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(OUTDIR)\namedcheckconf.bsc"
-	-@erase "..\..\..\Build\Release\named-checkconf.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /FR"$(INTDIR)\\" /Fp"$(INTDIR)\namedcheckconf.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckconf.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\check-tool.sbr" \
-	"$(INTDIR)\named-checkconf.sbr"
-
-"$(OUTDIR)\namedcheckconf.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib  ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named-checkconf.pdb" /machine:I386 /out:"../../../Build/Release/named-checkconf.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\check-tool.obj" \
-	"$(INTDIR)\named-checkconf.obj" \
-	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
-	"..\..\..\lib\dns\win32\Release\libdns.lib"
-
-"..\..\..\Build\Release\named-checkconf.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Debug\named-checkconf.exe" "$(OUTDIR)\namedcheckconf.bsc"
-
-!ELSE 
-
-ALL : "libdns - Win32 Debug" "libisccfg - Win32 Debug" "libisc - Win32 Debug" "..\..\..\Build\Debug\named-checkconf.exe" "$(OUTDIR)\namedcheckconf.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libisc - Win32 DebugCLEAN" "libisccfg - Win32 DebugCLEAN" "libdns - Win32 DebugCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\check-tool.obj"
-	-@erase "$(INTDIR)\check-tool.sbr"
-	-@erase "$(INTDIR)\named-checkconf.obj"
-	-@erase "$(INTDIR)\named-checkconf.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\named-checkconf.pdb"
-	-@erase "$(OUTDIR)\namedcheckconf.bsc"
-	-@erase "..\..\..\Build\Debug\named-checkconf.exe"
-	-@erase "..\..\..\Build\Debug\named-checkconf.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckconf.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\check-tool.sbr" \
-	"$(INTDIR)\named-checkconf.sbr"
-
-"$(OUTDIR)\namedcheckconf.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib  ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named-checkconf.pdb" /debug /machine:I386 /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\check-tool.obj" \
-	"$(INTDIR)\named-checkconf.obj" \
-	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
-	"..\..\..\lib\dns\win32\Debug\libdns.lib"
-
-"..\..\..\Build\Debug\named-checkconf.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("namedcheckconf.dep")
-!INCLUDE "namedcheckconf.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "namedcheckconf.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "namedcheckconf - Win32 Release" || "$(CFG)" == "namedcheckconf - Win32 Debug"
-SOURCE="..\check-tool.c"
-
-"$(INTDIR)\check-tool.obj"	"$(INTDIR)\check-tool.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-SOURCE="..\named-checkconf.c"
-
-"$(INTDIR)\named-checkconf.obj"	"$(INTDIR)\named-checkconf.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!IF  "$(CFG)" == "namedcheckconf - Win32 Release"
-
-"libisc - Win32 Release" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" 
-   cd "..\..\..\bin\check\win32"
-
-"libisc - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
-
-"libisc - Win32 Debug" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libisc - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "namedcheckconf - Win32 Release"
-
-"libisccfg - Win32 Release" : 
-   cd "..\..\..\lib\isccfg\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Release" 
-   cd "..\..\..\bin\check\win32"
-
-"libisccfg - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\isccfg\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
-
-"libisccfg - Win32 Debug" : 
-   cd "..\..\..\lib\isccfg\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libisccfg - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\isccfg\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisccfg.mak" CFG="libisccfg - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "namedcheckconf - Win32 Release"
-
-"libdns - Win32 Release" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" 
-   cd "..\..\..\bin\check\win32"
-
-"libdns - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
-
-"libdns - Win32 Debug" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libdns - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/check/win32/namedcheckzone.dsp

@@ -1,108 +0,0 @@
-# Microsoft Developer Studio Project File - Name="namedcheckzone" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=namedcheckzone - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "namedcheckzone.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "namedcheckzone.mak" CFG="namedcheckzone - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "namedcheckzone - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "namedcheckzone - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /YX /FD /c
-# SUBTRACT CPP /Fr
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/checktool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkzone.exe"
-
-!ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/checktool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "namedcheckzone - Win32 Release"
-# Name "namedcheckzone - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\named-checkzone.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE="..\check-tool.h"
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/check/win32/namedcheckzone.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "namedcheckzone"=".\namedcheckzone.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/check/win32/namedcheckzone.mak

@@ -1,404 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on namedcheckzone.dsp
-!IF "$(CFG)" == ""
-CFG=namedcheckzone - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to namedcheckzone - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "namedcheckzone - Win32 Release" && "$(CFG)" != "namedcheckzone - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "namedcheckzone.mak" CFG="namedcheckzone - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "namedcheckzone - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "namedcheckzone - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Release\named-checkzone.exe"
-
-!ELSE 
-
-ALL : "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\named-checkzone.exe"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\check-tool.obj"
-	-@erase "$(INTDIR)\named-checkzone.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\named-checkzone.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "NDEBUG" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /D "__STDC__" /Fp"$(INTDIR)\namedcheckzone.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckzone.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\named-checkzone.pdb" /machine:I386 /out:"../../../Build/Release/named-checkzone.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\check-tool.obj" \
-	"$(INTDIR)\named-checkzone.obj" \
-	"..\..\..\lib\dns\win32\Release\libdns.lib" \
-	"..\..\..\lib\isccfg\win32\Release\libisccfg.lib" \
-	"..\..\..\lib\isc\win32\Release\libisc.lib"
-
-"..\..\..\Build\Release\named-checkzone.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Debug\named-checkzone.exe" "$(OUTDIR)\namedcheckzone.bsc"
-
-!ELSE 
-
-ALL : "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\named-checkzone.exe" "$(OUTDIR)\namedcheckzone.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\check-tool.obj"
-	-@erase "$(INTDIR)\check-tool.sbr"
-	-@erase "$(INTDIR)\named-checkzone.obj"
-	-@erase "$(INTDIR)\named-checkzone.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\named-checkzone.pdb"
-	-@erase "$(OUTDIR)\namedcheckzone.bsc"
-	-@erase "..\..\..\Build\Debug\named-checkzone.exe"
-	-@erase "..\..\..\Build\Debug\named-checkzone.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/isccfg/include" /D "_DEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\namedcheckzone.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\check-tool.sbr" \
-	"$(INTDIR)\named-checkzone.sbr"
-
-"$(OUTDIR)\namedcheckzone.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\named-checkzone.pdb" /debug /machine:I386 /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\check-tool.obj" \
-	"$(INTDIR)\named-checkzone.obj" \
-	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
-	"..\..\..\lib\isccfg\win32\Debug\libisccfg.lib" \
-	"..\..\..\lib\isc\win32\Debug\libisc.lib"
-
-"..\..\..\Build\Debug\named-checkzone.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("namedcheckzone.dep")
-!INCLUDE "namedcheckzone.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "namedcheckzone.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "namedcheckzone - Win32 Release" || "$(CFG)" == "namedcheckzone - Win32 Debug"
-SOURCE="..\check-tool.c"
-
-!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
-
-
-"$(INTDIR)\check-tool.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
-
-
-"$(INTDIR)\check-tool.obj"	"$(INTDIR)\check-tool.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE="..\named-checkzone.c"
-
-!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
-
-
-"$(INTDIR)\named-checkzone.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
-
-
-"$(INTDIR)\named-checkzone.obj"	"$(INTDIR)\named-checkzone.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
-
-"libdns - Win32 Release" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" 
-   cd "..\..\..\bin\check\win32"
-
-"libdns - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
-
-"libdns - Win32 Debug" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libdns - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
-
-"libisc - Win32 Release" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" 
-   cd "..\..\..\bin\check\win32"
-
-"libisc - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
-
-"libisc - Win32 Debug" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" 
-   cd "..\..\..\bin\check\win32"
-
-"libisc - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\check\win32"
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dig/.cvsignore

@@ -0,0 +1,4 @@
+Makefile
+dig
+host
+nslookup

bin/dig/.gitignore

@@ -1,4 +0,0 @@
-dig
-host
-nslookup
-.libs

bin/dig/Makefile.in

@@ -1,19 +1,19 @@
-# Copyright (C) 2004, 2005, 2007, 2012  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2000-2002  Internet Software Consortium.
-#
-# Permission to use, copy, modify, and/or distribute this software for any
+# Copyright (C) 2000  Internet Software Consortium.
+# 
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+# SOFTWARE.
 
-# $Id$
+# $Id: Makefile.in,v 1.10.2.2 2000/08/08 00:17:59 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,81 +21,53 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-@BIND9_MAKE_INCLUDES@
+@BIND9_INCLUDES@
 
-CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${BIND9_INCLUDES} \
-		${ISC_INCLUDES} ${LWRES_INCLUDES}
+CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES}
 
-CDEFINES =	-DVERSION=\"${VERSION}\"
+CDEFINES =	
 CWARNINGS =
 
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-BIND9LIBS =	../../lib/bind9/libbind9.@A@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@
 ISCLIBS =	../../lib/isc/libisc.@A@
-LWRESLIBS =	../../lib/lwres/liblwres.@A@
 
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
-BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
-LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@
 
-DEPLIBS =	${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} ${ISCCFGDEPLIBS} \
-		${LWRESDEPLIBS}
+DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
 
-LIBS =		${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCLIBS} \
-		${ISCCFGLIBS} @IDNLIBS@ @LIBS@
+LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
 
 SUBDIRS =
 
-TARGETS =	dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@
+TARGETS =	dig host nslookup
 
 OBJS =		dig.@O@ dighost.@O@ host.@O@ nslookup.@O@
 
-UOBJS =
+UOBJS =		
 
 SRCS =		dig.c dighost.c host.c nslookup.c
 
-MANPAGES =	dig.1 host.1 nslookup.1
-
-HTMLPAGES =	dig.html host.html nslookup.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
-
 @BIND9_MAKE_RULES@
 
-dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+dig: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
-host@EXEEXT@: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+host: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
-nslookup@EXEEXT@: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
+nslookup: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-clean distclean maintainer-clean::
+clean distclean::
 	rm -f ${TARGETS}
 
 installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
+	if [ ! -d ${DESTDIR}${bindir} ]; then \
+		mkdir ${DESTDIR}${bindir}; \
+	fi
 
-install:: dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
-		dig@EXEEXT@ ${DESTDIR}${bindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
-		host@EXEEXT@ ${DESTDIR}${bindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
-		nslookup@EXEEXT@ ${DESTDIR}${bindir}
-	for m in ${MANPAGES}; do \
-		${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1; \
-		done
+install:: dig host nslookup installdirs
+	${LIBTOOL} ${INSTALL_PROGRAM} dig ${DESTDIR}${bindir}
+	${LIBTOOL} ${INSTALL_PROGRAM} host ${DESTDIR}${bindir}
+	${LIBTOOL} ${INSTALL_PROGRAM} nslookup ${DESTDIR}${bindir}

bin/dig/dig.1

@@ -1,583 +0,0 @@
-.\" Copyright (C) 2004-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium.
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id$
-.\"
-.hy 0
-.ad l
-.\"     Title: dig
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: June 30, 2000
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DIG" "1" "June 30, 2000" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dig \- DNS lookup utility
-.SH "SYNOPSIS"
-.HP 4
-\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
-.HP 4
-\fBdig\fR [\fB\-h\fR]
-.HP 4
-\fBdig\fR [global\-queryopt...] [query...]
-.SH "DESCRIPTION"
-.PP
-\fBdig\fR
-(domain information groper) is a flexible tool for interrogating DNS name servers. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried. Most DNS administrators use
-\fBdig\fR
-to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output. Other lookup tools tend to have less functionality than
-\fBdig\fR.
-.PP
-Although
-\fBdig\fR
-is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the
-\fB\-h\fR
-option is given. Unlike earlier versions, the BIND 9 implementation of
-\fBdig\fR
-allows multiple lookups to be issued from the command line.
-.PP
-Unless it is told to query a specific name server,
-\fBdig\fR
-will try each of the servers listed in
-\fI/etc/resolv.conf\fR. If no usable server addresses are found,
-\fBdig\fR
-will send the query to the local host.
-.PP
-When no command line arguments or options are given,
-\fBdig\fR
-will perform an NS query for "." (the root).
-.PP
-It is possible to set per\-user defaults for
-\fBdig\fR
-via
-\fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments.
-.PP
-The IN and CH class names overlap with the IN and CH top level domains names. Either use the
-\fB\-t\fR
-and
-\fB\-c\fR
-options to specify the type and class, use the
-\fB\-q\fR
-the specify the domain name, or use "IN." and "CH." when looking up these top level domains.
-.SH "SIMPLE USAGE"
-.PP
-A typical invocation of
-\fBdig\fR
-looks like:
-.sp
-.RS 4
-.nf
- dig @server name type 
-.fi
-.RE
-.sp
-where:
-.PP
-\fBserver\fR
-.RS 4
-is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied
-\fIserver\fR
-argument is a hostname,
-\fBdig\fR
-resolves that name before querying that name server.
-.sp
-If no
-\fIserver\fR
-argument is provided,
-\fBdig\fR
-consults
-\fI/etc/resolv.conf\fR; if an address is found there, it queries the name server at that address. If either of the
-\fB\-4\fR
-or
-\fB\-6\fR
-options are in use, then only addresses for the corresponding transport will be tried. If no usable addresses are found,
-\fBdig\fR
-will send the query to the local host. The reply from the name server that responds is displayed.
-.RE
-.PP
-\fBname\fR
-.RS 4
-is the name of the resource record that is to be looked up.
-.RE
-.PP
-\fBtype\fR
-.RS 4
-indicates what type of query is required \(em ANY, A, MX, SIG, etc.
-\fItype\fR
-can be any valid query type. If no
-\fItype\fR
-argument is supplied,
-\fBdig\fR
-will perform a lookup for an A record.
-.RE
-.SH "OPTIONS"
-.PP
-The
-\fB\-b\fR
-option sets the source IP address of the query to
-\fIaddress\fR. This must be a valid address on one of the host's network interfaces or "0.0.0.0" or "::". An optional port may be specified by appending "#<port>"
-.PP
-The default query class (IN for internet) is overridden by the
-\fB\-c\fR
-option.
-\fIclass\fR
-is any valid class, such as HS for Hesiod records or CH for Chaosnet records.
-.PP
-The
-\fB\-f\fR
-option makes
-\fBdig \fR
-operate in batch mode by reading a list of lookup requests to process from the file
-\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to
-\fBdig\fR
-using the command\-line interface.
-.PP
-The
-\fB\-m\fR
-option enables memory usage debugging.
-.PP
-If a non\-standard port number is to be queried, the
-\fB\-p\fR
-option is used.
-\fIport#\fR
-is the port number that
-\fBdig\fR
-will send its queries instead of the standard DNS port number 53. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number.
-.PP
-The
-\fB\-4\fR
-option forces
-\fBdig\fR
-to only use IPv4 query transport. The
-\fB\-6\fR
-option forces
-\fBdig\fR
-to only use IPv6 query transport.
-.PP
-The
-\fB\-t\fR
-option sets the query type to
-\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the
-\fB\-x\fR
-option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required,
-\fItype\fR
-is set to
-ixfr=N. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone's SOA record was
-\fIN\fR.
-.PP
-The
-\fB\-q\fR
-option sets the query name to
-\fIname\fR. This useful do distinguish the
-\fIname\fR
-from other arguments.
-.PP
-Reverse lookups \(em mapping addresses to names \(em are simplified by the
-\fB\-x\fR
-option.
-\fIaddr\fR
-is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address. When this option is used, there is no need to provide the
-\fIname\fR,
-\fIclass\fR
-and
-\fItype\fR
-arguments.
-\fBdig\fR
-automatically performs a lookup for a name like
-11.12.13.10.in\-addr.arpa
-and sets the query type and class to PTR and IN respectively. By default, IPv6 addresses are looked up using nibble format under the IP6.ARPA domain. To use the older RFC1886 method using the IP6.INT domain specify the
-\fB\-i\fR
-option. Bit string labels (RFC2874) are now experimental and are not attempted.
-.PP
-To sign the DNS queries sent by
-\fBdig\fR
-and their responses using transaction signatures (TSIG), specify a TSIG key file using the
-\fB\-k\fR
-option. You can also specify the TSIG key itself on the command line using the
-\fB\-y\fR
-option;
-\fIhmac\fR
-is the type of the TSIG, default HMAC\-MD5,
-\fIname\fR
-is the name of the TSIG key and
-\fIkey\fR
-is the actual key. The key is a base\-64 encoded string, typically generated by
-\fBdnssec\-keygen\fR(8). Caution should be taken when using the
-\fB\-y\fR
-option on multi\-user systems as the key can be visible in the output from
-\fBps\fR(1)
-or in the shell's history file. When using TSIG authentication with
-\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used. In BIND, this is done by providing appropriate
-\fBkey\fR
-and
-\fBserver\fR
-statements in
-\fInamed.conf\fR.
-.SH "QUERY OPTIONS"
-.PP
-\fBdig\fR
-provides a number of query options which affect the way in which lookups are made and the results displayed. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies.
-.PP
-Each query option is identified by a keyword preceded by a plus sign (+). Some keywords set or reset an option. These may be preceded by the string
-no
-to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
-\fB+keyword=value\fR. The query options are:
-.PP
-\fB+[no]tcp\fR
-.RS 4
-Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
-.RE
-.PP
-\fB+[no]vc\fR
-.RS 4
-Use [do not use] TCP when querying name servers. This alternate syntax to
-\fI+[no]tcp\fR
-is provided for backwards compatibility. The "vc" stands for "virtual circuit".
-.RE
-.PP
-\fB+[no]ignore\fR
-.RS 4
-Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
-.RE
-.PP
-\fB+domain=somename\fR
-.RS 4
-Set the search list to contain the single domain
-\fIsomename\fR, as if specified in a
-\fBdomain\fR
-directive in
-\fI/etc/resolv.conf\fR, and enable search list processing as if the
-\fI+search\fR
-option were given.
-.RE
-.PP
-\fB+[no]search\fR
-.RS 4
-Use [do not use] the search list defined by the searchlist or domain directive in
-\fIresolv.conf\fR
-(if any). The search list is not used by default.
-.RE
-.PP
-\fB+[no]showsearch\fR
-.RS 4
-Perform [do not perform] a search showing intermediate results.
-.RE
-.PP
-\fB+[no]defname\fR
-.RS 4
-Deprecated, treated as a synonym for
-\fI+[no]search\fR
-.RE
-.PP
-\fB+[no]aaonly\fR
-.RS 4
-Sets the "aa" flag in the query.
-.RE
-.PP
-\fB+[no]aaflag\fR
-.RS 4
-A synonym for
-\fI+[no]aaonly\fR.
-.RE
-.PP
-\fB+[no]adflag\fR
-.RS 4
-Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated.
-.RE
-.PP
-\fB+[no]cdflag\fR
-.RS 4
-Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
-.RE
-.PP
-\fB+[no]cl\fR
-.RS 4
-Display [do not display] the CLASS when printing the record.
-.RE
-.PP
-\fB+[no]ttlid\fR
-.RS 4
-Display [do not display] the TTL when printing the record.
-.RE
-.PP
-\fB+[no]recurse\fR
-.RS 4
-Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
-\fBdig\fR
-normally sends recursive queries. Recursion is automatically disabled when the
-\fI+nssearch\fR
-or
-\fI+trace\fR
-query options are used.
-.RE
-.PP
-\fB+[no]nssearch\fR
-.RS 4
-When this option is set,
-\fBdig\fR
-attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
-.RE
-.PP
-\fB+[no]trace\fR
-.RS 4
-Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
-\fBdig\fR
-makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
-.RE
-.PP
-\fB+[no]cmd\fR
-.RS 4
-Toggles the printing of the initial comment in the output identifying the version of
-\fBdig\fR
-and the query options that have been applied. This comment is printed by default.
-.RE
-.PP
-\fB+[no]short\fR
-.RS 4
-Provide a terse answer. The default is to print the answer in a verbose form.
-.RE
-.PP
-\fB+[no]identify\fR
-.RS 4
-Show [or do not show] the IP address and port number that supplied the answer when the
-\fI+short\fR
-option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
-.RE
-.PP
-\fB+[no]comments\fR
-.RS 4
-Toggle the display of comment lines in the output. The default is to print comments.
-.RE
-.PP
-\fB+[no]stats\fR
-.RS 4
-This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
-.RE
-.PP
-\fB+[no]qr\fR
-.RS 4
-Print [do not print] the query as it is sent. By default, the query is not printed.
-.RE
-.PP
-\fB+[no]question\fR
-.RS 4
-Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
-.RE
-.PP
-\fB+[no]answer\fR
-.RS 4
-Display [do not display] the answer section of a reply. The default is to display it.
-.RE
-.PP
-\fB+[no]authority\fR
-.RS 4
-Display [do not display] the authority section of a reply. The default is to display it.
-.RE
-.PP
-\fB+[no]additional\fR
-.RS 4
-Display [do not display] the additional section of a reply. The default is to display it.
-.RE
-.PP
-\fB+[no]all\fR
-.RS 4
-Set or clear all display flags.
-.RE
-.PP
-\fB+time=T\fR
-.RS 4
-Sets the timeout for a query to
-\fIT\fR
-seconds. The default timeout is 5 seconds. An attempt to set
-\fIT\fR
-to less than 1 will result in a query timeout of 1 second being applied.
-.RE
-.PP
-\fB+tries=T\fR
-.RS 4
-Sets the number of times to try UDP queries to server to
-\fIT\fR
-instead of the default, 3. If
-\fIT\fR
-is less than or equal to zero, the number of tries is silently rounded up to 1.
-.RE
-.PP
-\fB+retry=T\fR
-.RS 4
-Sets the number of times to retry UDP queries to server to
-\fIT\fR
-instead of the default, 2. Unlike
-\fI+tries\fR, this does not include the initial query.
-.RE
-.PP
-\fB+ndots=D\fR
-.RS 4
-Set the number of dots that have to appear in
-\fIname\fR
-to
-\fID\fR
-for it to be considered absolute. The default value is that defined using the ndots statement in
-\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
-\fBsearch\fR
-or
-\fBdomain\fR
-directive in
-\fI/etc/resolv.conf\fR.
-.RE
-.PP
-\fB+bufsize=B\fR
-.RS 4
-Set the UDP message buffer size advertised using EDNS0 to
-\fIB\fR
-bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent.
-.RE
-.PP
-\fB+edns=#\fR
-.RS 4
-Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
-\fB+noedns\fR
-clears the remembered EDNS version.
-.RE
-.PP
-\fB+[no]multiline\fR
-.RS 4
-Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
-\fBdig\fR
-output.
-.RE
-.PP
-\fB+[no]fail\fR
-.RS 4
-Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
-.RE
-.PP
-\fB+[no]besteffort\fR
-.RS 4
-Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
-.RE
-.PP
-\fB+[no]dnssec\fR
-.RS 4
-Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
-.RE
-.PP
-\fB+[no]sigchase\fR
-.RS 4
-Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
-.RE
-.PP
-\fB+trusted\-key=####\fR
-.RS 4
-Specifies a file containing trusted keys to be used with
-\fB+sigchase\fR. Each DNSKEY record must be on its own line.
-.sp
-If not specified,
-\fBdig\fR
-will look for
-\fI/etc/trusted\-key.key\fR
-then
-\fItrusted\-key.key\fR
-in the current directory.
-.sp
-Requires dig be compiled with \-DDIG_SIGCHASE.
-.RE
-.PP
-\fB+[no]topdown\fR
-.RS 4
-When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
-.RE
-.PP
-\fB+[no]nsid\fR
-.RS 4
-Include an EDNS name server ID request when sending a query.
-.RE
-.PP
-\fB+[no]keepopen\fR
-.RS 4
-Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup. The default is
-\fB+nokeepopen\fR.
-.RE
-.SH "MULTIPLE QUERIES"
-.PP
-The BIND 9 implementation of
-\fBdig \fR
-supports specifying multiple queries on the command line (in addition to supporting the
-\fB\-f\fR
-batch file option). Each of those queries can be supplied with its own set of flags, options and query options.
-.PP
-In this case, each
-\fIquery\fR
-argument represent an individual query in the command\-line syntax described above. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query.
-.PP
-A global set of query options, which should be applied to all queries, can also be supplied. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line. Any global query options (except the
-\fB+[no]cmd\fR
-option) can be overridden by a query\-specific set of query options. For example:
-.sp
-.RS 4
-.nf
-dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
-.fi
-.RE
-.sp
-shows how
-\fBdig\fR
-could be used from the command line to make three lookups: an ANY query for
-www.isc.org, a reverse lookup of 127.0.0.1 and a query for the NS records of
-isc.org. A global query option of
-\fI+qr\fR
-is applied, so that
-\fBdig\fR
-shows the initial query it made for each lookup. The final query has a local query option of
-\fI+noqr\fR
-which means that
-\fBdig\fR
-will not print the initial query when it looks up the NS records for
-isc.org.
-.SH "IDN SUPPORT"
-.PP
-If
-\fBdig\fR
-has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names.
-\fBdig\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the
-\fBIDN_DISABLE\fR
-environment variable. The IDN support is disabled if the variable is set when
-\fBdig\fR
-runs.
-.SH "FILES"
-.PP
-\fI/etc/resolv.conf\fR
-.PP
-\fI${HOME}/.digrc\fR
-.SH "SEE ALSO"
-.PP
-\fBhost\fR(1),
-\fBnamed\fR(8),
-\fBdnssec\-keygen\fR(8),
-RFC1035.
-.SH "BUGS"
-.PP
-There are probably too many query options.
-.SH "COPYRIGHT"
-Copyright \(co 2004\-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
-.br

bin/dig/dig.docbook

@@ -1,973 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-	       [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2004-2009, 2012, 2013  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003  Internet Software Consortium.
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id$ -->
-<refentry id="man.dig">
-
-  <refentryinfo>
-    <date>June 30, 2000</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>dig</refentrytitle>
-    <manvolnum>1</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname>dig</refname>
-    <refpurpose>DNS lookup utility</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2004</year>
-      <year>2005</year>
-      <year>2006</year>
-      <year>2007</year>
-      <year>2008</year>
-      <year>2009</year>
-      <year>2012</year>
-      <year>2013</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <year>2003</year>
-      <holder>Internet Software Consortium.</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dig</command>
-      <arg choice="opt">@server</arg>
-      <arg><option>-b <replaceable class="parameter">address</replaceable></option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
-      <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
-      <arg><option>-m</option></arg>
-      <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
-      <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
-      <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
-      <arg><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
-      <arg><option>-y <replaceable class="parameter"><optional>hmac:</optional>name:key</replaceable></option></arg>
-      <arg><option>-4</option></arg>
-      <arg><option>-6</option></arg>
-      <arg choice="opt">name</arg>
-      <arg choice="opt">type</arg>
-      <arg choice="opt">class</arg>
-      <arg choice="opt" rep="repeat">queryopt</arg>
-    </cmdsynopsis>
-
-    <cmdsynopsis>
-      <command>dig</command>
-      <arg><option>-h</option></arg>
-    </cmdsynopsis>
-
-    <cmdsynopsis>
-      <command>dig</command>
-      <arg choice="opt" rep="repeat">global-queryopt</arg>
-      <arg choice="opt" rep="repeat">query</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dig</command>
-      (domain information groper) is a flexible tool
-      for interrogating DNS name servers.  It performs DNS lookups and
-      displays the answers that are returned from the name server(s) that
-      were queried.  Most DNS administrators use <command>dig</command> to
-      troubleshoot DNS problems because of its flexibility, ease of use and
-      clarity of output.  Other lookup tools tend to have less functionality
-      than <command>dig</command>.
-    </para>
-
-    <para>
-      Although <command>dig</command> is normally used with
-      command-line
-      arguments, it also has a batch mode of operation for reading lookup
-      requests from a file.  A brief summary of its command-line arguments
-      and options is printed when the <option>-h</option> option is given.
-      Unlike earlier versions, the BIND 9 implementation of
-      <command>dig</command> allows multiple lookups to be issued
-      from the
-      command line.
-    </para>
-
-    <para>
-      Unless it is told to query a specific name server,
-      <command>dig</command> will try each of the servers listed in
-      <filename>/etc/resolv.conf</filename>. If no usable server addresses
-      are found, <command>dig</command> will send the query to the local
-      host.
-    </para>
-
-    <para>
-      When no command line arguments or options are given,
-      <command>dig</command> will perform an NS query for "." (the root).
-    </para>
-
-    <para>
-      It is possible to set per-user defaults for <command>dig</command> via
-      <filename>${HOME}/.digrc</filename>.  This file is read and
-      any options in it
-      are applied before the command line arguments.
-    </para>
-
-    <para>
-      The IN and CH class names overlap with the IN and CH top level
-      domains names.  Either use the <option>-t</option> and
-      <option>-c</option> options to specify the type and class, 
-      use the <option>-q</option> the specify the domain name, or
-      use "IN." and "CH." when looking up these top level domains.
-    </para>
-
-  </refsect1>
-
-  <refsect1>
-    <title>SIMPLE USAGE</title>
-
-    <para>
-      A typical invocation of <command>dig</command> looks like:
-      <programlisting> dig @server name type </programlisting>
-      where:
-
-      <variablelist>
-
-        <varlistentry>
-          <term><constant>server</constant></term>
-          <listitem>
-            <para>
-              is the name or IP address of the name server to query.  This
-              can be an IPv4 address in dotted-decimal notation or an IPv6
-              address in colon-delimited notation.  When the supplied
-              <parameter>server</parameter> argument is a hostname,
-              <command>dig</command> resolves that name before querying
-              that name server.
-            </para>
-            <para>
-              If no <parameter>server</parameter> argument is
-              provided, <command>dig</command> consults
-              <filename>/etc/resolv.conf</filename>; if an
-              address is found there, it queries the name server at
-              that address. If either of the <option>-4</option> or
-              <option>-6</option> options are in use, then
-              only addresses for the corresponding transport
-              will be tried.  If no usable addresses are found,
-              <command>dig</command> will send the query to the
-              local host.  The reply from the name server that
-              responds is displayed.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><constant>name</constant></term>
-          <listitem>
-            <para>
-              is the name of the resource record that is to be looked up.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><constant>type</constant></term>
-          <listitem>
-            <para>
-              indicates what type of query is required &mdash;
-              ANY, A, MX, SIG, etc.
-              <parameter>type</parameter> can be any valid query
-              type.  If no
-              <parameter>type</parameter> argument is supplied,
-              <command>dig</command> will perform a lookup for an
-              A record.
-            </para>
-          </listitem>
-        </varlistentry>
-
-      </variablelist>
-    </para>
-
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <para>
-      The <option>-b</option> option sets the source IP address of the query
-      to <parameter>address</parameter>.  This must be a valid
-      address on
-      one of the host's network interfaces or "0.0.0.0" or "::".  An optional
-      port
-      may be specified by appending "#&lt;port&gt;"
-    </para>
-
-    <para>
-      The default query class (IN for internet) is overridden by the
-      <option>-c</option> option.  <parameter>class</parameter> is
-      any valid
-      class, such as HS for Hesiod records or CH for Chaosnet records.
-    </para>
-
-    <para>
-      The <option>-f</option> option makes <command>dig </command>
-      operate
-      in batch mode by reading a list of lookup requests to process from the
-      file <parameter>filename</parameter>.  The file contains a
-      number of
-      queries, one per line.  Each entry in the file should be organized in
-      the same way they would be presented as queries to
-      <command>dig</command> using the command-line interface.
-    </para>
-
-    <para>
-      The <option>-m</option> option enables memory usage debugging.
-      <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
-           documented in include/isc/mem.h -->
-    </para>
-
-    <para>
-      If a non-standard port number is to be queried, the
-      <option>-p</option> option is used.  <parameter>port#</parameter> is
-      the port number that <command>dig</command> will send its
-      queries
-      instead of the standard DNS port number 53.  This option would be used
-      to test a name server that has been configured to listen for queries
-      on a non-standard port number.
-    </para>
-
-    <para>
-      The <option>-4</option> option forces <command>dig</command>
-      to only
-      use IPv4 query transport.  The <option>-6</option> option forces
-      <command>dig</command> to only use IPv6 query transport.
-    </para>
-
-    <para>
-      The <option>-t</option> option sets the query type to
-      <parameter>type</parameter>.  It can be any valid query type
-      which is
-      supported in BIND 9.  The default query type is "A", unless the
-      <option>-x</option> option is supplied to indicate a reverse lookup.
-      A zone transfer can be requested by specifying a type of AXFR.  When
-      an incremental zone transfer (IXFR) is required,
-      <parameter>type</parameter> is set to <literal>ixfr=N</literal>.
-      The incremental zone transfer will contain the changes made to the zone
-      since the serial number in the zone's SOA record was
-      <parameter>N</parameter>.
-    </para>
-
-    <para>
-      The <option>-q</option> option sets the query name to 
-      <parameter>name</parameter>.  This useful do distinguish the
-      <parameter>name</parameter> from other arguments.
-    </para>
-
-    <para>
-      Reverse lookups &mdash; mapping addresses to names &mdash; are simplified by the
-      <option>-x</option> option.  <parameter>addr</parameter> is
-      an IPv4
-      address in dotted-decimal notation, or a colon-delimited IPv6 address.
-      When this option is used, there is no need to provide the
-      <parameter>name</parameter>, <parameter>class</parameter> and
-      <parameter>type</parameter> arguments.  <command>dig</command>
-      automatically performs a lookup for a name like
-      <literal>11.12.13.10.in-addr.arpa</literal> and sets the
-      query type and
-      class to PTR and IN respectively.  By default, IPv6 addresses are
-      looked up using nibble format under the IP6.ARPA domain.
-      To use the older RFC1886 method using the IP6.INT domain
-      specify the <option>-i</option> option.  Bit string labels (RFC2874)
-      are now experimental and are not attempted.
-    </para>
-
-    <para>
-      To sign the DNS queries sent by <command>dig</command> and
-      their
-      responses using transaction signatures (TSIG), specify a TSIG key file
-      using the <option>-k</option> option.  You can also specify the TSIG
-      key itself on the command line using the <option>-y</option> option;
-      <parameter>hmac</parameter> is the type of the TSIG, default HMAC-MD5,
-      <parameter>name</parameter> is the name of the TSIG key and
-      <parameter>key</parameter> is the actual key.  The key is a
-      base-64
-      encoded string, typically generated by
-      <citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>.
-
-      Caution should be taken when using the <option>-y</option> option on
-      multi-user systems as the key can be visible in the output from
-      <citerefentry>
-        <refentrytitle>ps</refentrytitle><manvolnum>1</manvolnum>
-      </citerefentry>
-      or in the shell's history file.  When
-      using TSIG authentication with <command>dig</command>, the name
-      server that is queried needs to know the key and algorithm that is
-      being used.  In BIND, this is done by providing appropriate
-      <command>key</command> and <command>server</command> statements in
-      <filename>named.conf</filename>.
-    </para>
-
-  </refsect1>
-
-  <refsect1>
-    <title>QUERY OPTIONS</title>
-
-    <para><command>dig</command>
-      provides a number of query options which affect
-      the way in which lookups are made and the results displayed.  Some of
-      these set or reset flag bits in the query header, some determine which
-      sections of the answer get printed, and others determine the timeout
-      and retry strategies.
-    </para>
-
-    <para>
-      Each query option is identified by a keyword preceded by a plus sign
-      (<literal>+</literal>).  Some keywords set or reset an
-      option.  These may be preceded
-      by the string <literal>no</literal> to negate the meaning of
-      that keyword.  Other
-      keywords assign values to options like the timeout interval.  They
-      have the form <option>+keyword=value</option>.
-      The query options are:
-
-      <variablelist>
-
-        <varlistentry>
-          <term><option>+[no]tcp</option></term>
-          <listitem>
-            <para>
-              Use [do not use] TCP when querying name servers.  The default
-              behavior is to use UDP unless an AXFR or IXFR query is
-              requested, in
-              which case a TCP connection is used.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]vc</option></term>
-          <listitem>
-            <para>
-              Use [do not use] TCP when querying name servers.  This alternate
-              syntax to <parameter>+[no]tcp</parameter> is
-              provided for backwards
-              compatibility.  The "vc" stands for "virtual circuit".
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]ignore</option></term>
-          <listitem>
-            <para>
-              Ignore truncation in UDP responses instead of retrying with TCP.
-               By
-              default, TCP retries are performed.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+domain=somename</option></term>
-          <listitem>
-            <para>
-              Set the search list to contain the single domain
-              <parameter>somename</parameter>, as if specified in
-              a
-              <command>domain</command> directive in
-              <filename>/etc/resolv.conf</filename>, and enable
-              search list
-              processing as if the <parameter>+search</parameter>
-              option were given.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]search</option></term>
-          <listitem>
-            <para>
-              Use [do not use] the search list defined by the searchlist or
-              domain
-              directive in <filename>resolv.conf</filename> (if
-              any).
-              The search list is not used by default.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]showsearch</option></term>
-          <listitem>
-            <para>
-              Perform [do not perform] a search showing intermediate
-	      results.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]defname</option></term>
-          <listitem>
-            <para>
-              Deprecated, treated as a synonym for <parameter>+[no]search</parameter>
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]aaonly</option></term>
-          <listitem>
-            <para>
-              Sets the "aa" flag in the query.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]aaflag</option></term>
-          <listitem>
-            <para>
-              A synonym for <parameter>+[no]aaonly</parameter>.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]adflag</option></term>
-	  <listitem>
-	    <para>
-	      Set [do not set] the AD (authentic data) bit in the
-	      query.  This requests the server to return whether
-	      all of the answer and authority sections have all
-	      been validated as secure according to the security
-	      policy of the server.  AD=1 indicates that all records
-	      have been validated as secure and the answer is not
-	      from a OPT-OUT range.  AD=0 indicate that some part
-	      of the answer was insecure or not validated.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]cdflag</option></term>
-          <listitem>
-            <para>
-              Set [do not set] the CD (checking disabled) bit in the query.
-              This
-              requests the server to not perform DNSSEC validation of
-              responses.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]cl</option></term>
-          <listitem>
-            <para>
-              Display [do not display] the CLASS when printing the record.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]ttlid</option></term>
-          <listitem>
-            <para>
-              Display [do not display] the TTL when printing the record.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]recurse</option></term>
-          <listitem>
-            <para>
-              Toggle the setting of the RD (recursion desired) bit in the
-              query.
-              This bit is set by default, which means <command>dig</command>
-              normally sends recursive queries.  Recursion is automatically
-              disabled
-              when the <parameter>+nssearch</parameter> or
-              <parameter>+trace</parameter> query options are
-              used.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]nssearch</option></term>
-          <listitem>
-            <para>
-              When this option is set, <command>dig</command>
-              attempts to find the
-              authoritative name servers for the zone containing the name
-              being
-              looked up and display the SOA record that each name server has
-              for the
-              zone.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]trace</option></term>
-          <listitem>
-            <para>
-              Toggle tracing of the delegation path from the root name servers
-              for
-              the name being looked up.  Tracing is disabled by default.  When
-              tracing is enabled, <command>dig</command> makes
-              iterative queries to
-              resolve the name being looked up.  It will follow referrals from
-              the
-              root servers, showing the answer from each server that was used
-              to
-              resolve the lookup.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]cmd</option></term>
-          <listitem>
-            <para>
-              Toggles the printing of the initial comment in the output
-              identifying
-              the version of <command>dig</command> and the query
-              options that have
-              been applied.  This comment is printed by default.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]short</option></term>
-          <listitem>
-            <para>
-              Provide a terse answer.  The default is to print the answer in a
-              verbose form.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]identify</option></term>
-          <listitem>
-            <para>
-              Show [or do not show] the IP address and port number that
-              supplied the
-              answer when the <parameter>+short</parameter> option
-              is enabled.  If
-              short form answers are requested, the default is not to show the
-              source address and port number of the server that provided the
-              answer.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]comments</option></term>
-          <listitem>
-            <para>
-              Toggle the display of comment lines in the output.  The default
-              is to
-              print comments.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]stats</option></term>
-          <listitem>
-            <para>
-              This query option toggles the printing of statistics: when the
-              query
-              was made, the size of the reply and so on.  The default
-              behavior is
-              to print the query statistics.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]qr</option></term>
-          <listitem>
-            <para>
-              Print [do not print] the query as it is sent.
-              By default, the query is not printed.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]question</option></term>
-          <listitem>
-            <para>
-              Print [do not print] the question section of a query when an
-              answer is
-              returned.  The default is to print the question section as a
-              comment.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]answer</option></term>
-          <listitem>
-            <para>
-              Display [do not display] the answer section of a reply.  The
-              default
-              is to display it.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]authority</option></term>
-          <listitem>
-            <para>
-              Display [do not display] the authority section of a reply.  The
-              default is to display it.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]additional</option></term>
-          <listitem>
-            <para>
-              Display [do not display] the additional section of a reply.
-              The default is to display it.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]all</option></term>
-          <listitem>
-            <para>
-              Set or clear all display flags.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+time=T</option></term>
-          <listitem>
-            <para>
-
-              Sets the timeout for a query to
-              <parameter>T</parameter> seconds.  The default
-	      timeout is 5 seconds.
-              An attempt to set <parameter>T</parameter> to less
-              than 1 will result
-              in a query timeout of 1 second being applied.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+tries=T</option></term>
-          <listitem>
-            <para>
-              Sets the number of times to try UDP queries to server to
-              <parameter>T</parameter> instead of the default, 3.
-              If
-              <parameter>T</parameter> is less than or equal to
-              zero, the number of
-              tries is silently rounded up to 1.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+retry=T</option></term>
-          <listitem>
-            <para>
-              Sets the number of times to retry UDP queries to server to
-              <parameter>T</parameter> instead of the default, 2.
-              Unlike
-              <parameter>+tries</parameter>, this does not include
-              the initial
-              query.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+ndots=D</option></term>
-          <listitem>
-            <para>
-              Set the number of dots that have to appear in
-              <parameter>name</parameter> to <parameter>D</parameter> for it to be
-              considered absolute.  The default value is that defined using
-              the
-              ndots statement in <filename>/etc/resolv.conf</filename>, or 1 if no
-              ndots statement is present.  Names with fewer dots are
-              interpreted as
-              relative names and will be searched for in the domains listed in
-              the
-              <option>search</option> or <option>domain</option> directive in
-              <filename>/etc/resolv.conf</filename>.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+bufsize=B</option></term>
-          <listitem>
-            <para>
-              Set the UDP message buffer size advertised using EDNS0 to
-              <parameter>B</parameter> bytes.  The maximum and minimum sizes
-	      of this buffer are 65535 and 0 respectively.  Values outside
-	      this range are rounded up or down appropriately.  
-	      Values other than zero will cause a EDNS query to be sent.
-            </para>
-          </listitem>
-        </varlistentry>
-
-	<varlistentry>
-	  <term><option>+edns=#</option></term>
-	  <listitem>
-	    <para>
-	       Specify the EDNS version to query with.  Valid values
-	       are 0 to 255.  Setting the EDNS version will cause a
-	       EDNS query to be sent.  <option>+noedns</option> clears the
-	       remembered EDNS version.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]multiline</option></term>
-          <listitem>
-            <para>
-              Print records like the SOA records in a verbose multi-line
-              format with human-readable comments.  The default is to print
-              each record on a single line, to facilitate machine parsing
-              of the <command>dig</command> output.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]fail</option></term>
-          <listitem>
-            <para>
-              Do not try the next server if you receive a SERVFAIL.  The
-              default is
-              to not try the next server which is the reverse of normal stub
-              resolver
-              behavior.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]besteffort</option></term>
-          <listitem>
-            <para>
-              Attempt to display the contents of messages which are malformed.
-              The default is to not display malformed answers.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]dnssec</option></term>
-          <listitem>
-            <para>
-              Requests DNSSEC records be sent by setting the DNSSEC OK bit
-              (DO)
-              in the OPT record in the additional section of the query.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]sigchase</option></term>
-          <listitem>
-            <para>
-              Chase DNSSEC signature chains.  Requires dig be compiled with
-              -DDIG_SIGCHASE.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+trusted-key=####</option></term>
-          <listitem>
-            <para>
-              Specifies a file containing trusted keys to be used with
-	      <option>+sigchase</option>.  Each DNSKEY record must be
-	      on its own line.
-            </para>
-	    <para>
-	      If not specified, <command>dig</command> will look for
-	      <filename>/etc/trusted-key.key</filename> then
-	      <filename>trusted-key.key</filename> in the current directory.
-	    </para>
-	    <para>
-              Requires dig be compiled with -DDIG_SIGCHASE.
-	    </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]topdown</option></term>
-          <listitem>
-            <para>
-              When chasing DNSSEC signature chains perform a top-down
-              validation.
-              Requires dig be compiled with -DDIG_SIGCHASE.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]nsid</option></term>
-          <listitem>
-            <para>
-              Include an EDNS name server ID request when sending a query.
-            </para>
-          </listitem>
-        </varlistentry>
-
-        <varlistentry>
-          <term><option>+[no]keepopen</option></term>
-          <listitem>
-            <para>
-              Keep the TCP socket open between queries and reuse it rather
-	      than creating a new TCP socket for each lookup.  The default
-	      is <option>+nokeepopen</option>.
-            </para>
-          </listitem>
-        </varlistentry>
-
-      </variablelist>
-
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>MULTIPLE QUERIES</title>
-
-    <para>
-      The BIND 9 implementation of <command>dig </command>
-      supports
-      specifying multiple queries on the command line (in addition to
-      supporting the <option>-f</option> batch file option).  Each of those
-      queries can be supplied with its own set of flags, options and query
-      options.
-    </para>
-
-    <para>
-      In this case, each <parameter>query</parameter> argument
-      represent an
-      individual query in the command-line syntax described above.  Each
-      consists of any of the standard options and flags, the name to be
-      looked up, an optional query type and class and any query options that
-      should be applied to that query.
-    </para>
-
-    <para>
-      A global set of query options, which should be applied to all queries,
-      can also be supplied.  These global query options must precede the
-      first tuple of name, class, type, options, flags, and query options
-      supplied on the command line.  Any global query options (except
-      the <option>+[no]cmd</option> option) can be
-      overridden by a query-specific set of query options.  For example:
-      <programlisting>
-dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-</programlisting>
-      shows how <command>dig</command> could be used from the
-      command line
-      to make three lookups: an ANY query for <literal>www.isc.org</literal>, a
-      reverse lookup of 127.0.0.1 and a query for the NS records of
-      <literal>isc.org</literal>.
-
-      A global query option of <parameter>+qr</parameter> is
-      applied, so
-      that <command>dig</command> shows the initial query it made
-      for each
-      lookup.  The final query has a local query option of
-      <parameter>+noqr</parameter> which means that <command>dig</command>
-      will not print the initial query when it looks up the NS records for
-      <literal>isc.org</literal>.
-    </para>
-
-  </refsect1>
-
-  <refsect1>
-    <title>IDN SUPPORT</title>
-    <para>
-      If <command>dig</command> has been built with IDN (internationalized
-      domain name) support, it can accept and display non-ASCII domain names.
-      <command>dig</command> appropriately converts character encoding of
-      domain name before sending a request to DNS server or displaying a
-      reply from the server.
-      If you'd like to turn off the IDN support for some reason, defines
-      the <envar>IDN_DISABLE</envar> environment variable.
-      The IDN support is disabled if the variable is set when 
-      <command>dig</command> runs.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>FILES</title>
-    <para><filename>/etc/resolv.conf</filename>
-    </para>
-    <para><filename>${HOME}/.digrc</filename>
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>RFC1035</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>BUGS</title>
-    <para>
-      There are probably too many query options.
-    </para>
-  </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dig/dig.html

@@ -1,653 +0,0 @@
-<!--
- - Copyright (C) 2004-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003 Internet Software Consortium.
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id$ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dig</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dig"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p>dig &#8212; DNS lookup utility</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dig</code>  [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
-<div class="cmdsynopsis"><p><code class="command">dig</code>  [<code class="option">-h</code>]</p></div>
-<div class="cmdsynopsis"><p><code class="command">dig</code>  [global-queryopt...] [query...]</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543525"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dig</strong></span>
-      (domain information groper) is a flexible tool
-      for interrogating DNS name servers.  It performs DNS lookups and
-      displays the answers that are returned from the name server(s) that
-      were queried.  Most DNS administrators use <span><strong class="command">dig</strong></span> to
-      troubleshoot DNS problems because of its flexibility, ease of use and
-      clarity of output.  Other lookup tools tend to have less functionality
-      than <span><strong class="command">dig</strong></span>.
-    </p>
-<p>
-      Although <span><strong class="command">dig</strong></span> is normally used with
-      command-line
-      arguments, it also has a batch mode of operation for reading lookup
-      requests from a file.  A brief summary of its command-line arguments
-      and options is printed when the <code class="option">-h</code> option is given.
-      Unlike earlier versions, the BIND 9 implementation of
-      <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
-      from the
-      command line.
-    </p>
-<p>
-      Unless it is told to query a specific name server,
-      <span><strong class="command">dig</strong></span> will try each of the servers listed in
-      <code class="filename">/etc/resolv.conf</code>. If no usable server addresses
-      are found, <span><strong class="command">dig</strong></span> will send the query to the local
-      host.
-    </p>
-<p>
-      When no command line arguments or options are given,
-      <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
-    </p>
-<p>
-      It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
-      <code class="filename">${HOME}/.digrc</code>.  This file is read and
-      any options in it
-      are applied before the command line arguments.
-    </p>
-<p>
-      The IN and CH class names overlap with the IN and CH top level
-      domains names.  Either use the <code class="option">-t</code> and
-      <code class="option">-c</code> options to specify the type and class, 
-      use the <code class="option">-q</code> the specify the domain name, or
-      use "IN." and "CH." when looking up these top level domains.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543604"></a><h2>SIMPLE USAGE</h2>
-<p>
-      A typical invocation of <span><strong class="command">dig</strong></span> looks like:
-      </p>
-<pre class="programlisting"> dig @server name type </pre>
-<p>
-      where:
-
-      </p>
-<div class="variablelist"><dl>
-<dt><span class="term"><code class="constant">server</code></span></dt>
-<dd>
-<p>
-              is the name or IP address of the name server to query.  This
-              can be an IPv4 address in dotted-decimal notation or an IPv6
-              address in colon-delimited notation.  When the supplied
-              <em class="parameter"><code>server</code></em> argument is a hostname,
-              <span><strong class="command">dig</strong></span> resolves that name before querying
-              that name server.
-            </p>
-<p>
-              If no <em class="parameter"><code>server</code></em> argument is
-              provided, <span><strong class="command">dig</strong></span> consults
-              <code class="filename">/etc/resolv.conf</code>; if an
-              address is found there, it queries the name server at
-              that address. If either of the <code class="option">-4</code> or
-              <code class="option">-6</code> options are in use, then
-              only addresses for the corresponding transport
-              will be tried.  If no usable addresses are found,
-              <span><strong class="command">dig</strong></span> will send the query to the
-              local host.  The reply from the name server that
-              responds is displayed.
-            </p>
-</dd>
-<dt><span class="term"><code class="constant">name</code></span></dt>
-<dd><p>
-              is the name of the resource record that is to be looked up.
-            </p></dd>
-<dt><span class="term"><code class="constant">type</code></span></dt>
-<dd><p>
-              indicates what type of query is required &#8212;
-              ANY, A, MX, SIG, etc.
-              <em class="parameter"><code>type</code></em> can be any valid query
-              type.  If no
-              <em class="parameter"><code>type</code></em> argument is supplied,
-              <span><strong class="command">dig</strong></span> will perform a lookup for an
-              A record.
-            </p></dd>
-</dl></div>
-<p>
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543707"></a><h2>OPTIONS</h2>
-<p>
-      The <code class="option">-b</code> option sets the source IP address of the query
-      to <em class="parameter"><code>address</code></em>.  This must be a valid
-      address on
-      one of the host's network interfaces or "0.0.0.0" or "::".  An optional
-      port
-      may be specified by appending "#&lt;port&gt;"
-    </p>
-<p>
-      The default query class (IN for internet) is overridden by the
-      <code class="option">-c</code> option.  <em class="parameter"><code>class</code></em> is
-      any valid
-      class, such as HS for Hesiod records or CH for Chaosnet records.
-    </p>
-<p>
-      The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span>
-      operate
-      in batch mode by reading a list of lookup requests to process from the
-      file <em class="parameter"><code>filename</code></em>.  The file contains a
-      number of
-      queries, one per line.  Each entry in the file should be organized in
-      the same way they would be presented as queries to
-      <span><strong class="command">dig</strong></span> using the command-line interface.
-    </p>
-<p>
-      The <code class="option">-m</code> option enables memory usage debugging.
-      
-    </p>
-<p>
-      If a non-standard port number is to be queried, the
-      <code class="option">-p</code> option is used.  <em class="parameter"><code>port#</code></em> is
-      the port number that <span><strong class="command">dig</strong></span> will send its
-      queries
-      instead of the standard DNS port number 53.  This option would be used
-      to test a name server that has been configured to listen for queries
-      on a non-standard port number.
-    </p>
-<p>
-      The <code class="option">-4</code> option forces <span><strong class="command">dig</strong></span>
-      to only
-      use IPv4 query transport.  The <code class="option">-6</code> option forces
-      <span><strong class="command">dig</strong></span> to only use IPv6 query transport.
-    </p>
-<p>
-      The <code class="option">-t</code> option sets the query type to
-      <em class="parameter"><code>type</code></em>.  It can be any valid query type
-      which is
-      supported in BIND 9.  The default query type is "A", unless the
-      <code class="option">-x</code> option is supplied to indicate a reverse lookup.
-      A zone transfer can be requested by specifying a type of AXFR.  When
-      an incremental zone transfer (IXFR) is required,
-      <em class="parameter"><code>type</code></em> is set to <code class="literal">ixfr=N</code>.
-      The incremental zone transfer will contain the changes made to the zone
-      since the serial number in the zone's SOA record was
-      <em class="parameter"><code>N</code></em>.
-    </p>
-<p>
-      The <code class="option">-q</code> option sets the query name to 
-      <em class="parameter"><code>name</code></em>.  This useful do distinguish the
-      <em class="parameter"><code>name</code></em> from other arguments.
-    </p>
-<p>
-      Reverse lookups &#8212; mapping addresses to names &#8212; are simplified by the
-      <code class="option">-x</code> option.  <em class="parameter"><code>addr</code></em> is
-      an IPv4
-      address in dotted-decimal notation, or a colon-delimited IPv6 address.
-      When this option is used, there is no need to provide the
-      <em class="parameter"><code>name</code></em>, <em class="parameter"><code>class</code></em> and
-      <em class="parameter"><code>type</code></em> arguments.  <span><strong class="command">dig</strong></span>
-      automatically performs a lookup for a name like
-      <code class="literal">11.12.13.10.in-addr.arpa</code> and sets the
-      query type and
-      class to PTR and IN respectively.  By default, IPv6 addresses are
-      looked up using nibble format under the IP6.ARPA domain.
-      To use the older RFC1886 method using the IP6.INT domain
-      specify the <code class="option">-i</code> option.  Bit string labels (RFC2874)
-      are now experimental and are not attempted.
-    </p>
-<p>
-      To sign the DNS queries sent by <span><strong class="command">dig</strong></span> and
-      their
-      responses using transaction signatures (TSIG), specify a TSIG key file
-      using the <code class="option">-k</code> option.  You can also specify the TSIG
-      key itself on the command line using the <code class="option">-y</code> option;
-      <em class="parameter"><code>hmac</code></em> is the type of the TSIG, default HMAC-MD5,
-      <em class="parameter"><code>name</code></em> is the name of the TSIG key and
-      <em class="parameter"><code>key</code></em> is the actual key.  The key is a
-      base-64
-      encoded string, typically generated by
-      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>.
-
-      Caution should be taken when using the <code class="option">-y</code> option on
-      multi-user systems as the key can be visible in the output from
-      <span class="citerefentry"><span class="refentrytitle">ps</span>(1)</span>
-      or in the shell's history file.  When
-      using TSIG authentication with <span><strong class="command">dig</strong></span>, the name
-      server that is queried needs to know the key and algorithm that is
-      being used.  In BIND, this is done by providing appropriate
-      <span><strong class="command">key</strong></span> and <span><strong class="command">server</strong></span> statements in
-      <code class="filename">named.conf</code>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544056"></a><h2>QUERY OPTIONS</h2>
-<p><span><strong class="command">dig</strong></span>
-      provides a number of query options which affect
-      the way in which lookups are made and the results displayed.  Some of
-      these set or reset flag bits in the query header, some determine which
-      sections of the answer get printed, and others determine the timeout
-      and retry strategies.
-    </p>
-<p>
-      Each query option is identified by a keyword preceded by a plus sign
-      (<code class="literal">+</code>).  Some keywords set or reset an
-      option.  These may be preceded
-      by the string <code class="literal">no</code> to negate the meaning of
-      that keyword.  Other
-      keywords assign values to options like the timeout interval.  They
-      have the form <code class="option">+keyword=value</code>.
-      The query options are:
-
-      </p>
-<div class="variablelist"><dl>
-<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
-<dd><p>
-              Use [do not use] TCP when querying name servers.  The default
-              behavior is to use UDP unless an AXFR or IXFR query is
-              requested, in
-              which case a TCP connection is used.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]vc</code></span></dt>
-<dd><p>
-              Use [do not use] TCP when querying name servers.  This alternate
-              syntax to <em class="parameter"><code>+[no]tcp</code></em> is
-              provided for backwards
-              compatibility.  The "vc" stands for "virtual circuit".
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
-<dd><p>
-              Ignore truncation in UDP responses instead of retrying with TCP.
-               By
-              default, TCP retries are performed.
-            </p></dd>
-<dt><span class="term"><code class="option">+domain=somename</code></span></dt>
-<dd><p>
-              Set the search list to contain the single domain
-              <em class="parameter"><code>somename</code></em>, as if specified in
-              a
-              <span><strong class="command">domain</strong></span> directive in
-              <code class="filename">/etc/resolv.conf</code>, and enable
-              search list
-              processing as if the <em class="parameter"><code>+search</code></em>
-              option were given.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]search</code></span></dt>
-<dd><p>
-              Use [do not use] the search list defined by the searchlist or
-              domain
-              directive in <code class="filename">resolv.conf</code> (if
-              any).
-              The search list is not used by default.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]showsearch</code></span></dt>
-<dd><p>
-              Perform [do not perform] a search showing intermediate
-	      results.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]defname</code></span></dt>
-<dd><p>
-              Deprecated, treated as a synonym for <em class="parameter"><code>+[no]search</code></em>
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]aaonly</code></span></dt>
-<dd><p>
-              Sets the "aa" flag in the query.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]aaflag</code></span></dt>
-<dd><p>
-              A synonym for <em class="parameter"><code>+[no]aaonly</code></em>.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
-<dd><p>
-	      Set [do not set] the AD (authentic data) bit in the
-	      query.  This requests the server to return whether
-	      all of the answer and authority sections have all
-	      been validated as secure according to the security
-	      policy of the server.  AD=1 indicates that all records
-	      have been validated as secure and the answer is not
-	      from a OPT-OUT range.  AD=0 indicate that some part
-	      of the answer was insecure or not validated.
-	    </p></dd>
-<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
-<dd><p>
-              Set [do not set] the CD (checking disabled) bit in the query.
-              This
-              requests the server to not perform DNSSEC validation of
-              responses.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]cl</code></span></dt>
-<dd><p>
-              Display [do not display] the CLASS when printing the record.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]ttlid</code></span></dt>
-<dd><p>
-              Display [do not display] the TTL when printing the record.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
-<dd><p>
-              Toggle the setting of the RD (recursion desired) bit in the
-              query.
-              This bit is set by default, which means <span><strong class="command">dig</strong></span>
-              normally sends recursive queries.  Recursion is automatically
-              disabled
-              when the <em class="parameter"><code>+nssearch</code></em> or
-              <em class="parameter"><code>+trace</code></em> query options are
-              used.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
-<dd><p>
-              When this option is set, <span><strong class="command">dig</strong></span>
-              attempts to find the
-              authoritative name servers for the zone containing the name
-              being
-              looked up and display the SOA record that each name server has
-              for the
-              zone.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]trace</code></span></dt>
-<dd><p>
-              Toggle tracing of the delegation path from the root name servers
-              for
-              the name being looked up.  Tracing is disabled by default.  When
-              tracing is enabled, <span><strong class="command">dig</strong></span> makes
-              iterative queries to
-              resolve the name being looked up.  It will follow referrals from
-              the
-              root servers, showing the answer from each server that was used
-              to
-              resolve the lookup.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
-<dd><p>
-              Toggles the printing of the initial comment in the output
-              identifying
-              the version of <span><strong class="command">dig</strong></span> and the query
-              options that have
-              been applied.  This comment is printed by default.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]short</code></span></dt>
-<dd><p>
-              Provide a terse answer.  The default is to print the answer in a
-              verbose form.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]identify</code></span></dt>
-<dd><p>
-              Show [or do not show] the IP address and port number that
-              supplied the
-              answer when the <em class="parameter"><code>+short</code></em> option
-              is enabled.  If
-              short form answers are requested, the default is not to show the
-              source address and port number of the server that provided the
-              answer.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
-<dd><p>
-              Toggle the display of comment lines in the output.  The default
-              is to
-              print comments.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]stats</code></span></dt>
-<dd><p>
-              This query option toggles the printing of statistics: when the
-              query
-              was made, the size of the reply and so on.  The default
-              behavior is
-              to print the query statistics.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]qr</code></span></dt>
-<dd><p>
-              Print [do not print] the query as it is sent.
-              By default, the query is not printed.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]question</code></span></dt>
-<dd><p>
-              Print [do not print] the question section of a query when an
-              answer is
-              returned.  The default is to print the question section as a
-              comment.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]answer</code></span></dt>
-<dd><p>
-              Display [do not display] the answer section of a reply.  The
-              default
-              is to display it.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]authority</code></span></dt>
-<dd><p>
-              Display [do not display] the authority section of a reply.  The
-              default is to display it.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]additional</code></span></dt>
-<dd><p>
-              Display [do not display] the additional section of a reply.
-              The default is to display it.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]all</code></span></dt>
-<dd><p>
-              Set or clear all display flags.
-            </p></dd>
-<dt><span class="term"><code class="option">+time=T</code></span></dt>
-<dd><p>
-
-              Sets the timeout for a query to
-              <em class="parameter"><code>T</code></em> seconds.  The default
-	      timeout is 5 seconds.
-              An attempt to set <em class="parameter"><code>T</code></em> to less
-              than 1 will result
-              in a query timeout of 1 second being applied.
-            </p></dd>
-<dt><span class="term"><code class="option">+tries=T</code></span></dt>
-<dd><p>
-              Sets the number of times to try UDP queries to server to
-              <em class="parameter"><code>T</code></em> instead of the default, 3.
-              If
-              <em class="parameter"><code>T</code></em> is less than or equal to
-              zero, the number of
-              tries is silently rounded up to 1.
-            </p></dd>
-<dt><span class="term"><code class="option">+retry=T</code></span></dt>
-<dd><p>
-              Sets the number of times to retry UDP queries to server to
-              <em class="parameter"><code>T</code></em> instead of the default, 2.
-              Unlike
-              <em class="parameter"><code>+tries</code></em>, this does not include
-              the initial
-              query.
-            </p></dd>
-<dt><span class="term"><code class="option">+ndots=D</code></span></dt>
-<dd><p>
-              Set the number of dots that have to appear in
-              <em class="parameter"><code>name</code></em> to <em class="parameter"><code>D</code></em> for it to be
-              considered absolute.  The default value is that defined using
-              the
-              ndots statement in <code class="filename">/etc/resolv.conf</code>, or 1 if no
-              ndots statement is present.  Names with fewer dots are
-              interpreted as
-              relative names and will be searched for in the domains listed in
-              the
-              <code class="option">search</code> or <code class="option">domain</code> directive in
-              <code class="filename">/etc/resolv.conf</code>.
-            </p></dd>
-<dt><span class="term"><code class="option">+bufsize=B</code></span></dt>
-<dd><p>
-              Set the UDP message buffer size advertised using EDNS0 to
-              <em class="parameter"><code>B</code></em> bytes.  The maximum and minimum sizes
-	      of this buffer are 65535 and 0 respectively.  Values outside
-	      this range are rounded up or down appropriately.  
-	      Values other than zero will cause a EDNS query to be sent.
-            </p></dd>
-<dt><span class="term"><code class="option">+edns=#</code></span></dt>
-<dd><p>
-	       Specify the EDNS version to query with.  Valid values
-	       are 0 to 255.  Setting the EDNS version will cause a
-	       EDNS query to be sent.  <code class="option">+noedns</code> clears the
-	       remembered EDNS version.
-	    </p></dd>
-<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
-<dd><p>
-              Print records like the SOA records in a verbose multi-line
-              format with human-readable comments.  The default is to print
-              each record on a single line, to facilitate machine parsing
-              of the <span><strong class="command">dig</strong></span> output.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]fail</code></span></dt>
-<dd><p>
-              Do not try the next server if you receive a SERVFAIL.  The
-              default is
-              to not try the next server which is the reverse of normal stub
-              resolver
-              behavior.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
-<dd><p>
-              Attempt to display the contents of messages which are malformed.
-              The default is to not display malformed answers.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
-<dd><p>
-              Requests DNSSEC records be sent by setting the DNSSEC OK bit
-              (DO)
-              in the OPT record in the additional section of the query.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]sigchase</code></span></dt>
-<dd><p>
-              Chase DNSSEC signature chains.  Requires dig be compiled with
-              -DDIG_SIGCHASE.
-            </p></dd>
-<dt><span class="term"><code class="option">+trusted-key=####</code></span></dt>
-<dd>
-<p>
-              Specifies a file containing trusted keys to be used with
-	      <code class="option">+sigchase</code>.  Each DNSKEY record must be
-	      on its own line.
-            </p>
-<p>
-	      If not specified, <span><strong class="command">dig</strong></span> will look for
-	      <code class="filename">/etc/trusted-key.key</code> then
-	      <code class="filename">trusted-key.key</code> in the current directory.
-	    </p>
-<p>
-              Requires dig be compiled with -DDIG_SIGCHASE.
-	    </p>
-</dd>
-<dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
-<dd><p>
-              When chasing DNSSEC signature chains perform a top-down
-              validation.
-              Requires dig be compiled with -DDIG_SIGCHASE.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
-<dd><p>
-              Include an EDNS name server ID request when sending a query.
-            </p></dd>
-<dt><span class="term"><code class="option">+[no]keepopen</code></span></dt>
-<dd><p>
-              Keep the TCP socket open between queries and reuse it rather
-	      than creating a new TCP socket for each lookup.  The default
-	      is <code class="option">+nokeepopen</code>.
-            </p></dd>
-</dl></div>
-<p>
-
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2545208"></a><h2>MULTIPLE QUERIES</h2>
-<p>
-      The BIND 9 implementation of <span><strong class="command">dig </strong></span>
-      supports
-      specifying multiple queries on the command line (in addition to
-      supporting the <code class="option">-f</code> batch file option).  Each of those
-      queries can be supplied with its own set of flags, options and query
-      options.
-    </p>
-<p>
-      In this case, each <em class="parameter"><code>query</code></em> argument
-      represent an
-      individual query in the command-line syntax described above.  Each
-      consists of any of the standard options and flags, the name to be
-      looked up, an optional query type and class and any query options that
-      should be applied to that query.
-    </p>
-<p>
-      A global set of query options, which should be applied to all queries,
-      can also be supplied.  These global query options must precede the
-      first tuple of name, class, type, options, flags, and query options
-      supplied on the command line.  Any global query options (except
-      the <code class="option">+[no]cmd</code> option) can be
-      overridden by a query-specific set of query options.  For example:
-      </p>
-<pre class="programlisting">
-dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
-</pre>
-<p>
-      shows how <span><strong class="command">dig</strong></span> could be used from the
-      command line
-      to make three lookups: an ANY query for <code class="literal">www.isc.org</code>, a
-      reverse lookup of 127.0.0.1 and a query for the NS records of
-      <code class="literal">isc.org</code>.
-
-      A global query option of <em class="parameter"><code>+qr</code></em> is
-      applied, so
-      that <span><strong class="command">dig</strong></span> shows the initial query it made
-      for each
-      lookup.  The final query has a local query option of
-      <em class="parameter"><code>+noqr</code></em> which means that <span><strong class="command">dig</strong></span>
-      will not print the initial query when it looks up the NS records for
-      <code class="literal">isc.org</code>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2545338"></a><h2>IDN SUPPORT</h2>
-<p>
-      If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
-      domain name) support, it can accept and display non-ASCII domain names.
-      <span><strong class="command">dig</strong></span> appropriately converts character encoding of
-      domain name before sending a request to DNS server or displaying a
-      reply from the server.
-      If you'd like to turn off the IDN support for some reason, defines
-      the <code class="envar">IDN_DISABLE</code> environment variable.
-      The IDN support is disabled if the variable is set when 
-      <span><strong class="command">dig</strong></span> runs.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2545361"></a><h2>FILES</h2>
-<p><code class="filename">/etc/resolv.conf</code>
-    </p>
-<p><code class="filename">${HOME}/.digrc</code>
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2545378"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <em class="citetitle">RFC1035</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2545415"></a><h2>BUGS</h2>
-<p>
-      There are probably too many query options.
-    </p>
-</div>
-</div></body>
-</html>

bin/dig/host.1

@@ -1,219 +0,0 @@
-.\" Copyright (C) 2004, 2005, 2007-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2002 Internet Software Consortium.
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id$
-.\"
-.hy 0
-.ad l
-.\"     Title: host
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: Jun 30, 2000
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "HOST" "1" "Jun 30, 2000" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-host \- DNS lookup utility
-.SH "SYNOPSIS"
-.HP 5
-\fBhost\fR [\fB\-aCdlnrsTwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-4\fR] [\fB\-6\fR] {name} [server]
-.SH "DESCRIPTION"
-.PP
-\fBhost\fR
-is a simple utility for performing DNS lookups. It is normally used to convert names to IP addresses and vice versa. When no arguments or options are given,
-\fBhost\fR
-prints a short summary of its command line arguments and options.
-.PP
-\fIname\fR
-is the domain name that is to be looked up. It can also be a dotted\-decimal IPv4 address or a colon\-delimited IPv6 address, in which case
-\fBhost\fR
-will by default perform a reverse lookup for that address.
-\fIserver\fR
-is an optional argument which is either the name or IP address of the name server that
-\fBhost\fR
-should query instead of the server or servers listed in
-\fI/etc/resolv.conf\fR.
-.PP
-The
-\fB\-a\fR
-(all) option is equivalent to setting the
-\fB\-v\fR
-option and asking
-\fBhost\fR
-to make a query of type ANY.
-.PP
-When the
-\fB\-C\fR
-option is used,
-\fBhost\fR
-will attempt to display the SOA records for zone
-\fIname\fR
-from all the listed authoritative name servers for that zone. The list of name servers is defined by the NS records that are found for the zone.
-.PP
-The
-\fB\-c\fR
-option instructs to make a DNS query of class
-\fIclass\fR. This can be used to lookup Hesiod or Chaosnet class resource records. The default class is IN (Internet).
-.PP
-Verbose output is generated by
-\fBhost\fR
-when the
-\fB\-d\fR
-or
-\fB\-v\fR
-option is used. The two options are equivalent. They have been provided for backwards compatibility. In previous versions, the
-\fB\-d\fR
-option switched on debugging traces and
-\fB\-v\fR
-enabled verbose output.
-.PP
-List mode is selected by the
-\fB\-l\fR
-option. This makes
-\fBhost\fR
-perform a zone transfer for zone
-\fIname\fR. Transfer the zone printing out the NS, PTR and address records (A/AAAA). If combined with
-\fB\-a\fR
-all records will be printed.
-.PP
-The
-\fB\-i\fR
-option specifies that reverse lookups of IPv6 addresses should use the IP6.INT domain as defined in RFC1886. The default is to use IP6.ARPA.
-.PP
-The
-\fB\-N\fR
-option sets the number of dots that have to be in
-\fIname\fR
-for it to be considered absolute. The default value is that defined using the ndots statement in
-\fI/etc/resolv.conf\fR, or 1 if no ndots statement is present. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
-\fBsearch\fR
-or
-\fBdomain\fR
-directive in
-\fI/etc/resolv.conf\fR.
-.PP
-The number of UDP retries for a lookup can be changed with the
-\fB\-R\fR
-option.
-\fInumber\fR
-indicates how many times
-\fBhost\fR
-will repeat a query that does not get answered. The default number of retries is 1. If
-\fInumber\fR
-is negative or zero, the number of retries will default to 1.
-.PP
-Non\-recursive queries can be made via the
-\fB\-r\fR
-option. Setting this option clears the
-\fBRD\fR
-\(em recursion desired \(em bit in the query which
-\fBhost\fR
-makes. This should mean that the name server receiving the query will not attempt to resolve
-\fIname\fR. The
-\fB\-r\fR
-option enables
-\fBhost\fR
-to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
-.PP
-By default,
-\fBhost\fR
-uses UDP when making queries. The
-\fB\-T\fR
-option makes it use a TCP connection when querying the name server. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests.
-.PP
-The
-\fB\-4\fR
-option forces
-\fBhost\fR
-to only use IPv4 query transport. The
-\fB\-6\fR
-option forces
-\fBhost\fR
-to only use IPv6 query transport.
-.PP
-The
-\fB\-t\fR
-option is used to select the query type.
-\fItype\fR
-can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
-\fBhost\fR
-automatically selects an appropriate query type. By default, it looks for A, AAAA, and MX records, but if the
-\fB\-C\fR
-option was given, queries will be made for SOA records, and if
-\fIname\fR
-is a dotted\-decimal IPv4 address or colon\-delimited IPv6 address,
-\fBhost\fR
-will query for PTR records. If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (e.g. \-t IXFR=12345678).
-.PP
-The time to wait for a reply can be controlled through the
-\fB\-W\fR
-and
-\fB\-w\fR
-options. The
-\fB\-W\fR
-option makes
-\fBhost\fR
-wait for
-\fIwait\fR
-seconds. If
-\fIwait\fR
-is less than one, the wait interval is set to one second. When the
-\fB\-w\fR
-option is used,
-\fBhost\fR
-will effectively wait forever for a reply. The time to wait for a response will be set to the number of seconds given by the hardware's maximum value for an integer quantity.
-.PP
-The
-\fB\-s\fR
-option tells
-\fBhost\fR
-\fInot\fR
-to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior.
-.PP
-The
-\fB\-m\fR
-can be used to set the memory usage debugging flags
-\fIrecord\fR,
-\fIusage\fR
-and
-\fItrace\fR.
-.SH "IDN SUPPORT"
-.PP
-If
-\fBhost\fR
-has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names.
-\fBhost\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server. If you'd like to turn off the IDN support for some reason, defines the
-\fBIDN_DISABLE\fR
-environment variable. The IDN support is disabled if the variable is set when
-\fBhost\fR
-runs.
-.SH "FILES"
-.PP
-\fI/etc/resolv.conf\fR
-.SH "SEE ALSO"
-.PP
-\fBdig\fR(1),
-\fBnamed\fR(8).
-.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
-.br

bin/dig/host.docbook

@@ -1,280 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-	       [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2004, 2005, 2007-2009, 2012  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002  Internet Software Consortium.
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id$ -->
-<refentry id="man.host">
-
-  <refentryinfo>
-    <date>Jun 30, 2000</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>host</refentrytitle>
-    <manvolnum>1</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname>host</refname>
-    <refpurpose>DNS lookup utility</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2004</year>
-      <year>2005</year>
-      <year>2007</year>
-      <year>2008</year>
-      <year>2009</year>
-      <year>2012</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <holder>Internet Software Consortium.</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>host</command>
-      <arg><option>-aCdlnrsTwv</option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-N <replaceable class="parameter">ndots</replaceable></option></arg>
-      <arg><option>-R <replaceable class="parameter">number</replaceable></option></arg>
-      <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
-      <arg><option>-W <replaceable class="parameter">wait</replaceable></option></arg>
-      <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
-      <arg><option>-4</option></arg>
-      <arg><option>-6</option></arg>
-      <arg choice="req">name</arg>
-      <arg choice="opt">server</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-
-    <para><command>host</command>
-      is a simple utility for performing DNS lookups.
-      It is normally used to convert names to IP addresses and vice versa.
-      When no arguments or options are given,
-      <command>host</command>
-      prints a short summary of its command line arguments and options.
-    </para>
-
-    <para><parameter>name</parameter> is the domain name that is to be
-      looked
-      up.  It can also be a dotted-decimal IPv4 address or a colon-delimited
-      IPv6 address, in which case <command>host</command> will by
-      default
-      perform a reverse lookup for that address.
-      <parameter>server</parameter> is an optional argument which
-      is either
-      the name or IP address of the name server that <command>host</command>
-      should query instead of the server or servers listed in
-      <filename>/etc/resolv.conf</filename>.
-    </para>
-
-    <para>
-      The <option>-a</option> (all) option is equivalent to setting the
-      <option>-v</option> option and asking <command>host</command> to make
-      a query of type ANY.
-    </para>
-
-    <para>
-      When the <option>-C</option> option is used, <command>host</command>
-      will attempt to display the SOA records for zone
-      <parameter>name</parameter> from all the listed
-      authoritative name
-      servers for that zone.  The list of name servers is defined by the NS
-      records that are found for the zone.
-    </para>
-
-    <para>
-      The <option>-c</option> option instructs to make a DNS query of class
-      <parameter>class</parameter>.  This can be used to lookup
-      Hesiod or
-      Chaosnet class resource records.  The default class is IN (Internet).
-    </para>
-
-    <para>
-      Verbose output is generated by <command>host</command> when
-      the
-      <option>-d</option> or <option>-v</option> option is used.  The two
-      options are equivalent.  They have been provided for backwards
-      compatibility.  In previous versions, the <option>-d</option> option
-      switched on debugging traces and <option>-v</option> enabled verbose
-      output.
-    </para>
-
-    <para>
-      List mode is selected by the <option>-l</option> option.  This makes
-      <command>host</command> perform a zone transfer for zone
-      <parameter>name</parameter>.  Transfer the zone printing out
-      the NS, PTR
-      and address records (A/AAAA).  If combined with <option>-a</option>
-      all records will be printed.
-    </para>
-
-    <para>
-      The <option>-i</option>
-      option specifies that reverse lookups of IPv6 addresses should
-      use the IP6.INT domain as defined in RFC1886.
-      The default is to use IP6.ARPA.
-    </para>
-
-    <para>
-      The <option>-N</option> option sets the number of dots that have to be
-      in <parameter>name</parameter> for it to be considered
-      absolute.  The
-      default value is that defined using the ndots statement in
-      <filename>/etc/resolv.conf</filename>, or 1 if no ndots
-      statement is
-      present.  Names with fewer dots are interpreted as relative names and
-      will be searched for in the domains listed in the <type>search</type>
-      or <type>domain</type> directive in
-      <filename>/etc/resolv.conf</filename>.
-    </para>
-
-    <para>
-      The number of UDP retries for a lookup can be changed with the
-      <option>-R</option> option.  <parameter>number</parameter>
-      indicates
-      how many times <command>host</command> will repeat a query
-      that does
-      not get answered.  The default number of retries is 1.  If
-      <parameter>number</parameter> is negative or zero, the
-      number of
-      retries will default to 1.
-    </para>
-
-    <para>
-      Non-recursive queries can be made via the <option>-r</option> option.
-      Setting this option clears the <type>RD</type> &mdash; recursion
-      desired &mdash; bit in the query which <command>host</command> makes.
-      This should mean that the name server receiving the query will not
-      attempt to resolve <parameter>name</parameter>.  The
-      <option>-r</option> option enables <command>host</command>
-      to mimic
-      the behavior of a name server by making non-recursive queries and
-      expecting to receive answers to those queries that are usually
-      referrals to other name servers.
-    </para>
-
-    <para>
-      By default, <command>host</command> uses UDP when making
-      queries.  The
-      <option>-T</option> option makes it use a TCP connection when querying
-      the name server.  TCP will be automatically selected for queries that
-      require it, such as zone transfer (AXFR) requests.
-    </para>
-
-    <para>
-      The <option>-4</option> option forces <command>host</command> to only
-      use IPv4 query transport.  The <option>-6</option> option forces
-      <command>host</command> to only use IPv6 query transport.
-    </para>
-
-    <para>
-      The <option>-t</option> option is used to select the query type.
-      <parameter>type</parameter> can be any recognized query
-      type: CNAME,
-      NS, SOA, SIG, KEY, AXFR, etc.  When no query type is specified,
-      <command>host</command> automatically selects an appropriate
-      query
-      type.  By default, it looks for A, AAAA, and MX records, but if the
-      <option>-C</option> option was given, queries will be made for SOA
-      records, and if <parameter>name</parameter> is a
-      dotted-decimal IPv4
-      address or colon-delimited IPv6 address, <command>host</command> will
-      query for PTR records.  If a query type of IXFR is chosen the starting
-      serial number can be specified by appending an equal followed by the
-      starting serial number (e.g. -t IXFR=12345678).
-    </para>
-
-    <para>
-      The time to wait for a reply can be controlled through the
-      <option>-W</option> and <option>-w</option> options.  The
-      <option>-W</option> option makes <command>host</command>
-      wait for
-      <parameter>wait</parameter> seconds.  If <parameter>wait</parameter>
-      is less than one, the wait interval is set to one second.  When the
-      <option>-w</option> option is used, <command>host</command>
-      will
-      effectively wait forever for a reply.  The time to wait for a response
-      will be set to the number of seconds given by the hardware's maximum
-      value for an integer quantity.
-    </para>
-
-    <para>
-      The <option>-s</option> option tells <command>host</command> 
-      <emphasis>not</emphasis> to send the query to the next nameserver
-      if any server responds with a SERVFAIL response, which is the
-      reverse of normal stub resolver behavior.
-    </para>
-
-    <para>
-      The <option>-m</option> can be used to set the memory usage debugging
-      flags
-      <parameter>record</parameter>, <parameter>usage</parameter> and
-      <parameter>trace</parameter>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>IDN SUPPORT</title>
-    <para>
-      If <command>host</command> has been built with IDN (internationalized
-      domain name) support, it can accept and display non-ASCII domain names. 
-      <command>host</command> appropriately converts character encoding of
-      domain name before sending a request to DNS server or displaying a
-      reply from the server.
-      If you'd like to turn off the IDN support for some reason, defines
-      the <envar>IDN_DISABLE</envar> environment variable.
-      The IDN support is disabled if the variable is set when
-      <command>host</command> runs.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>FILES</title>
-    <para><filename>/etc/resolv.conf</filename>
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>.
-    </para>
-
-  </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dig/host.html

@@ -1,212 +0,0 @@
-<!--
- - Copyright (C) 2004, 2005, 2007-2009, 2012 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2002 Internet Software Consortium.
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id$ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>host</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.host"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p>host &#8212; DNS lookup utility</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">host</code>  [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543437"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">host</strong></span>
-      is a simple utility for performing DNS lookups.
-      It is normally used to convert names to IP addresses and vice versa.
-      When no arguments or options are given,
-      <span><strong class="command">host</strong></span>
-      prints a short summary of its command line arguments and options.
-    </p>
-<p><em class="parameter"><code>name</code></em> is the domain name that is to be
-      looked
-      up.  It can also be a dotted-decimal IPv4 address or a colon-delimited
-      IPv6 address, in which case <span><strong class="command">host</strong></span> will by
-      default
-      perform a reverse lookup for that address.
-      <em class="parameter"><code>server</code></em> is an optional argument which
-      is either
-      the name or IP address of the name server that <span><strong class="command">host</strong></span>
-      should query instead of the server or servers listed in
-      <code class="filename">/etc/resolv.conf</code>.
-    </p>
-<p>
-      The <code class="option">-a</code> (all) option is equivalent to setting the
-      <code class="option">-v</code> option and asking <span><strong class="command">host</strong></span> to make
-      a query of type ANY.
-    </p>
-<p>
-      When the <code class="option">-C</code> option is used, <span><strong class="command">host</strong></span>
-      will attempt to display the SOA records for zone
-      <em class="parameter"><code>name</code></em> from all the listed
-      authoritative name
-      servers for that zone.  The list of name servers is defined by the NS
-      records that are found for the zone.
-    </p>
-<p>
-      The <code class="option">-c</code> option instructs to make a DNS query of class
-      <em class="parameter"><code>class</code></em>.  This can be used to lookup
-      Hesiod or
-      Chaosnet class resource records.  The default class is IN (Internet).
-    </p>
-<p>
-      Verbose output is generated by <span><strong class="command">host</strong></span> when
-      the
-      <code class="option">-d</code> or <code class="option">-v</code> option is used.  The two
-      options are equivalent.  They have been provided for backwards
-      compatibility.  In previous versions, the <code class="option">-d</code> option
-      switched on debugging traces and <code class="option">-v</code> enabled verbose
-      output.
-    </p>
-<p>
-      List mode is selected by the <code class="option">-l</code> option.  This makes
-      <span><strong class="command">host</strong></span> perform a zone transfer for zone
-      <em class="parameter"><code>name</code></em>.  Transfer the zone printing out
-      the NS, PTR
-      and address records (A/AAAA).  If combined with <code class="option">-a</code>
-      all records will be printed.
-    </p>
-<p>
-      The <code class="option">-i</code>
-      option specifies that reverse lookups of IPv6 addresses should
-      use the IP6.INT domain as defined in RFC1886.
-      The default is to use IP6.ARPA.
-    </p>
-<p>
-      The <code class="option">-N</code> option sets the number of dots that have to be
-      in <em class="parameter"><code>name</code></em> for it to be considered
-      absolute.  The
-      default value is that defined using the ndots statement in
-      <code class="filename">/etc/resolv.conf</code>, or 1 if no ndots
-      statement is
-      present.  Names with fewer dots are interpreted as relative names and
-      will be searched for in the domains listed in the <span class="type">search</span>
-      or <span class="type">domain</span> directive in
-      <code class="filename">/etc/resolv.conf</code>.
-    </p>
-<p>
-      The number of UDP retries for a lookup can be changed with the
-      <code class="option">-R</code> option.  <em class="parameter"><code>number</code></em>
-      indicates
-      how many times <span><strong class="command">host</strong></span> will repeat a query
-      that does
-      not get answered.  The default number of retries is 1.  If
-      <em class="parameter"><code>number</code></em> is negative or zero, the
-      number of
-      retries will default to 1.
-    </p>
-<p>
-      Non-recursive queries can be made via the <code class="option">-r</code> option.
-      Setting this option clears the <span class="type">RD</span> &#8212; recursion
-      desired &#8212; bit in the query which <span><strong class="command">host</strong></span> makes.
-      This should mean that the name server receiving the query will not
-      attempt to resolve <em class="parameter"><code>name</code></em>.  The
-      <code class="option">-r</code> option enables <span><strong class="command">host</strong></span>
-      to mimic
-      the behavior of a name server by making non-recursive queries and
-      expecting to receive answers to those queries that are usually
-      referrals to other name servers.
-    </p>
-<p>
-      By default, <span><strong class="command">host</strong></span> uses UDP when making
-      queries.  The
-      <code class="option">-T</code> option makes it use a TCP connection when querying
-      the name server.  TCP will be automatically selected for queries that
-      require it, such as zone transfer (AXFR) requests.
-    </p>
-<p>
-      The <code class="option">-4</code> option forces <span><strong class="command">host</strong></span> to only
-      use IPv4 query transport.  The <code class="option">-6</code> option forces
-      <span><strong class="command">host</strong></span> to only use IPv6 query transport.
-    </p>
-<p>
-      The <code class="option">-t</code> option is used to select the query type.
-      <em class="parameter"><code>type</code></em> can be any recognized query
-      type: CNAME,
-      NS, SOA, SIG, KEY, AXFR, etc.  When no query type is specified,
-      <span><strong class="command">host</strong></span> automatically selects an appropriate
-      query
-      type.  By default, it looks for A, AAAA, and MX records, but if the
-      <code class="option">-C</code> option was given, queries will be made for SOA
-      records, and if <em class="parameter"><code>name</code></em> is a
-      dotted-decimal IPv4
-      address or colon-delimited IPv6 address, <span><strong class="command">host</strong></span> will
-      query for PTR records.  If a query type of IXFR is chosen the starting
-      serial number can be specified by appending an equal followed by the
-      starting serial number (e.g. -t IXFR=12345678).
-    </p>
-<p>
-      The time to wait for a reply can be controlled through the
-      <code class="option">-W</code> and <code class="option">-w</code> options.  The
-      <code class="option">-W</code> option makes <span><strong class="command">host</strong></span>
-      wait for
-      <em class="parameter"><code>wait</code></em> seconds.  If <em class="parameter"><code>wait</code></em>
-      is less than one, the wait interval is set to one second.  When the
-      <code class="option">-w</code> option is used, <span><strong class="command">host</strong></span>
-      will
-      effectively wait forever for a reply.  The time to wait for a response
-      will be set to the number of seconds given by the hardware's maximum
-      value for an integer quantity.
-    </p>
-<p>
-      The <code class="option">-s</code> option tells <span><strong class="command">host</strong></span> 
-      <span class="emphasis"><em>not</em></span> to send the query to the next nameserver
-      if any server responds with a SERVFAIL response, which is the
-      reverse of normal stub resolver behavior.
-    </p>
-<p>
-      The <code class="option">-m</code> can be used to set the memory usage debugging
-      flags
-      <em class="parameter"><code>record</code></em>, <em class="parameter"><code>usage</code></em> and
-      <em class="parameter"><code>trace</code></em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543803"></a><h2>IDN SUPPORT</h2>
-<p>
-      If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
-      domain name) support, it can accept and display non-ASCII domain names. 
-      <span><strong class="command">host</strong></span> appropriately converts character encoding of
-      domain name before sending a request to DNS server or displaying a
-      reply from the server.
-      If you'd like to turn off the IDN support for some reason, defines
-      the <code class="envar">IDN_DISABLE</code> environment variable.
-      The IDN support is disabled if the variable is set when
-      <span><strong class="command">host</strong></span> runs.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543826"></a><h2>FILES</h2>
-<p><code class="filename">/etc/resolv.conf</code>
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543837"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
-    </p>
-</div>
-</div></body>
-</html>

bin/dig/include/dig/dig.h

@@ -1,35 +1,30 @@
 /*
- * Copyright (C) 2004-2009, 2011-2014  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000-2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id$ */
+/* $Id: dig.h,v 1.25.2.4 2000/08/07 23:50:17 gson Exp $ */
 
 #ifndef DIG_H
 #define DIG_H
 
-/*! \file */
-
 #include <dns/rdatalist.h>
-
 #include <dst/dst.h>
-
 #include <isc/boolean.h>
 #include <isc/buffer.h>
 #include <isc/bufferlist.h>
-#include <isc/formatcheck.h>
 #include <isc/lang.h>
 #include <isc/list.h>
 #include <isc/mem.h>
@@ -37,129 +32,73 @@
 #include <isc/sockaddr.h>
 #include <isc/socket.h>
 
-#define MXSERV 20
-#define MXNAME (DNS_NAME_MAXTEXT+1)
+#define MXSERV 4
+#define MXNAME 1005
 #define MXRD 32
-/*% Buffer Size */
 #define BUFSIZE 512
 #define COMMSIZE 0xffff
-#ifndef RESOLV_CONF
-/*% location of resolve.conf */
-#define RESOLV_CONF "/etc/resolv.conf"
-#endif
-/*% output buffer */
+#define RESOLVCONF "/etc/resolv.conf"
 #define OUTPUTBUF 32767
-/*% Max RR Limit */
-#define MAXRRLIMIT 0xffffffff
-#define MAXTIMEOUT 0xffff
-/*% Max number of tries */
-#define MAXTRIES 0xffffffff
-/*% Max number of dots */
-#define MAXNDOTS 0xffff
-/*% Max number of ports */
-#define MAXPORT 0xffff
-/*% Max serial number */
-#define MAXSERIAL 0xffffffff
 
-/*% Default TCP Timeout */
-#define TCP_TIMEOUT 10
-/*% Default UDP Timeout */
-#define UDP_TIMEOUT 5
-
-#define SERVER_TIMEOUT 1
+/*
+ * Default timeout values
+ */
+#define TCP_TIMEOUT 60
+#define UDP_TIMEOUT 30
 
 #define LOOKUP_LIMIT 64
-/*%
+/*
  * Lookup_limit is just a limiter, keeping too many lookups from being
  * created.  It's job is mainly to prevent the program from running away
  * in a tight loop of constant lookups.  It's value is arbitrary.
  */
 
+#define ROOTNS 1
 /*
- * Defaults for the sigchase suboptions.  Consolidated here because
- * these control the layout of dig_lookup_t (among other things).
+ * Set the number of root servers to ask for information when running in
+ * trace mode.
+ * XXXMWS -- trace mode is currently semi-broken, and this number *MUST*
+ * be 1.
  */
-#ifdef DIG_SIGCHASE
-#ifndef DIG_SIGCHASE_BU
-#define DIG_SIGCHASE_BU 1
-#endif
-#ifndef DIG_SIGCHASE_TD
-#define DIG_SIGCHASE_TD 1
-#endif
-#endif
 
 ISC_LANG_BEGINDECLS
 
 typedef struct dig_lookup dig_lookup_t;
 typedef struct dig_query dig_query_t;
 typedef struct dig_server dig_server_t;
-#ifdef DIG_SIGCHASE
-typedef struct dig_message dig_message_t;
-#endif
-typedef ISC_LIST(dig_server_t) dig_serverlist_t;
 typedef struct dig_searchlist dig_searchlist_t;
 
-/*% The dig_lookup structure */
 struct dig_lookup {
 	isc_boolean_t
-		pending, /*%< Pending a successful answer */
+	        pending, /* Pending a successful answer */
 		waiting_connect,
 		doing_xfr,
-		ns_search_only, /*%< dig +nssearch, host -C */
-		identify, /*%< Append an "on server <foo>" message */
-		identify_previous_line, /*% Prepend a "Nameserver <foo>:"
-					   message, with newline and tab */
-		ignore,
+		ns_search_only,
+		use_my_server_list,
+		identify,
 		recurse,
 		aaonly,
 		adflag,
 		cdflag,
-		trace, /*% dig +trace */
-		trace_root, /*% initial query for either +trace or +nssearch */
+		trace,
+		trace_root,
+		defname,
 		tcp_mode,
-		ip6_int,
 		comments,
 		stats,
 		section_question,
 		section_answer,
 		section_authority,
 		section_additional,
-		servfail_stops,
-		new_search,
-		need_search,
-		done_as_is,
-		besteffort,
-		dnssec,
-		nsid;   /*% Name Server ID (RFC 5001) */
-#ifdef DIG_SIGCHASE
-isc_boolean_t	sigchase;
-#if DIG_SIGCHASE_TD
-	isc_boolean_t do_topdown,
-		trace_root_sigchase,
-		rdtype_sigchaseset,
-		rdclass_sigchaseset;
-	/* Name we are going to validate RRset */
-	char textnamesigchase[MXNAME];
-#endif
-#endif
-
-	char textname[MXNAME]; /*% Name we're going to be looking up */
-	char cmdline[MXNAME];
-	dns_rdatatype_t rdtype;
-	dns_rdatatype_t qrdtype;
-#if DIG_SIGCHASE_TD
-	dns_rdatatype_t rdtype_sigchase;
-	dns_rdatatype_t qrdtype_sigchase;
-	dns_rdataclass_t rdclass_sigchase;
-#endif
-	dns_rdataclass_t rdclass;
-	isc_boolean_t rdtypeset;
-	isc_boolean_t rdclassset;
+		new_search;
+	char textname[MXNAME]; /* Name we're going to be looking up */
+	char rttext[MXRD]; /* rdata type text */
+	char rctext[MXRD]; /* rdata class text */
 	char namespace[BUFSIZE];
 	char onamespace[BUFSIZE];
 	isc_buffer_t namebuf;
 	isc_buffer_t onamebuf;
-	isc_buffer_t renderbuf;
+	isc_buffer_t sendbuf;
 	char *sendspace;
 	dns_name_t *name;
 	isc_timer_t *timer;
@@ -168,43 +107,32 @@ isc_boolean_t	sigchase;
 	dns_name_t *oname;
 	ISC_LINK(dig_lookup_t) link;
 	ISC_LIST(dig_query_t) q;
-	ISC_LIST(dig_query_t) connecting;
-	dig_query_t *current_query;
-	dig_serverlist_t my_server_list;
+	ISC_LIST(dig_server_t) my_server_list;
 	dig_searchlist_t *origin;
 	dig_query_t *xfr_q;
-	isc_uint32_t retries;
+	int retries;
 	int nsfound;
 	isc_uint16_t udpsize;
-	isc_int16_t edns;
 	isc_uint32_t ixfr_serial;
 	isc_buffer_t rdatabuf;
 	char rdatastore[MXNAME];
 	dst_context_t *tsigctx;
 	isc_buffer_t *querysig;
 	isc_uint32_t msgcounter;
-	dns_fixedname_t fdomain;
 };
 
-/*% The dig_query structure */
 struct dig_query {
 	dig_lookup_t *lookup;
-	isc_boolean_t waiting_connect,
-		pending_free,
-		waiting_senddone,
+	isc_boolean_t working,
+		waiting_connect,
 		first_pass,
 		first_soa_rcvd,
 		second_rr_rcvd,
-		first_repeat_rcvd,
-		recv_made,
-		warn_id;
+		first_repeat_rcvd;
 	isc_uint32_t first_rr_serial;
 	isc_uint32_t second_rr_serial;
-	isc_uint32_t msg_count;
-	isc_uint32_t rr_count;
-	isc_boolean_t ixfr_axfr;
+	int retries;
 	char *servname;
-	char *userarg;
 	isc_bufferlist_t sendlist,
 		recvlist,
 		lengthlist;
@@ -216,16 +144,12 @@ struct dig_query {
 		slspace[4];
 	isc_socket_t *sock;
 	ISC_LINK(dig_query_t) link;
-	ISC_LINK(dig_query_t) clink;
 	isc_sockaddr_t sockaddr;
 	isc_time_t time_sent;
-	isc_uint64_t byte_count;
-	isc_buffer_t sendbuf;
 };
 
 struct dig_server {
 	char servername[MXNAME];
-	char userarg[MXNAME];
 	ISC_LINK(dig_server_t) link;
 };
 
@@ -233,87 +157,30 @@ struct dig_searchlist {
 	char origin[MXNAME];
 	ISC_LINK(dig_searchlist_t) link;
 };
-#ifdef DIG_SIGCHASE
-struct dig_message {
-		dns_message_t *msg;
-		ISC_LINK(dig_message_t) link;
-};
-#endif
-
-typedef ISC_LIST(dig_searchlist_t) dig_searchlistlist_t;
-typedef ISC_LIST(dig_lookup_t) dig_lookuplist_t;
-
-/*
- * Externals from dighost.c
- */
-
-extern dig_lookuplist_t lookup_list;
-extern dig_serverlist_t server_list;
-extern dig_searchlistlist_t search_list;
-extern unsigned int extrabytes;
-
-extern isc_boolean_t check_ra, have_ipv4, have_ipv6, specified_source,
-	usesearch, showsearch, qr;
-extern in_port_t port;
-extern unsigned int timeout;
-extern isc_mem_t *mctx;
-extern dns_messageid_t id;
-extern int sendcount;
-extern int ndots;
-extern int lookup_counter;
-extern int exitcode;
-extern isc_sockaddr_t bind_address;
-extern char keynametext[MXNAME];
-extern char keyfile[MXNAME];
-extern char keysecret[MXNAME];
-extern dns_name_t *hmacname;
-extern unsigned int digestbits;
-#ifdef DIG_SIGCHASE
-extern char trustedkey[MXNAME];
-#endif
-extern dns_tsigkey_t *key;
-extern isc_boolean_t validated;
-extern isc_taskmgr_t *taskmgr;
-extern isc_task_t *global_task;
-extern isc_boolean_t free_now;
-extern isc_boolean_t debugging, debugtiming, memdebugging;
-extern isc_boolean_t keep_open;
-
-extern char *progname;
-extern int tries;
-extern int fatalexit;
-#ifdef WITH_IDN
-extern int idnoptions;
-#endif
 
 /*
  * Routines in dighost.c.
  */
-isc_result_t
+void
 get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr);
 
-int
-getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp);
-
-isc_result_t
-get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
-	    isc_boolean_t strict);
-
-ISC_PLATFORM_NORETURN_PRE void
-fatal(const char *format, ...)
-ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
+void
+fatal(const char *format, ...);
 
 void
-debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+debug(const char *format, ...);
 
 void
 check_result(isc_result_t result, const char *msg);
 
-void
-setup_lookup(dig_lookup_t *lookup);
+isc_boolean_t
+isclass(char *text);
+
+isc_boolean_t
+istype(char *text);
 
 void
-destroy_lookup(dig_lookup_t *lookup);
+setup_lookup(dig_lookup_t *lookup);
 
 void
 do_lookup(dig_lookup_t *lookup);
@@ -324,6 +191,9 @@ start_lookup(void);
 void
 onrun_callback(isc_task_t *task, isc_event_t *event);
 
+void
+send_udp(dig_lookup_t *lookup);
+
 int
 dhmain(int argc, char **argv);
 
@@ -333,82 +203,30 @@ setup_libs(void);
 void
 setup_system(void);
 
+void
+free_lists(void);
+
 dig_lookup_t *
 requeue_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
 
-dig_lookup_t *
-make_empty_lookup(void);
-
-dig_lookup_t *
-clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
-
 dig_server_t *
-make_server(const char *servname, const char *userarg);
-
-void
-flush_server_list(void);
-
-void
-set_nameserver(char *opt);
-
-void
-clone_server_list(dig_serverlist_t src,
-		  dig_serverlist_t *dest);
-
-void
-cancel_all(void);
-
-void
-destroy_libs(void);
-
-void
-set_search_domain(char *domain);
-
-#ifdef DIG_SIGCHASE
-void
-clean_trustedkey(void);
-#endif
+make_server(const char *servname);
 
 /*
- * Routines to be defined in dig.c, host.c, and nslookup.c.
+ * Routines needed in dig.c and host.c.
  */
-#ifdef DIG_SIGCHASE
-isc_result_t
-printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
-	      isc_buffer_t *target);
-#endif
-
 isc_result_t
 printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers);
-/*%<
- * Print the final result of the lookup.
- */
 
 void
-received(int bytes, isc_sockaddr_t *from, dig_query_t *query);
-/*%<
- * Print a message about where and when the response
- * was received from, like the final comment in the
- * output of "dig".
- */
+received(int bytes, int frmsize, char *frm, dig_query_t *query);
 
 void
-trying(char *frm, dig_lookup_t *lookup);
+trying(int frmsize, char *frm, dig_lookup_t *lookup);
 
 void
 dighost_shutdown(void);
 
-char *
-next_token(char **stringp, const char *delim);
-
-#ifdef DIG_SIGCHASE
-/* Chasing functions */
-dns_rdataset_t *
-chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers);
-void
-chase_sig(dns_message_t *msg);
-#endif
-
 ISC_LANG_ENDDECLS
 
 #endif

bin/dig/nslookup.1

@@ -1,263 +0,0 @@
-.\" Copyright (C) 2004-2007, 2010, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id$
-.\"
-.hy 0
-.ad l
-.\"     Title: nslookup
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: Jun 30, 2000
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "NSLOOKUP" "1" "Jun 30, 2000" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-nslookup \- query Internet name servers interactively
-.SH "SYNOPSIS"
-.HP 9
-\fBnslookup\fR [\fB\-option\fR] [name\ |\ \-] [server]
-.SH "DESCRIPTION"
-.PP
-\fBNslookup\fR
-is a program to query Internet domain name servers.
-\fBNslookup\fR
-has two modes: interactive and non\-interactive. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain. Non\-interactive mode is used to print just the name and requested information for a host or domain.
-.SH "ARGUMENTS"
-.PP
-Interactive mode is entered in the following cases:
-.TP 4
-1.
-when no arguments are given (the default name server will be used)
-.TP 4
-2.
-when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server.
-.sp
-.RE
-.PP
-Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
-.PP
-Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
-.sp
-.RS 4
-.nf
-nslookup \-query=hinfo  \-timeout=10
-.fi
-.RE
-.sp
-.SH "INTERACTIVE COMMANDS"
-.PP
-\fBhost\fR [server]
-.RS 4
-Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name.
-.sp
-To look up a host not in the current domain, append a period to the name.
-.RE
-.PP
-\fBserver\fR \fIdomain\fR
-.RS 4
-.RE
-.PP
-\fBlserver\fR \fIdomain\fR
-.RS 4
-Change the default server to
-\fIdomain\fR;
-\fBlserver\fR
-uses the initial server to look up information about
-\fIdomain\fR, while
-\fBserver\fR
-uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned.
-.RE
-.PP
-\fBroot\fR
-.RS 4
-not implemented
-.RE
-.PP
-\fBfinger\fR
-.RS 4
-not implemented
-.RE
-.PP
-\fBls\fR
-.RS 4
-not implemented
-.RE
-.PP
-\fBview\fR
-.RS 4
-not implemented
-.RE
-.PP
-\fBhelp\fR
-.RS 4
-not implemented
-.RE
-.PP
-\fB?\fR
-.RS 4
-not implemented
-.RE
-.PP
-\fBexit\fR
-.RS 4
-Exits the program.
-.RE
-.PP
-\fBset\fR \fIkeyword\fR\fI[=value]\fR
-.RS 4
-This command is used to change state information that affects the lookups. Valid keywords are:
-.RS 4
-.PP
-\fBall\fR
-.RS 4
-Prints the current values of the frequently used options to
-\fBset\fR. Information about the current default server and host is also printed.
-.RE
-.PP
-\fBclass=\fR\fIvalue\fR
-.RS 4
-Change the query class to one of:
-.RS 4
-.PP
-\fBIN\fR
-.RS 4
-the Internet class
-.RE
-.PP
-\fBCH\fR
-.RS 4
-the Chaos class
-.RE
-.PP
-\fBHS\fR
-.RS 4
-the Hesiod class
-.RE
-.PP
-\fBANY\fR
-.RS 4
-wildcard
-.RE
-.RE
-.IP "" 4
-The class specifies the protocol group of the information.
-.sp
-(Default = IN; abbreviation = cl)
-.RE
-.PP
-\fB \fR\fB\fI[no]\fR\fR\fBdebug\fR
-.RS 4
-Turn on or off the display of the full response packet and any intermediate response packets when searching.
-.sp
-(Default = nodebug; abbreviation =
-[no]deb)
-.RE
-.PP
-\fB \fR\fB\fI[no]\fR\fR\fBd2\fR
-.RS 4
-Turn debugging mode on or off. This displays more about what nslookup is doing.
-.sp
-(Default = nod2)
-.RE
-.PP
-\fBdomain=\fR\fIname\fR
-.RS 4
-Sets the search list to
-\fIname\fR.
-.RE
-.PP
-\fB \fR\fB\fI[no]\fR\fR\fBsearch\fR
-.RS 4
-If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received.
-.sp
-(Default = search)
-.RE
-.PP
-\fBport=\fR\fIvalue\fR
-.RS 4
-Change the default TCP/UDP name server port to
-\fIvalue\fR.
-.sp
-(Default = 53; abbreviation = po)
-.RE
-.PP
-\fBquerytype=\fR\fIvalue\fR
-.RS 4
-.RE
-.PP
-\fBtype=\fR\fIvalue\fR
-.RS 4
-Change the type of the information query.
-.sp
-(Default = A; abbreviations = q, ty)
-.RE
-.PP
-\fB \fR\fB\fI[no]\fR\fR\fBrecurse\fR
-.RS 4
-Tell the name server to query other servers if it does not have the information.
-.sp
-(Default = recurse; abbreviation = [no]rec)
-.RE
-.PP
-\fBndots=\fR\fInumber\fR
-.RS 4
-Set the number of dots (label separators) in a domain that will disable searching. Absolute names always stop searching.
-.RE
-.PP
-\fBretry=\fR\fInumber\fR
-.RS 4
-Set the number of retries to number.
-.RE
-.PP
-\fBtimeout=\fR\fInumber\fR
-.RS 4
-Change the initial timeout interval for waiting for a reply to number seconds.
-.RE
-.PP
-\fB \fR\fB\fI[no]\fR\fR\fBvc\fR
-.RS 4
-Always use a virtual circuit when sending requests to the server.
-.sp
-(Default = novc)
-.RE
-.PP
-\fB \fR\fB\fI[no]\fR\fR\fBfail\fR
-.RS 4
-Try the next nameserver if a nameserver responds with SERVFAIL or a referral (nofail) or terminate query (fail) on such a response.
-.sp
-(Default = nofail)
-.RE
-.RE
-.IP "" 4
-.RE
-.SH "FILES"
-.PP
-\fI/etc/resolv.conf\fR
-.SH "SEE ALSO"
-.PP
-\fBdig\fR(1),
-\fBhost\fR(1),
-\fBnamed\fR(8).
-.SH "AUTHOR"
-.PP
-Andrew Cherenson
-.SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2010, 2012\-2014 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dig/nslookup.docbook

@@ -1,507 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-	       [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2004-2007, 2010, 2012-2014  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id$ -->
-<!--
- - Copyright (c) 1985, 1989
- -    The Regents of the University of California.  All rights reserved.
- -
- - Redistribution and use in source and binary forms, with or without
- - modification, are permitted provided that the following conditions
- - are met:
- - 1. Redistributions of source code must retain the above copyright
- -    notice, this list of conditions and the following disclaimer.
- - 2. Redistributions in binary form must reproduce the above copyright
- -    notice, this list of conditions and the following disclaimer in the
- -    documentation and/or other materials provided with the distribution.
- - 3. Neither the name of the University nor the names of its contributors
- -    may be used to endorse or promote products derived from this software
- -    without specific prior written permission.
- -
- - THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
- - ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
- - IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
- - ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
- - FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
- - DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
- - OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
- - HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
- - LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
- - OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
- - SUCH DAMAGE.
--->
-<refentry>
-
-  <refentryinfo>
-    <date>Jun 30, 2000</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>nslookup</refentrytitle>
-    <manvolnum>1</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname>nslookup</refname>
-    <refpurpose>query Internet name servers interactively</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2004</year>
-      <year>2005</year>
-      <year>2006</year>
-      <year>2007</year>
-      <year>2010</year>
-      <year>2012</year>
-      <year>2013</year>
-      <year>2014</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>nslookup</command>
-      <arg><option>-option</option></arg>
-      <arg choice="opt">name | -</arg>
-      <arg choice="opt">server</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>Nslookup</command>
-      is a program to query Internet domain name servers.  <command>Nslookup</command>
-      has two modes: interactive and non-interactive.  Interactive mode allows
-      the user to query name servers for information about various hosts and
-      domains or to print a list of hosts in a domain.  Non-interactive mode
-      is
-      used to print just the name and requested information for a host or
-      domain.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>ARGUMENTS</title>
-    <para>
-      Interactive mode is entered in the following cases:
-      <orderedlist numeration="loweralpha">
-        <listitem>
-          <para>
-            when no arguments are given (the default name server will be used)
-          </para>
-        </listitem>
-        <listitem>
-          <para>
-            when the first argument is a hyphen (-) and the second argument is
-            the host name or Internet address of a name server.
-          </para>
-        </listitem>
-      </orderedlist>
-    </para>
-
-    <para>
-      Non-interactive mode is used when the name or Internet address of the
-      host to be looked up is given as the first argument. The optional second
-      argument specifies the host name or address of a name server.
-    </para>
-
-    <para>
-      Options can also be specified on the command line if they precede the
-      arguments and are prefixed with a hyphen.  For example, to
-      change the default query type to host information, and the initial
-      timeout to 10 seconds, type:
-      <!-- <informalexample> produces bad nroff. -->
-        <programlisting>
-nslookup -query=hinfo  -timeout=10
-</programlisting>
-      <!-- </informalexample> -->
-    </para>
-
-  </refsect1>
-
-  <refsect1>
-    <title>INTERACTIVE COMMANDS</title>
-    <variablelist>
-      <varlistentry>
-        <term><constant>host</constant> <optional>server</optional></term>
-        <listitem>
-          <para>
-            Look up information for host using the current default server or
-            using server, if specified.  If host is an Internet address and
-            the query type is A or PTR, the name of the host is returned.
-            If host is a name and does not have a trailing period, the
-            search list is used to qualify the name.
-          </para>
-
-          <para>
-            To look up a host not in the current domain, append a period to
-            the name.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><constant>server</constant> <replaceable class="parameter">domain</replaceable></term>
-        <listitem>
-          <para/>
-        </listitem>
-      </varlistentry>
-      <varlistentry>
-        <term><constant>lserver</constant> <replaceable class="parameter">domain</replaceable></term>
-        <listitem>
-          <para>
-            Change the default server to <replaceable>domain</replaceable>; <constant>lserver</constant> uses the initial
-            server to look up information about <replaceable>domain</replaceable>, while <constant>server</constant> uses
-            the current default server.  If an authoritative answer can't be
-            found, the names of servers that might have the answer are
-            returned.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><constant>root</constant></term>
-        <listitem>
-          <para>
-            not implemented
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><constant>finger</constant></term>
-        <listitem>
-          <para>
-            not implemented
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><constant>ls</constant></term>
-        <listitem>
-          <para>
-            not implemented
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><constant>view</constant></term>
-        <listitem>
-          <para>
-            not implemented
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><constant>help</constant></term>
-        <listitem>
-          <para>
-            not implemented
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><constant>?</constant></term>
-        <listitem>
-          <para>
-            not implemented
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><constant>exit</constant></term>
-        <listitem>
-          <para>
-            Exits the program.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term><constant>set</constant>
-          <replaceable>keyword<optional>=value</optional></replaceable></term>
-        <listitem>
-          <para>
-            This command is used to change state information that affects
-            the lookups.  Valid keywords are:
-            <variablelist>
-              <varlistentry>
-                <term><constant>all</constant></term>
-                <listitem>
-                  <para>
-                    Prints the current values of the frequently used
-                    options to <command>set</command>.
-                    Information about the  current default
-                    server and host is also printed.
-                  </para>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>class=</constant><replaceable>value</replaceable></term>
-                <listitem>
-                  <para>
-                    Change the query class to one of:
-                    <variablelist>
-                      <varlistentry>
-                        <term><constant>IN</constant></term>
-                        <listitem>
-                          <para>
-                            the Internet class
-                          </para>
-                        </listitem>
-                      </varlistentry>
-                      <varlistentry>
-                        <term><constant>CH</constant></term>
-                        <listitem>
-                          <para>
-                            the Chaos class
-                          </para>
-                        </listitem>
-                      </varlistentry>
-                      <varlistentry>
-                        <term><constant>HS</constant></term>
-                        <listitem>
-                          <para>
-                            the Hesiod class
-                          </para>
-                        </listitem>
-                      </varlistentry>
-                      <varlistentry>
-                        <term><constant>ANY</constant></term>
-                        <listitem>
-                          <para>
-                            wildcard
-                          </para>
-                        </listitem>
-                      </varlistentry>
-                    </variablelist>
-                    The class specifies the protocol group of the information.
-
-                  </para>
-		  <para>
-                    (Default = IN; abbreviation = cl)
-                  </para>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>
-                    <replaceable><optional>no</optional></replaceable>debug</constant></term>
-                <listitem>
-                  <para>
-		    Turn on or off the display of the full response packet and
-		    any intermediate response packets when searching.
-                  </para>
-		  <para>
-                    (Default = nodebug; abbreviation = <optional>no</optional>deb)
-                  </para>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>
-                    <replaceable><optional>no</optional></replaceable>d2</constant></term>
-                <listitem>
-                  <para>
-                    Turn debugging mode on or off.  This displays more about
-	            what nslookup is doing.
-                  </para>
-		  <para>
-                    (Default = nod2)
-                  </para>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>domain=</constant><replaceable>name</replaceable></term>
-                <listitem>
-                  <para>
-                    Sets the search list to <replaceable>name</replaceable>.
-                  </para>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>
-                    <replaceable><optional>no</optional></replaceable>search</constant></term>
-                <listitem>
-                  <para>
-                    If the lookup request contains at least one period but
-                    doesn't end with a trailing period, append the domain
-                    names in the domain search list to the request until an
-                    answer is received.
-                  </para>
-		  <para>
-                    (Default = search)
-                  </para>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>port=</constant><replaceable>value</replaceable></term>
-                <listitem>
-                  <para>
-                    Change the default TCP/UDP name server port to <replaceable>value</replaceable>.
-                  </para>
-		  <para>
-                    (Default = 53; abbreviation = po)
-                  </para>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>querytype=</constant><replaceable>value</replaceable></term>
-                <listitem>
-                  <para/>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>type=</constant><replaceable>value</replaceable></term>
-                <listitem>
-                  <para>
-                    Change the type of the information query.
-                  </para>
-		  <para>
-                    (Default = A; abbreviations = q, ty)
-                  </para>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>
-                    <replaceable><optional>no</optional></replaceable>recurse</constant></term>
-                <listitem>
-                  <para>
-                    Tell the name server to query other servers if it does not
-                    have the
-                    information.
-                  </para>
-		  <para>
-                    (Default = recurse; abbreviation = [no]rec)
-                  </para>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>ndots=</constant><replaceable>number</replaceable></term>
-                <listitem>
-                  <para>
-		    Set the number of dots (label separators) in a domain
-		    that will disable searching.  Absolute names always
-		    stop searching.
-                  </para>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>retry=</constant><replaceable>number</replaceable></term>
-                <listitem>
-                  <para>
-                    Set the number of retries to number.
-                  </para>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>timeout=</constant><replaceable>number</replaceable></term>
-                <listitem>
-                  <para>
-                    Change the initial timeout interval for waiting for a
-                    reply to number seconds.
-                  </para>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>
-                    <replaceable><optional>no</optional></replaceable>vc</constant></term>
-                <listitem>
-                  <para>
-                    Always use a virtual circuit when sending requests to the
-                    server.
-                  </para>
-		  <para>
-                    (Default = novc)
-                  </para>
-                </listitem>
-              </varlistentry>
-
-              <varlistentry>
-                <term><constant>
-                    <replaceable><optional>no</optional></replaceable>fail</constant></term>
-                <listitem>
-                  <para>
-		    Try the next nameserver if a nameserver responds with
-		    SERVFAIL or a referral (nofail) or terminate query
-		    (fail) on such a response.
-		  </para>
-		  <para>
-                    (Default = nofail)
-                  </para>
-	        </listitem>
-	      </varlistentry>
-
-            </variablelist>
-          </para>
-        </listitem>
-      </varlistentry>
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>FILES</title>
-    <para><filename>/etc/resolv.conf</filename>
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>host</refentrytitle><manvolnum>1</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>Author</title>
-    <para>
-      Andrew Cherenson
-    </para>
-  </refsect1>
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dig/nslookup.html

@@ -1,315 +0,0 @@
-<!--
- - Copyright (C) 2004-2007, 2010, 2012-2014 Internet Systems Consortium, Inc. ("ISC")
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id$ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>nslookup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476276"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p>nslookup &#8212; query Internet name servers interactively</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">nslookup</code>  [<code class="option">-option</code>] [name | -] [server]</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543436"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">Nslookup</strong></span>
-      is a program to query Internet domain name servers.  <span><strong class="command">Nslookup</strong></span>
-      has two modes: interactive and non-interactive.  Interactive mode allows
-      the user to query name servers for information about various hosts and
-      domains or to print a list of hosts in a domain.  Non-interactive mode
-      is
-      used to print just the name and requested information for a host or
-      domain.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543452"></a><h2>ARGUMENTS</h2>
-<p>
-      Interactive mode is entered in the following cases:
-      </p>
-<div class="orderedlist"><ol type="a">
-<li><p>
-            when no arguments are given (the default name server will be used)
-          </p></li>
-<li><p>
-            when the first argument is a hyphen (-) and the second argument is
-            the host name or Internet address of a name server.
-          </p></li>
-</ol></div>
-<p>
-    </p>
-<p>
-      Non-interactive mode is used when the name or Internet address of the
-      host to be looked up is given as the first argument. The optional second
-      argument specifies the host name or address of a name server.
-    </p>
-<p>
-      Options can also be specified on the command line if they precede the
-      arguments and are prefixed with a hyphen.  For example, to
-      change the default query type to host information, and the initial
-      timeout to 10 seconds, type:
-      
-        </p>
-<pre class="programlisting">
-nslookup -query=hinfo  -timeout=10
-</pre>
-<p>
-      
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543496"></a><h2>INTERACTIVE COMMANDS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
-<dd>
-<p>
-            Look up information for host using the current default server or
-            using server, if specified.  If host is an Internet address and
-            the query type is A or PTR, the name of the host is returned.
-            If host is a name and does not have a trailing period, the
-            search list is used to qualify the name.
-          </p>
-<p>
-            To look up a host not in the current domain, append a period to
-            the name.
-          </p>
-</dd>
-<dt><span class="term"><code class="constant">server</code> <em class="replaceable"><code>domain</code></em></span></dt>
-<dd><p></p></dd>
-<dt><span class="term"><code class="constant">lserver</code> <em class="replaceable"><code>domain</code></em></span></dt>
-<dd><p>
-            Change the default server to <em class="replaceable"><code>domain</code></em>; <code class="constant">lserver</code> uses the initial
-            server to look up information about <em class="replaceable"><code>domain</code></em>, while <code class="constant">server</code> uses
-            the current default server.  If an authoritative answer can't be
-            found, the names of servers that might have the answer are
-            returned.
-          </p></dd>
-<dt><span class="term"><code class="constant">root</code></span></dt>
-<dd><p>
-            not implemented
-          </p></dd>
-<dt><span class="term"><code class="constant">finger</code></span></dt>
-<dd><p>
-            not implemented
-          </p></dd>
-<dt><span class="term"><code class="constant">ls</code></span></dt>
-<dd><p>
-            not implemented
-          </p></dd>
-<dt><span class="term"><code class="constant">view</code></span></dt>
-<dd><p>
-            not implemented
-          </p></dd>
-<dt><span class="term"><code class="constant">help</code></span></dt>
-<dd><p>
-            not implemented
-          </p></dd>
-<dt><span class="term"><code class="constant">?</code></span></dt>
-<dd><p>
-            not implemented
-          </p></dd>
-<dt><span class="term"><code class="constant">exit</code></span></dt>
-<dd><p>
-            Exits the program.
-          </p></dd>
-<dt><span class="term"><code class="constant">set</code>
-          <em class="replaceable"><code>keyword[<span class="optional">=value</span>]</code></em></span></dt>
-<dd>
-<p>
-            This command is used to change state information that affects
-            the lookups.  Valid keywords are:
-            </p>
-<div class="variablelist"><dl>
-<dt><span class="term"><code class="constant">all</code></span></dt>
-<dd><p>
-                    Prints the current values of the frequently used
-                    options to <span><strong class="command">set</strong></span>.
-                    Information about the  current default
-                    server and host is also printed.
-                  </p></dd>
-<dt><span class="term"><code class="constant">class=</code><em class="replaceable"><code>value</code></em></span></dt>
-<dd>
-<p>
-                    Change the query class to one of:
-                    </p>
-<div class="variablelist"><dl>
-<dt><span class="term"><code class="constant">IN</code></span></dt>
-<dd><p>
-                            the Internet class
-                          </p></dd>
-<dt><span class="term"><code class="constant">CH</code></span></dt>
-<dd><p>
-                            the Chaos class
-                          </p></dd>
-<dt><span class="term"><code class="constant">HS</code></span></dt>
-<dd><p>
-                            the Hesiod class
-                          </p></dd>
-<dt><span class="term"><code class="constant">ANY</code></span></dt>
-<dd><p>
-                            wildcard
-                          </p></dd>
-</dl></div>
-<p>
-                    The class specifies the protocol group of the information.
-
-                  </p>
-<p>
-                    (Default = IN; abbreviation = cl)
-                  </p>
-</dd>
-<dt><span class="term"><code class="constant">
-                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
-<dd>
-<p>
-		    Turn on or off the display of the full response packet and
-		    any intermediate response packets when searching.
-                  </p>
-<p>
-                    (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
-                  </p>
-</dd>
-<dt><span class="term"><code class="constant">
-                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
-<dd>
-<p>
-                    Turn debugging mode on or off.  This displays more about
-	            what nslookup is doing.
-                  </p>
-<p>
-                    (Default = nod2)
-                  </p>
-</dd>
-<dt><span class="term"><code class="constant">domain=</code><em class="replaceable"><code>name</code></em></span></dt>
-<dd><p>
-                    Sets the search list to <em class="replaceable"><code>name</code></em>.
-                  </p></dd>
-<dt><span class="term"><code class="constant">
-                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>search</code></span></dt>
-<dd>
-<p>
-                    If the lookup request contains at least one period but
-                    doesn't end with a trailing period, append the domain
-                    names in the domain search list to the request until an
-                    answer is received.
-                  </p>
-<p>
-                    (Default = search)
-                  </p>
-</dd>
-<dt><span class="term"><code class="constant">port=</code><em class="replaceable"><code>value</code></em></span></dt>
-<dd>
-<p>
-                    Change the default TCP/UDP name server port to <em class="replaceable"><code>value</code></em>.
-                  </p>
-<p>
-                    (Default = 53; abbreviation = po)
-                  </p>
-</dd>
-<dt><span class="term"><code class="constant">querytype=</code><em class="replaceable"><code>value</code></em></span></dt>
-<dd><p></p></dd>
-<dt><span class="term"><code class="constant">type=</code><em class="replaceable"><code>value</code></em></span></dt>
-<dd>
-<p>
-                    Change the type of the information query.
-                  </p>
-<p>
-                    (Default = A; abbreviations = q, ty)
-                  </p>
-</dd>
-<dt><span class="term"><code class="constant">
-                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>recurse</code></span></dt>
-<dd>
-<p>
-                    Tell the name server to query other servers if it does not
-                    have the
-                    information.
-                  </p>
-<p>
-                    (Default = recurse; abbreviation = [no]rec)
-                  </p>
-</dd>
-<dt><span class="term"><code class="constant">ndots=</code><em class="replaceable"><code>number</code></em></span></dt>
-<dd><p>
-		    Set the number of dots (label separators) in a domain
-		    that will disable searching.  Absolute names always
-		    stop searching.
-                  </p></dd>
-<dt><span class="term"><code class="constant">retry=</code><em class="replaceable"><code>number</code></em></span></dt>
-<dd><p>
-                    Set the number of retries to number.
-                  </p></dd>
-<dt><span class="term"><code class="constant">timeout=</code><em class="replaceable"><code>number</code></em></span></dt>
-<dd><p>
-                    Change the initial timeout interval for waiting for a
-                    reply to number seconds.
-                  </p></dd>
-<dt><span class="term"><code class="constant">
-                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>vc</code></span></dt>
-<dd>
-<p>
-                    Always use a virtual circuit when sending requests to the
-                    server.
-                  </p>
-<p>
-                    (Default = novc)
-                  </p>
-</dd>
-<dt><span class="term"><code class="constant">
-                    <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>fail</code></span></dt>
-<dd>
-<p>
-		    Try the next nameserver if a nameserver responds with
-		    SERVFAIL or a referral (nofail) or terminate query
-		    (fail) on such a response.
-		  </p>
-<p>
-                    (Default = nofail)
-                  </p>
-</dd>
-</dl></div>
-<p>
-          </p>
-</dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2546310"></a><h2>FILES</h2>
-<p><code class="filename">/etc/resolv.conf</code>
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2546322"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2546356"></a><h2>Author</h2>
-<p>
-      Andrew Cherenson
-    </p>
-</div>
-</div></body>
-</html>

bin/dig/win32/dig.dsp

@@ -1,107 +0,0 @@
-# Microsoft Developer Studio Project File - Name="dig" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=dig - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "dig.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dig.mak" CFG="dig - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dig - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "dig - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "dig - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dig.exe"
-
-!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /u /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "dig - Win32 Release"
-# Name "dig - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE=..\dig.c
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# Begin Source File
-
-SOURCE=..\include\dig\dig.h
-# End Source File
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/dig/win32/dig.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "dig"=".\dig.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dig/win32/dig.mak

@@ -1,425 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on dig.dsp
-!IF "$(CFG)" == ""
-CFG=dig - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to dig - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "dig - Win32 Release" && "$(CFG)" != "dig - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dig.mak" CFG="dig - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dig - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "dig - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "dig - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "dig - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Release\dig.exe"
-
-!ELSE 
-
-ALL : "liblwres - Win32 Release" "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\dig.exe"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" "liblwres - Win32 ReleaseCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\dig.obj"
-	-@erase "$(INTDIR)\dighost.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\dig.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dig.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dig.pdb" /machine:I386 /out:"../../../Build/Release/dig.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\dig.obj" \
-	"$(INTDIR)\dighost.obj" \
-	"..\..\..\lib\dns\win32\Release\libdns.lib" \
-	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\bind9\win32\Release\libbind9.lib" \
-	"..\..\..\lib\lwres\win32\Release\liblwres.lib"
-
-"..\..\..\Build\Release\dig.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Debug\dig.exe" "$(OUTDIR)\dig.bsc"
-
-!ELSE 
-
-ALL : "liblwres - Win32 Debug" "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\dig.exe" "$(OUTDIR)\dig.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" "liblwres - Win32 DebugCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\dig.obj"
-	-@erase "$(INTDIR)\dig.sbr"
-	-@erase "$(INTDIR)\dighost.obj"
-	-@erase "$(INTDIR)\dighost.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\dig.bsc"
-	-@erase "$(OUTDIR)\dig.pdb"
-	-@erase "..\..\..\Build\Debug\dig.exe"
-	-@erase "..\..\..\Build\Debug\dig.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\dig.sbr" \
-	"$(INTDIR)\dighost.sbr"
-
-"$(OUTDIR)\dig.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dig.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\dig.obj" \
-	"$(INTDIR)\dighost.obj" \
-	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
-	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
-	"..\..\..\lib\lwres\win32\Debug\liblwres.lib"
-
-"..\..\..\Build\Debug\dig.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("dig.dep")
-!INCLUDE "dig.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "dig.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "dig - Win32 Release" || "$(CFG)" == "dig - Win32 Debug"
-SOURCE=..\dig.c
-
-!IF  "$(CFG)" == "dig - Win32 Release"
-
-
-"$(INTDIR)\dig.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
-
-
-"$(INTDIR)\dig.obj"	"$(INTDIR)\dig.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\dighost.c
-
-!IF  "$(CFG)" == "dig - Win32 Release"
-
-
-"$(INTDIR)\dighost.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
-
-
-"$(INTDIR)\dighost.obj"	"$(INTDIR)\dighost.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-!IF  "$(CFG)" == "dig - Win32 Release"
-
-"libdns - Win32 Release" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libdns - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
-
-"libdns - Win32 Debug" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libdns - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "dig - Win32 Release"
-
-"libisc - Win32 Release" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libisc - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
-
-"libisc - Win32 Debug" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libisc - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "dig - Win32 Release"
-
-"libbind9 - Win32 Release" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libbind9 - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
-
-"libbind9 - Win32 Debug" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libbind9 - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "dig - Win32 Release"
-
-"liblwres - Win32 Release" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"liblwres - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "dig - Win32 Debug"
-
-"liblwres - Win32 Debug" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"liblwres - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dig/win32/dighost.dsp

@@ -1,113 +0,0 @@
-# Microsoft Developer Studio Project File - Name="dighost" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
-
-CFG=dighost - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "dighost.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dighost.mak" CFG="dighost - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dighost - Win32 Release" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE "dighost - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "dighost - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddighost
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /out:"Release/dighost.lib"
-
-!ELSEIF  "$(CFG)" == "dighost - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddighost
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /debug out:"Debug/dighost.lib"
-
-!ENDIF 
-
-# Begin Target
-
-# Name "dighost - Win32 Release"
-# Name "dighost - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# Begin Group "Main Dns Lib"
-
-# PROP Default_Filter "c"
-# Begin Source File
-
-SOURCE=..\dighost.c
-# End Source File
-# End Group
-# End Target
-# End Project

bin/dig/win32/dighost.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "dighost"=".\dighost.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dig/win32/host.dsp

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="host" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=host - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "host.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "host.mak" CFG="host - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "host - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "host - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "host - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/host.exe"
-
-!ELSEIF  "$(CFG)" == "host - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /u /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "host - Win32 Release"
-# Name "host - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE=..\host.c
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/dig/win32/host.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "host"=".\host.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dig/win32/host.mak

@@ -1,425 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on host.dsp
-!IF "$(CFG)" == ""
-CFG=host - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to host - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "host - Win32 Release" && "$(CFG)" != "host - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "host.mak" CFG="host - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "host - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "host - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "host - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "host - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Release\host.exe"
-
-!ELSE 
-
-ALL : "liblwres - Win32 Release" "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\host.exe"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" "liblwres - Win32 ReleaseCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\dighost.obj"
-	-@erase "$(INTDIR)\host.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\host.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\host.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib  ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\host.pdb" /machine:I386 /out:"../../../Build/Release/host.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\dighost.obj" \
-	"$(INTDIR)\host.obj" \
-	"..\..\..\lib\dns\win32\Release\libdns.lib" \
-	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\bind9\win32\Release\libbind9.lib" \
-	"..\..\..\lib\lwres\win32\Release\liblwres.lib"
-
-"..\..\..\Build\Release\host.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "host - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Debug\host.exe" "$(OUTDIR)\host.bsc"
-
-!ELSE 
-
-ALL : "liblwres - Win32 Debug" "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\host.exe" "$(OUTDIR)\host.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" "liblwres - Win32 DebugCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\dighost.obj"
-	-@erase "$(INTDIR)\dighost.sbr"
-	-@erase "$(INTDIR)\host.obj"
-	-@erase "$(INTDIR)\host.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\host.bsc"
-	-@erase "$(OUTDIR)\host.pdb"
-	-@erase "..\..\..\Build\Debug\host.exe"
-	-@erase "..\..\..\Build\Debug\host.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\dighost.sbr" \
-	"$(INTDIR)\host.sbr"
-
-"$(OUTDIR)\host.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib  ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\host.pdb" /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\dighost.obj" \
-	"$(INTDIR)\host.obj" \
-	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
-	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
-	"..\..\..\lib\lwres\win32\Debug\liblwres.lib"
-
-"..\..\..\Build\Debug\host.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("host.dep")
-!INCLUDE "host.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "host.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "host - Win32 Release" || "$(CFG)" == "host - Win32 Debug"
-SOURCE=..\dighost.c
-
-!IF  "$(CFG)" == "host - Win32 Release"
-
-
-"$(INTDIR)\dighost.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "host - Win32 Debug"
-
-
-"$(INTDIR)\dighost.obj"	"$(INTDIR)\dighost.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\host.c
-
-!IF  "$(CFG)" == "host - Win32 Release"
-
-
-"$(INTDIR)\host.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "host - Win32 Debug"
-
-
-"$(INTDIR)\host.obj"	"$(INTDIR)\host.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-!IF  "$(CFG)" == "host - Win32 Release"
-
-"libdns - Win32 Release" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libdns - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "host - Win32 Debug"
-
-"libdns - Win32 Debug" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libdns - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "host - Win32 Release"
-
-"libisc - Win32 Release" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libisc - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "host - Win32 Debug"
-
-"libisc - Win32 Debug" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libisc - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "host - Win32 Release"
-
-"libbind9 - Win32 Release" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libbind9 - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "host - Win32 Debug"
-
-"libbind9 - Win32 Debug" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libbind9 - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "host - Win32 Release"
-
-"liblwres - Win32 Release" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"liblwres - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "host - Win32 Debug"
-
-"liblwres - Win32 Debug" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"liblwres - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dig/win32/nslookup.dsp

@@ -1,107 +0,0 @@
-# Microsoft Developer Studio Project File - Name="nslookup" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=nslookup - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "nslookup.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "nslookup.mak" CFG="nslookup - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "nslookup - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "nslookup - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/nslookup.exe"
-
-!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /u /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "nslookup - Win32 Release"
-# Name "nslookup - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE=..\dighost.c
-# End Source File
-# Begin Source File
-
-SOURCE=..\nslookup.c
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/dig/win32/nslookup.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "nslookup"=".\nslookup.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dig/win32/nslookup.mak

@@ -1,425 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on nslookup.dsp
-!IF "$(CFG)" == ""
-CFG=nslookup - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to nslookup - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "nslookup - Win32 Release" && "$(CFG)" != "nslookup - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "nslookup.mak" CFG="nslookup - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "nslookup - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "nslookup - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Release\nslookup.exe"
-
-!ELSE 
-
-ALL : "liblwres - Win32 Release" "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\nslookup.exe"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" "liblwres - Win32 ReleaseCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\dighost.obj"
-	-@erase "$(INTDIR)\nslookup.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\nslookup.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nslookup.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib  ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\nslookup.pdb" /machine:I386 /out:"../../../Build/Release/nslookup.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\dighost.obj" \
-	"$(INTDIR)\nslookup.obj" \
-	"..\..\..\lib\dns\win32\Release\libdns.lib" \
-	"..\..\..\lib\isc\win32\Release\libisc.lib" \
-	"..\..\..\lib\bind9\win32\Release\libbind9.lib" \
-	"..\..\..\lib\lwres\win32\Release\liblwres.lib"
-
-"..\..\..\Build\Release\nslookup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-!IF "$(RECURSE)" == "0" 
-
-ALL : "..\..\..\Build\Debug\nslookup.exe" "$(OUTDIR)\nslookup.bsc"
-
-!ELSE 
-
-ALL : "liblwres - Win32 Debug" "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\nslookup.exe" "$(OUTDIR)\nslookup.bsc"
-
-!ENDIF 
-
-!IF "$(RECURSE)" == "1" 
-CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" "liblwres - Win32 DebugCLEAN" 
-!ELSE 
-CLEAN :
-!ENDIF 
-	-@erase "$(INTDIR)\dighost.obj"
-	-@erase "$(INTDIR)\dighost.sbr"
-	-@erase "$(INTDIR)\nslookup.obj"
-	-@erase "$(INTDIR)\nslookup.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\nslookup.bsc"
-	-@erase "$(OUTDIR)\nslookup.pdb"
-	-@erase "..\..\..\Build\Debug\nslookup.exe"
-	-@erase "..\..\..\Build\Debug\nslookup.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\dighost.sbr" \
-	"$(INTDIR)\nslookup.sbr"
-
-"$(OUTDIR)\nslookup.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib  ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\nslookup.pdb" /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\dighost.obj" \
-	"$(INTDIR)\nslookup.obj" \
-	"..\..\..\lib\dns\win32\Debug\libdns.lib" \
-	"..\..\..\lib\isc\win32\Debug\libisc.lib" \
-	"..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
-	"..\..\..\lib\lwres\win32\Debug\liblwres.lib"
-
-"..\..\..\Build\Debug\nslookup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("nslookup.dep")
-!INCLUDE "nslookup.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "nslookup.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "nslookup - Win32 Release" || "$(CFG)" == "nslookup - Win32 Debug"
-SOURCE=..\dighost.c
-
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-
-
-"$(INTDIR)\dighost.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
-
-
-"$(INTDIR)\dighost.obj"	"$(INTDIR)\dighost.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\nslookup.c
-
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-
-
-"$(INTDIR)\nslookup.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
-
-
-"$(INTDIR)\nslookup.obj"	"$(INTDIR)\nslookup.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-
-"libdns - Win32 Release" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libdns - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
-
-"libdns - Win32 Debug" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libdns - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\dns\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-
-"libisc - Win32 Release" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libisc - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
-
-"libisc - Win32 Debug" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libisc - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\isc\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-
-"libbind9 - Win32 Release" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"libbind9 - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
-
-"libbind9 - Win32 Debug" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"libbind9 - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\bind9\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-
-"liblwres - Win32 Release" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" 
-   cd "..\..\..\bin\dig\win32"
-
-"liblwres - Win32 ReleaseCLEAN" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
-
-"liblwres - Win32 Debug" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" 
-   cd "..\..\..\bin\dig\win32"
-
-"liblwres - Win32 DebugCLEAN" : 
-   cd "..\..\..\lib\lwres\win32"
-   $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" RECURSE=1 CLEAN 
-   cd "..\..\..\bin\dig\win32"
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dnssec/.cvsignore

@@ -0,0 +1,5 @@
+Makefile
+dnssec-keygen
+dnssec-makekeyset
+dnssec-signkey
+dnssec-signzone

bin/dnssec/.gitignore

@@ -1,9 +0,0 @@
-dnssec-dsfromkey
-dnssec-keyfromlabel
-dnssec-keygen
-dnssec-makekeyset
-dnssec-revoke
-dnssec-settime
-dnssec-signkey
-dnssec-signzone
-.libs

bin/dnssec/Makefile.in

@@ -1,34 +1,32 @@
-# Copyright (C) 2004, 2005, 2007, 2008, 2012  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2000-2002  Internet Software Consortium.
-#
-# Permission to use, copy, modify, and/or distribute this software for any
+# Copyright (C) 2000  Internet Software Consortium.
+# 
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+# SOFTWARE.
 
-# $Id$
+# $Id: Makefile.in,v 1.7 2000/06/22 21:49:01 tale Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
-@BIND9_VERSION@
-
-@BIND9_MAKE_INCLUDES@
+@BIND9_INCLUDES@
 
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES}
 
-CDEFINES =	-DVERSION=\"${VERSION}\" 
+CDEFINES =
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@
 ISCLIBS =	../../lib/isc/libisc.@A@
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
@@ -39,57 +37,38 @@ DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
 LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
 
 # Alphabetically
-TARGETS =	dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@ \
-		dnssec-keyfromlabel@EXEEXT@ dnssec-dsfromkey@EXEEXT@
+TARGETS =	dnssec-keygen \
+		dnssec-makekeyset \
+		dnssec-signkey \
+		dnssec-signzone
 
 OBJS =		dnssectool.@O@
 
-SRCS =		dnssec-dsfromkey.c dnssec-keyfromlabel.c dnssec-keygen.c \
-		dnssec-signzone.c dnssectool.c
-
-MANPAGES =	dnssec-dsfromkey.8 dnssec-keyfromlabel.8 dnssec-keygen.8 \
-		dnssec-signzone.8
-
-HTMLPAGES =	dnssec-dsfromkey.html dnssec-keyfromlabel.html \
-		dnssec-keygen.html dnssec-signzone.html 
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
+SRCS =		dnssec-keygen.c dnssec-makekeyset.c \
+		dnssec-signkey.c dnssec-signzone.c \
+		dnssectool.c
 
 @BIND9_MAKE_RULES@
 
-dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dnssec-dsfromkey.@O@ ${OBJS} ${LIBS}
+dnssec-keygen: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-keygen.@O@ ${OBJS} ${LIBS}
 
-dnssec-keyfromlabel@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dnssec-keyfromlabel.@O@ ${OBJS} ${LIBS}
+dnssec-makekeyset: dnssec-makekeyset.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-makekeyset.@O@ ${OBJS} ${LIBS}
 
-dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dnssec-keygen.@O@ ${OBJS} ${LIBS}
+dnssec-signkey: dnssec-signkey.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-signkey.@O@ ${OBJS} ${LIBS}
 
-dnssec-signzone.@O@: dnssec-signzone.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-		-c ${srcdir}/dnssec-signzone.c
-
-dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dnssec-signzone.@O@ ${OBJS} ${LIBS}
-
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
-
-install:: ${TARGETS} installdirs
-	for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done
-	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
+dnssec-signzone: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-signzone.@O@ ${OBJS} ${LIBS}
 
 clean distclean::
 	rm -f ${TARGETS}
 
+installdirs:
+	if [ ! -d ${DESTDIR}${sbindir} ]; then \
+		mkdir ${DESTDIR}${sbindir}; \
+	fi
+
+install:: ${TARGSTS} installdirs
+	${LIBTOOL} ${INSTALL_PROGRAM} ${TARGETS} ${DESTDIR}${sbindir}

bin/dnssec/dnssec-dsfromkey.8

@@ -1,124 +0,0 @@
-.\" Copyright (C) 2008, 2012 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id$
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-dsfromkey
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: November 29, 2008
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-DSFROMKEY" "8" "November 29, 2008" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-dsfromkey \- DNSSEC DS RR generation tool
-.SH "SYNOPSIS"
-.HP 17
-\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] {keyfile}
-.HP 17
-\fBdnssec\-dsfromkey\fR {\-s} [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdir\fR\fR] {dnsname}
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-dsfromkey\fR
-outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s).
-.SH "OPTIONS"
-.PP
-\-1
-.RS 4
-Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256).
-.RE
-.PP
-\-2
-.RS 4
-Use SHA\-256 as the digest algorithm.
-.RE
-.PP
-\-a \fIalgorithm\fR
-.RS 4
-Select the digest algorithm. The value of
-\fBalgorithm\fR
-must be one of SHA\-1 (SHA1) or SHA\-256 (SHA256). These values are case insensitive.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.PP
-\-s
-.RS 4
-Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file. Following options make sense only in this mode.
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Specifies the DNS class (default is IN), useful only in the keyset mode.
-.RE
-.PP
-\-d \fIdirectory\fR
-.RS 4
-Look for
-\fIkeyset\fR
-files in
-\fBdirectory\fR
-as the directory, ignored when not in the keyset mode.
-.RE
-.SH "EXAMPLE"
-.PP
-To build the SHA\-256 DS RR from the
-\fBKexample.com.+003+26160\fR
-keyfile name, the following command would be issued:
-.PP
-\fBdnssec\-dsfromkey \-2 Kexample.com.+003+26160\fR
-.PP
-The command would print something like:
-.PP
-\fBexample.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR
-.SH "FILES"
-.PP
-The keyfile can be designed by the key identification
-\fIKnnnn.+aaa+iiiii\fR
-or the full file name
-\fIKnnnn.+aaa+iiiii.key\fR
-as generated by
-dnssec\-keygen(8).
-.PP
-The keyset file name is built from the
-\fBdirectory\fR, the string
-\fIkeyset\-\fR
-and the
-\fBdnsname\fR.
-.SH "CAVEAT"
-.PP
-A keyfile error can give a "file not found" even if the file exists.
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 3658,
-RFC 4509.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2008, 2012 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dnssec/dnssec-dsfromkey.c

@@ -1,402 +0,0 @@
-/*
- * Copyright (C) 2008-2012  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id$ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdlib.h>
-
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/hash.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/db.h>
-#include <dns/dbiterator.h>
-#include <dns/ds.h>
-#include <dns/fixedname.h>
-#include <dns/log.h>
-#include <dns/name.h>
-#include <dns/rdata.h>
-#include <dns/rdataclass.h>
-#include <dns/rdataset.h>
-#include <dns/rdatasetiter.h>
-#include <dns/rdatatype.h>
-#include <dns/result.h>
-
-#include <dst/dst.h>
-
-#include "dnssectool.h"
-
-const char *program = "dnssec-dsfromkey";
-int verbose;
-
-static dns_rdataclass_t rdclass;
-static dns_fixedname_t  fixed;
-static dns_name_t       *name = NULL;
-static dns_db_t         *db = NULL;
-static dns_dbnode_t     *node = NULL;
-static dns_rdataset_t   keyset;
-static isc_mem_t        *mctx = NULL;
-
-static void
-loadkeys(char *dirname, char *setname)
-{
-	isc_result_t     result;
-	char             filename[1024];
-	isc_buffer_t     buf;
-
-	dns_rdataset_init(&keyset);
-	dns_fixedname_init(&fixed);
-	name = dns_fixedname_name(&fixed);
-
-	isc_buffer_init(&buf, setname, strlen(setname));
-	isc_buffer_add(&buf, strlen(setname));
-	result = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't convert DNS name %s", setname);
-
-	isc_buffer_init(&buf, filename, sizeof(filename));
-	if (dirname != NULL) {
-		if (isc_buffer_availablelength(&buf) < strlen(dirname))
-			fatal("directory name '%s' too long", dirname);
-		isc_buffer_putstr(&buf, dirname);
-		if (dirname[strlen(dirname) - 1] != '/') {
-			if (isc_buffer_availablelength(&buf) < 1)
-				fatal("directory name '%s' too long", dirname);
-			isc_buffer_putstr(&buf, "/");
-		}
-	}
-
-	if (isc_buffer_availablelength(&buf) < strlen("keyset-"))
-		fatal("directory name '%s' too long", dirname);
-	isc_buffer_putstr(&buf, "keyset-");
-	result = dns_name_tofilenametext(name, ISC_FALSE, &buf);
-	check_result(result, "dns_name_tofilenametext()");
-	if (isc_buffer_availablelength(&buf) == 0)
-		fatal("name %s too long", setname);
-	isc_buffer_putuint8(&buf, 0);
-
-	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
-			       rdclass, 0, NULL, &db);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't create database");
-
-	result = dns_db_load(db, filename);
-	if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
-		fatal("can't load %s: %s", filename, isc_result_totext(result));
-
-	result = dns_db_findnode(db, name, ISC_FALSE, &node);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't find %s node in %s", setname, filename);
-
-	result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey,
-				     0, 0, &keyset, NULL);
-	if (result == ISC_R_NOTFOUND)
-		fatal("no DNSKEY RR for %s in %s", setname, filename);
-	else if (result != ISC_R_SUCCESS)
-		fatal("dns_db_findrdataset");
-}
-
-static void
-loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
-	dns_rdata_t *rdata)
-{
-	isc_result_t  result;
-	dst_key_t     *key = NULL;
-	isc_buffer_t  keyb;
-	isc_region_t  r;
-
-	dns_rdataset_init(&keyset);
-	dns_rdata_init(rdata);
-
-	isc_buffer_init(&keyb, key_buf, key_buf_size);
-
-	result = dst_key_fromnamedfile(filename, DST_TYPE_PUBLIC, mctx, &key);
-	if (result != ISC_R_SUCCESS)
-		fatal("invalid keyfile name %s: %s",
-		      filename, isc_result_totext(result));
-
-	if (verbose > 2) {
-		char keystr[KEY_FORMATSIZE];
-
-		key_format(key, keystr, sizeof(keystr));
-		fprintf(stderr, "%s: %s\n", program, keystr);
-	}
-
-	result = dst_key_todns(key, &keyb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't decode key");
-
-	isc_buffer_usedregion(&keyb, &r);
-	dns_rdata_fromregion(rdata, dst_key_class(key),
-			     dns_rdatatype_dnskey, &r);
-
-	rdclass = dst_key_class(key);
-
-	dns_fixedname_init(&fixed);
-	name = dns_fixedname_name(&fixed);
-	result = dns_name_copy(dst_key_name(key), name, NULL);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't copy name");
-
-	dst_key_free(&key);
-}
-
-static void
-logkey(dns_rdata_t *rdata)
-{
-	isc_result_t result;
-	dst_key_t    *key = NULL;
-	isc_buffer_t buf;
-	char         keystr[KEY_FORMATSIZE];
-
-	isc_buffer_init(&buf, rdata->data, rdata->length);
-	isc_buffer_add(&buf, rdata->length);
-	result = dst_key_fromdns(name, rdclass, &buf, mctx, &key);
-	if (result != ISC_R_SUCCESS)
-		return;
-
-	key_format(key, keystr, sizeof(keystr));
-	fprintf(stderr, "%s: %s\n", program, keystr);
-
-	dst_key_free(&key);
-}
-
-static void
-emitds(unsigned int dtype, dns_rdata_t *rdata)
-{
-	isc_result_t   result;
-	unsigned char  buf[DNS_DS_BUFFERSIZE];
-	char           text_buf[DST_KEY_MAXTEXTSIZE];
-	char           class_buf[10];
-	isc_buffer_t   textb, classb;
-	isc_region_t   r;
-	dns_rdata_t    ds;
-
-	isc_buffer_init(&textb, text_buf, sizeof(text_buf));
-	isc_buffer_init(&classb, class_buf, sizeof(class_buf));
-
-	dns_rdata_init(&ds);
-
-	result = dns_ds_buildrdata(name, rdata, dtype, buf, &ds);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't build DS");
-
-	result = dns_rdata_totext(&ds, (dns_name_t *) NULL, &textb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't print DS rdata");
-
-	result = dns_rdataclass_totext(rdclass, &classb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't print DS class");
-
-	result = dns_name_print(name, stdout);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't print DS name");
-
-	isc_buffer_usedregion(&classb, &r);
-	printf(" %.*s", (int)r.length, r.base);
-
-	isc_buffer_usedregion(&textb, &r);
-	printf(" DS %.*s\n", (int)r.length, r.base);
-}
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr,	"    %s options keyfile\n\n", program);
-	fprintf(stderr, "    %s options [-c class] [-d dir] -s dnsname\n\n",
-		program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-	fprintf(stderr, "Options:\n");
-	fprintf(stderr, "    -v <verbose level>\n");
-	fprintf(stderr, "    -1: use SHA-1\n");
-	fprintf(stderr, "    -2: use SHA-256\n");
-	fprintf(stderr, "    -a algorithm: use algorithm\n");
-	fprintf(stderr, "Keyset options:\n");
-	fprintf(stderr, "    -s: keyset mode\n");
-	fprintf(stderr, "    -c class\n");
-	fprintf(stderr, "    -d directory\n");
-	fprintf(stderr, "Output: DS RRs\n");
-
-	exit (-1);
-}
-
-int
-main(int argc, char **argv) {
-	char           *algname = NULL, *classname = NULL, *dirname = NULL;
-	char           *endp;
-	int            ch;
-	unsigned int   dtype = DNS_DSDIGEST_SHA1;
-	isc_boolean_t  both = ISC_TRUE;
-	isc_boolean_t  usekeyset = ISC_FALSE;
-	isc_result_t   result;
-	isc_log_t      *log = NULL;
-	isc_entropy_t  *ectx = NULL;
-	dns_rdata_t    rdata;
-
-	dns_rdata_init(&rdata);
-
-	if (argc == 1)
-		usage();
-
-	result = isc_mem_create(0, 0, &mctx);
-	if (result != ISC_R_SUCCESS)
-		fatal("out of memory");
-
-	dns_result_register();
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((ch = isc_commandline_parse(argc, argv,
-					   "12a:c:d:sv:h")) != -1) {
-		switch (ch) {
-		case '1':
-			dtype = DNS_DSDIGEST_SHA1;
-			both = ISC_FALSE;
-			break;
-		case '2':
-			dtype = DNS_DSDIGEST_SHA256;
-			both = ISC_FALSE;
-			break;
-		case 'a':
-			algname = isc_commandline_argument;
-			both = ISC_FALSE;
-			break;
-		case 'c':
-			classname = isc_commandline_argument;
-			break;
-		case 'd':
-			dirname = isc_commandline_argument;
-			break;
-		case 's':
-			usekeyset = ISC_TRUE;
-			break;
-		case 'v':
-			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("-v must be followed by a number");
-			break;
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-			/* Falls into */
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (algname != NULL) {
-		if (strcasecmp(algname, "SHA1") == 0 ||
-		    strcasecmp(algname, "SHA-1") == 0)
-			dtype = DNS_DSDIGEST_SHA1;
-		else if (strcasecmp(algname, "SHA256") == 0 ||
-			 strcasecmp(algname, "SHA-256") == 0)
-			dtype = DNS_DSDIGEST_SHA256;
-		else
-			fatal("unknown algorithm %s", algname);
-	}
-
-	rdclass = strtoclass(classname);
-
-	if (argc < isc_commandline_index + 1)
-		fatal("the key file name was not specified");
-	if (argc > isc_commandline_index + 1)
-		fatal("extraneous arguments");
-
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
-	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
-	if (result != ISC_R_SUCCESS)
-		fatal("could not initialize hash");
-	result = dst_lib_init(mctx, ectx,
-			      ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
-	if (result != ISC_R_SUCCESS)
-		fatal("could not initialize dst");
-	isc_entropy_stopcallbacksources(ectx);
-
-	setup_logging(verbose, mctx, &log);
-
-	if (usekeyset) {
-		loadkeys(dirname, argv[isc_commandline_index]);
-
-		for (result = dns_rdataset_first(&keyset);
-		     result == ISC_R_SUCCESS;
-		     result = dns_rdataset_next(&keyset)) {
-			dns_rdata_init(&rdata);
-			dns_rdataset_current(&keyset, &rdata);
-
-			if (verbose > 2)
-				logkey(&rdata);
-
-			if (both) {
-				emitds(DNS_DSDIGEST_SHA1, &rdata);
-				emitds(DNS_DSDIGEST_SHA256, &rdata);
-			} else
-				emitds(dtype, &rdata);
-		}
-	} else {
-		unsigned char key_buf[DST_KEY_MAXSIZE];
-
-		loadkey(argv[isc_commandline_index], key_buf,
-			DST_KEY_MAXSIZE, &rdata);
-
-		if (both) {
-			emitds(DNS_DSDIGEST_SHA1, &rdata);
-			emitds(DNS_DSDIGEST_SHA256, &rdata);
-		} else
-			emitds(dtype, &rdata);
-	}
-
-	if (dns_rdataset_isassociated(&keyset))
-		dns_rdataset_disassociate(&keyset);
-	if (node != NULL)
-		dns_db_detachnode(db, &node);
-	if (db != NULL)
-		dns_db_detach(&db);
-	cleanup_logging(&log);
-	dst_lib_destroy();
-	isc_hash_destroy();
-	cleanup_entropy(&ectx);
-	dns_name_destroy();
-	if (verbose > 10)
-		isc_mem_stats(mctx, stdout);
-	isc_mem_destroy(&mctx);
-
-	fflush(stdout);
-	if (ferror(stdout)) {
-		fprintf(stderr, "write error\n");
-		return (1);
-	} else
-		return (0);
-}

bin/dnssec/dnssec-dsfromkey.docbook

@@ -1,215 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-               [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2008, 2012  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id$ -->
-<refentry id="man.dnssec-dsfromkey">
-  <refentryinfo>
-    <date>November 29, 2008</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-dsfromkey</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-dsfromkey</application></refname>
-    <refpurpose>DNSSEC DS RR generation tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2008</year>
-      <year>2012</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-dsfromkey</command>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-1</option></arg>
-      <arg><option>-2</option></arg>
-      <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
-      <arg choice="req">keyfile</arg>
-    </cmdsynopsis>
-    <cmdsynopsis>
-      <command>dnssec-dsfromkey</command>
-      <arg choice="req">-s</arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-1</option></arg>
-      <arg><option>-2</option></arg>
-      <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-d <replaceable class="parameter">dir</replaceable></option></arg>
-      <arg choice="req">dnsname</arg>
-   </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-dsfromkey</command>
-      outputs the Delegation Signer (DS) resource record (RR), as defined in
-      RFC 3658 and RFC 4509, for the given key(s).
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-1</term>
-        <listitem>
-          <para>
-            Use SHA-1 as the digest algorithm (the default is to use
-            both SHA-1 and SHA-256).
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-2</term>
-        <listitem>
-          <para>
-            Use SHA-256 as the digest algorithm.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
-        <listitem>
-          <para>
-            Select the digest algorithm. The value of
-            <option>algorithm</option> must be one of SHA-1 (SHA1) or
-            SHA-256 (SHA256). These values are case insensitive.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-s</term>
-        <listitem>
-          <para>
-            Keyset mode: in place of the keyfile name, the argument is
-            the DNS domain name of a keyset file. Following options make sense
-            only in this mode.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the DNS class (default is IN), useful only
-            in the keyset mode.
-          </para>
-	  </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-d <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Look for <filename>keyset</filename> files in
-            <option>directory</option> as the directory, ignored when
-            not in the keyset mode.
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>EXAMPLE</title>
-    <para>
-      To build the SHA-256 DS RR from the
-      <userinput>Kexample.com.+003+26160</userinput>
-      keyfile name, the following command would be issued:
-    </para>
-    <para><userinput>dnssec-dsfromkey -2 Kexample.com.+003+26160</userinput>
-    </para>
-    <para>
-      The command would print something like:
-    </para>
-    <para><userinput>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</userinput>
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>FILES</title>
-    <para>
-      The keyfile can be designed by the key identification
-      <filename>Knnnn.+aaa+iiiii</filename> or the full file name
-      <filename>Knnnn.+aaa+iiiii.key</filename> as generated by
-      <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
-    </para>
-    <para>
-      The keyset file name is built from the <option>directory</option>,
-      the string <filename>keyset-</filename> and the
-      <option>dnsname</option>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>CAVEAT</title>
-    <para>
-      A keyfile error can give a "file not found" even if the file exists.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 3658</citetitle>,
-      <citetitle>RFC 4509</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-dsfromkey.html

@@ -1,132 +0,0 @@
-<!--
- - Copyright (C) 2008, 2012 Internet Systems Consortium, Inc. ("ISC")
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id$ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dnssec-dsfromkey</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">dnssec-dsfromkey</span> &#8212; DNSSEC DS RR generation tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] {keyfile}</p></div>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  {-s} [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dir</code></em></code>] {dnsname}</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543427"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-dsfromkey</strong></span>
-      outputs the Delegation Signer (DS) resource record (RR), as defined in
-      RFC 3658 and RFC 4509, for the given key(s).
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543438"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-1</span></dt>
-<dd><p>
-            Use SHA-1 as the digest algorithm (the default is to use
-            both SHA-1 and SHA-256).
-          </p></dd>
-<dt><span class="term">-2</span></dt>
-<dd><p>
-            Use SHA-256 as the digest algorithm.
-          </p></dd>
-<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd><p>
-            Select the digest algorithm. The value of
-            <code class="option">algorithm</code> must be one of SHA-1 (SHA1) or
-            SHA-256 (SHA256). These values are case insensitive.
-          </p></dd>
-<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-            Sets the debugging level.
-          </p></dd>
-<dt><span class="term">-s</span></dt>
-<dd><p>
-            Keyset mode: in place of the keyfile name, the argument is
-            the DNS domain name of a keyset file. Following options make sense
-            only in this mode.
-          </p></dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
-            Specifies the DNS class (default is IN), useful only
-            in the keyset mode.
-          </p></dd>
-<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Look for <code class="filename">keyset</code> files in
-            <code class="option">directory</code> as the directory, ignored when
-            not in the keyset mode.
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543566"></a><h2>EXAMPLE</h2>
-<p>
-      To build the SHA-256 DS RR from the
-      <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
-      keyfile name, the following command would be issued:
-    </p>
-<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
-    </p>
-<p>
-      The command would print something like:
-    </p>
-<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543596"></a><h2>FILES</h2>
-<p>
-      The keyfile can be designed by the key identification
-      <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
-      <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
-      <span class="refentrytitle">dnssec-keygen</span>(8).
-    </p>
-<p>
-      The keyset file name is built from the <code class="option">directory</code>,
-      the string <code class="filename">keyset-</code> and the
-      <code class="option">dnsname</code>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543632"></a><h2>CAVEAT</h2>
-<p>
-      A keyfile error can give a "file not found" even if the file exists.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543641"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 3658</em>,
-      <em class="citetitle">RFC 4509</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543677"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/dnssec/dnssec-keyfromlabel.8

@@ -1,153 +0,0 @@
-.\" Copyright (C) 2008, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id$
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-keyfromlabel
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: February 8, 2008
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-KEYFROMLABEL" "8" "February 8, 2008" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-keyfromlabel \- DNSSEC key generation tool
-.SH "SYNOPSIS"
-.HP 20
-\fBdnssec\-keyfromlabel\fR {\-a\ \fIalgorithm\fR} {\-l\ \fIlabel\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-k\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-keyfromlabel\fR
-gets keys with the given label from a crypto hardware and builds key files for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034.
-.SH "OPTIONS"
-.PP
-\-a \fIalgorithm\fR
-.RS 4
-Selects the cryptographic algorithm. The value of
-\fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or DH (Diffie Hellman). These values are case insensitive.
-.sp
-If no algorithm is specified, then RSASHA1 will be used by default, unless the
-\fB\-3\fR
-option is specified, in which case NSEC3RSASHA1 will be used instead. (If
-\fB\-3\fR
-is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3.)
-.sp
-Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended.
-.sp
-Note 2: DH automatically sets the \-k flag.
-.RE
-.PP
-\-l \fIlabel\fR
-.RS 4
-Specifies the label of keys in the crypto hardware (PKCS#11 device).
-.RE
-.PP
-\-n \fInametype\fR
-.RS 4
-Specifies the owner type of the key. The value of
-\fBnametype\fR
-must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
-.RE
-.PP
-\-f \fIflag\fR
-.RS 4
-Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY.
-.RE
-.PP
-\-h
-.RS 4
-Prints a short summary of the options and arguments to
-\fBdnssec\-keygen\fR.
-.RE
-.PP
-\-k
-.RS 4
-Generate KEY records rather than DNSKEY records.
-.RE
-.PP
-\-p \fIprotocol\fR
-.RS 4
-Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
-.RE
-.PP
-\-t \fItype\fR
-.RS 4
-Indicates the use of the key.
-\fBtype\fR
-must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.SH "GENERATED KEY FILES"
-.PP
-When
-\fBdnssec\-keyfromlabel\fR
-completes successfully, it prints a string of the form
-\fIKnnnn.+aaa+iiiii\fR
-to the standard output. This is an identification string for the key files it has generated.
-.TP 4
-\(bu
-\fInnnn\fR
-is the key name.
-.TP 4
-\(bu
-\fIaaa\fR
-is the numeric representation of the algorithm.
-.TP 4
-\(bu
-\fIiiiii\fR
-is the key identifier (or footprint).
-.PP
-\fBdnssec\-keyfromlabel\fR
-creates two files, with names based on the printed string.
-\fIKnnnn.+aaa+iiiii.key\fR
-contains the public key, and
-\fIKnnnn.+aaa+iiiii.private\fR
-contains the private key.
-.PP
-The
-\fI.key\fR
-file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement).
-.PP
-The
-\fI.private\fR
-file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission.
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 4034.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2008, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dnssec/dnssec-keyfromlabel.c

@@ -1,333 +0,0 @@
-/*
- * Copyright (C) 2007, 2008, 2010-2012  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id$ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdlib.h>
-
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/mem.h>
-#include <isc/region.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/fixedname.h>
-#include <dns/keyvalues.h>
-#include <dns/log.h>
-#include <dns/name.h>
-#include <dns/rdataclass.h>
-#include <dns/result.h>
-#include <dns/secalg.h>
-
-#include <dst/dst.h>
-
-#include "dnssectool.h"
-
-#define MAX_RSA 4096 /* should be long enough... */
-
-const char *program = "dnssec-keyfromlabel";
-int verbose;
-
-static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
-			  " NSEC3DSA | NSEC3RSASHA1 |"
-			  " RSASHA256 | RSASHA512";
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s -a alg -l label [options] name\n\n",
-		program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-	fprintf(stderr, "Required options:\n");
-	fprintf(stderr, "    -a algorithm: %s\n", algs);
-	fprintf(stderr, "    -l label: label of the key\n");
-	fprintf(stderr, "    name: owner of the key\n");
-	fprintf(stderr, "Other options:\n");
-	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
-	fprintf(stderr, "        (DNSKEY generation defaults to ZONE\n");
-	fprintf(stderr, "    -c <class> (default: IN)\n");
-	fprintf(stderr, "    -f keyflag: KSK\n");
-	fprintf(stderr, "    -t <type>: "
-		"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
-		"(default: AUTHCONF)\n");
-	fprintf(stderr, "    -p <protocol>: "
-	       "default: 3 [dnssec]\n");
-	fprintf(stderr, "    -v <verbose level>\n");
-	fprintf(stderr, "    -k : generate a TYPE=KEY key\n");
-	fprintf(stderr, "Output:\n");
-	fprintf(stderr, "     K<name>+<alg>+<id>.key, "
-		"K<name>+<alg>+<id>.private\n");
-
-	exit (-1);
-}
-
-int
-main(int argc, char **argv) {
-	char		*algname = NULL, *nametype = NULL, *type = NULL;
-	char		*classname = NULL;
-	char		*endp;
-	dst_key_t	*key = NULL, *oldkey;
-	dns_fixedname_t	fname;
-	dns_name_t	*name;
-	isc_uint16_t	flags = 0, ksk = 0;
-	dns_secalg_t	alg;
-	isc_mem_t	*mctx = NULL;
-	int		ch;
-	int		protocol = -1, signatory = 0;
-	isc_result_t	ret;
-	isc_textregion_t r;
-	char		filename[255];
-	isc_buffer_t	buf;
-	isc_log_t	*log = NULL;
-	isc_entropy_t	*ectx = NULL;
-	dns_rdataclass_t rdclass;
-	int		options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
-	char		*label = NULL;
-
-	if (argc == 1)
-		usage();
-
-	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
-
-	dns_result_register();
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((ch = isc_commandline_parse(argc, argv,
-					 "a:c:f:kl:n:p:t:v:h")) != -1)
-	{
-	    switch (ch) {
-		case 'a':
-			algname = isc_commandline_argument;
-			break;
-		case 'c':
-			classname = isc_commandline_argument;
-			break;
-		case 'f':
-			if (strcasecmp(isc_commandline_argument, "KSK") == 0)
-				ksk = DNS_KEYFLAG_KSK;
-			else
-				fatal("unknown flag '%s'",
-				      isc_commandline_argument);
-			break;
-		case 'k':
-			options |= DST_TYPE_KEY;
-			break;
-		case 'l':
-			label = isc_commandline_argument;
-			break;
-		case 'n':
-			nametype = isc_commandline_argument;
-			break;
-		case 'p':
-			protocol = strtol(isc_commandline_argument, &endp, 10);
-			if (*endp != '\0' || protocol < 0 || protocol > 255)
-				fatal("-p must be followed by a number "
-				      "[0..255]");
-			break;
-		case 't':
-			type = isc_commandline_argument;
-			break;
-		case 'v':
-			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("-v must be followed by a number");
-			break;
-
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
-	ret = dst_lib_init(mctx, ectx,
-			   ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
-	if (ret != ISC_R_SUCCESS)
-		fatal("could not initialize dst");
-
-	setup_logging(verbose, mctx, &log);
-
-	if (label == NULL)
-		fatal("the key label was not specified");
-	if (argc < isc_commandline_index + 1)
-		fatal("the key name was not specified");
-	if (argc > isc_commandline_index + 1)
-		fatal("extraneous arguments");
-
-	if (algname == NULL)
-		fatal("no algorithm was specified");
-	if (strcasecmp(algname, "RSA") == 0) {
-		fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
-				"If you still wish to use RSA (RSAMD5) please "
-				"specify \"-a RSAMD5\"\n");
-		return (1);
-	} else {
-		r.base = algname;
-		r.length = strlen(algname);
-		ret = dns_secalg_fromtext(&alg, &r);
-		if (ret != ISC_R_SUCCESS)
-			fatal("unknown algorithm %s", algname);
-		if (alg == DST_ALG_DH)
-			options |= DST_TYPE_KEY;
-	}
-
-	if (type != NULL && (options & DST_TYPE_KEY) != 0) {
-		if (strcasecmp(type, "NOAUTH") == 0)
-			flags |= DNS_KEYTYPE_NOAUTH;
-		else if (strcasecmp(type, "NOCONF") == 0)
-			flags |= DNS_KEYTYPE_NOCONF;
-		else if (strcasecmp(type, "NOAUTHCONF") == 0) {
-			flags |= (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF);
-		}
-		else if (strcasecmp(type, "AUTHCONF") == 0)
-			/* nothing */;
-		else
-			fatal("invalid type %s", type);
-	}
-
-	if (nametype == NULL) {
-		if ((options & DST_TYPE_KEY) != 0) /* KEY */
-			fatal("no nametype specified");
-		flags |= DNS_KEYOWNER_ZONE;	/* DNSKEY */
-	} else if (strcasecmp(nametype, "zone") == 0)
-		flags |= DNS_KEYOWNER_ZONE;
-	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY */
-		if (strcasecmp(nametype, "host") == 0 ||
-			 strcasecmp(nametype, "entity") == 0)
-			flags |= DNS_KEYOWNER_ENTITY;
-		else if (strcasecmp(nametype, "user") == 0)
-			flags |= DNS_KEYOWNER_USER;
-		else
-			fatal("invalid KEY nametype %s", nametype);
-	} else if (strcasecmp(nametype, "other") != 0) /* DNSKEY */
-		fatal("invalid DNSKEY nametype %s", nametype);
-
-	rdclass = strtoclass(classname);
-
-	if ((options & DST_TYPE_KEY) != 0)  /* KEY */
-		flags |= signatory;
-	else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */
-		flags |= ksk;
-
-	if (protocol == -1)
-		protocol = DNS_KEYPROTO_DNSSEC;
-	else if ((options & DST_TYPE_KEY) == 0 &&
-		 protocol != DNS_KEYPROTO_DNSSEC)
-		fatal("invalid DNSKEY protocol: %d", protocol);
-
-	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
-		if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
-			fatal("specified null key with signing authority");
-	}
-
-	if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE &&
-	    alg == DNS_KEYALG_DH)
-		fatal("a key with algorithm '%s' cannot be a zone key",
-		      algname);
-
-	dns_fixedname_init(&fname);
-	name = dns_fixedname_name(&fname);
-	isc_buffer_init(&buf, argv[isc_commandline_index],
-			strlen(argv[isc_commandline_index]));
-	isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
-	ret = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
-	if (ret != ISC_R_SUCCESS)
-		fatal("invalid key name %s: %s", argv[isc_commandline_index],
-		      isc_result_totext(ret));
-
-	isc_buffer_init(&buf, filename, sizeof(filename) - 1);
-
-	/* associate the key */
-	ret = dst_key_fromlabel(name, alg, flags, protocol,
-				rdclass, "", label, NULL, mctx, &key);
-	isc_entropy_stopcallbacksources(ectx);
-
-	if (ret != ISC_R_SUCCESS) {
-		char namestr[DNS_NAME_FORMATSIZE];
-		char algstr[ALG_FORMATSIZE];
-		dns_name_format(name, namestr, sizeof(namestr));
-		alg_format(alg, algstr, sizeof(algstr));
-		fatal("failed to generate key %s/%s: %s\n",
-		      namestr, algstr, isc_result_totext(ret));
-		exit(-1);
-	}
-
-	/*
-	 * Try to read a key with the same name, alg and id from disk.
-	 * If there is one we must continue generating a new one
-	 * unless we were asked to generate a null key, in which
-	 * case we return failure.
-	 */
-	ret = dst_key_fromfile(name, dst_key_id(key), alg,
-			       DST_TYPE_PRIVATE, NULL, mctx, &oldkey);
-	/* do not overwrite an existing key  */
-	if (ret == ISC_R_SUCCESS) {
-		isc_buffer_clear(&buf);
-		ret = dst_key_buildfilename(key, 0, NULL, &buf);
-		if (ret != ISC_R_SUCCESS)
-			fatal("dst_key_buildfilename returned: %s\n",
-			      isc_result_totext(ret));
-		fprintf(stderr, "%s: %s already exists\n",
-			program, filename);
-		dst_key_free(&key);
-		exit (1);
-	}
-
-	ret = dst_key_tofile(key, options, NULL);
-	if (ret != ISC_R_SUCCESS) {
-		char keystr[KEY_FORMATSIZE];
-		key_format(key, keystr, sizeof(keystr));
-		fatal("failed to write key %s: %s\n", keystr,
-		      isc_result_totext(ret));
-	}
-
-	isc_buffer_clear(&buf);
-	ret = dst_key_buildfilename(key, 0, NULL, &buf);
-	if (ret != ISC_R_SUCCESS)
-		fatal("dst_key_buildfilename returned: %s\n",
-		      isc_result_totext(ret));
-	printf("%s\n", filename);
-	dst_key_free(&key);
-
-	cleanup_logging(&log);
-	cleanup_entropy(&ectx);
-	dst_lib_destroy();
-	dns_name_destroy();
-	if (verbose > 10)
-		isc_mem_stats(mctx, stdout);
-	isc_mem_destroy(&mctx);
-
-	return (0);
-}

bin/dnssec/dnssec-keyfromlabel.docbook

@@ -1,273 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-	       [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2008, 2010, 2012  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id$ -->
-<refentry id="man.dnssec-keyfromlabel">
-  <refentryinfo>
-    <date>February 8, 2008</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-keyfromlabel</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-keyfromlabel</application></refname>
-    <refpurpose>DNSSEC key generation tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2008</year>
-      <year>2010</year>
-      <year>2012</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-keyfromlabel</command>
-      <arg choice="req">-a <replaceable class="parameter">algorithm</replaceable></arg>
-      <arg choice="req">-l <replaceable class="parameter">label</replaceable></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
-      <arg><option>-k</option></arg>
-      <arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
-      <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
-      <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg choice="req">name</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-keyfromlabel</command>
-      gets keys with the given label from a crypto hardware and builds
-      key files for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
-        <listitem>
-	  <para>
-	    Selects the cryptographic algorithm.  The value of
-	    <option>algorithm</option> must be one of RSAMD5,
- 	    RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256,
- 	    RSASHA512 or DH (Diffie Hellman).
-	    These values are case insensitive.
-	  </para>
-          <para>
-            If no algorithm is specified, then RSASHA1 will be used by
-            default, unless the <option>-3</option> option is specified,
-            in which case NSEC3RSASHA1 will be used instead.  (If
-            <option>-3</option> is used and an algorithm is specified,
-            that algorithm will be checked for compatibility with NSEC3.)
-          </para>
-          <para>
-            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.
-          </para>
-          <para>
-            Note 2: DH automatically sets the -k flag.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-l <replaceable class="parameter">label</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the label of keys in the crypto hardware
-            (PKCS#11 device).
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-n <replaceable class="parameter">nametype</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the owner type of the key.  The value of
-            <option>nametype</option> must either be ZONE (for a DNSSEC
-            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
-            a host (KEY)),
-            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are
-            case insensitive.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-        <listitem>
-          <para>
-            Indicates that the DNS record containing the key should have
-            the specified class.  If not specified, class IN is used.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-f <replaceable class="parameter">flag</replaceable></term>
-        <listitem>
-          <para>
-            Set the specified flag in the flag field of the KEY/DNSKEY record.
-            The only recognized flag is KSK (Key Signing Key) DNSKEY.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Prints a short summary of the options and arguments to
-            <command>dnssec-keygen</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-k</term>
-        <listitem>
-          <para>
-            Generate KEY records rather than DNSKEY records.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p <replaceable class="parameter">protocol</replaceable></term>
-        <listitem>
-          <para>
-            Sets the protocol value for the generated key.  The protocol
-            is a number between 0 and 255.  The default is 3 (DNSSEC).
-            Other possible values for this argument are listed in
-            RFC 2535 and its successors.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t <replaceable class="parameter">type</replaceable></term>
-        <listitem>
-          <para>
-            Indicates the use of the key.  <option>type</option> must be
-            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-            is AUTHCONF.  AUTH refers to the ability to authenticate
-            data, and CONF the ability to encrypt data.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>GENERATED KEY FILES</title>
-    <para>
-      When <command>dnssec-keyfromlabel</command> completes
-      successfully,
-      it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
-      to the standard output.  This is an identification string for
-      the key files it has generated.
-    </para>
-    <itemizedlist>
-      <listitem>
-        <para><filename>nnnn</filename> is the key name.
-        </para>
-      </listitem>
-      <listitem>
-        <para><filename>aaa</filename> is the numeric representation
-          of the
-          algorithm.
-        </para>
-      </listitem>
-      <listitem>
-        <para><filename>iiiii</filename> is the key identifier (or
-          footprint).
-        </para>
-      </listitem>
-    </itemizedlist>
-    <para><command>dnssec-keyfromlabel</command> 
-      creates two files, with names based
-      on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
-      contains the public key, and
-      <filename>Knnnn.+aaa+iiiii.private</filename> contains the
-      private
-      key.
-    </para>
-    <para>
-      The <filename>.key</filename> file contains a DNS KEY record
-      that
-      can be inserted into a zone file (directly or with a $INCLUDE
-      statement).
-    </para>
-    <para>
-      The <filename>.private</filename> file contains algorithm
-      specific
-      fields.  For obvious security reasons, this file does not have
-      general read permission.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 4034</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-keyfromlabel.html

@@ -1,177 +0,0 @@
-<!--
- - Copyright (C) 2008, 2010, 2012 Internet Systems Consortium, Inc. ("ISC")
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id$ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dnssec-keyfromlabel</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">dnssec-keyfromlabel</span> &#8212; DNSSEC key generation tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543419"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
-      gets keys with the given label from a crypto hardware and builds
-      key files for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543431"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd>
-<p>
-	    Selects the cryptographic algorithm.  The value of
-	    <code class="option">algorithm</code> must be one of RSAMD5,
- 	    RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256,
- 	    RSASHA512 or DH (Diffie Hellman).
-	    These values are case insensitive.
-	  </p>
-<p>
-            If no algorithm is specified, then RSASHA1 will be used by
-            default, unless the <code class="option">-3</code> option is specified,
-            in which case NSEC3RSASHA1 will be used instead.  (If
-            <code class="option">-3</code> is used and an algorithm is specified,
-            that algorithm will be checked for compatibility with NSEC3.)
-          </p>
-<p>
-            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.
-          </p>
-<p>
-            Note 2: DH automatically sets the -k flag.
-          </p>
-</dd>
-<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
-<dd><p>
-            Specifies the label of keys in the crypto hardware
-            (PKCS#11 device).
-          </p></dd>
-<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
-<dd><p>
-            Specifies the owner type of the key.  The value of
-            <code class="option">nametype</code> must either be ZONE (for a DNSSEC
-            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
-            a host (KEY)),
-            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are
-            case insensitive.
-          </p></dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
-            Indicates that the DNS record containing the key should have
-            the specified class.  If not specified, class IN is used.
-          </p></dd>
-<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
-<dd><p>
-            Set the specified flag in the flag field of the KEY/DNSKEY record.
-            The only recognized flag is KSK (Key Signing Key) DNSKEY.
-          </p></dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Prints a short summary of the options and arguments to
-            <span><strong class="command">dnssec-keygen</strong></span>.
-          </p></dd>
-<dt><span class="term">-k</span></dt>
-<dd><p>
-            Generate KEY records rather than DNSKEY records.
-          </p></dd>
-<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
-<dd><p>
-            Sets the protocol value for the generated key.  The protocol
-            is a number between 0 and 255.  The default is 3 (DNSSEC).
-            Other possible values for this argument are listed in
-            RFC 2535 and its successors.
-          </p></dd>
-<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
-<dd><p>
-            Indicates the use of the key.  <code class="option">type</code> must be
-            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-            is AUTHCONF.  AUTH refers to the ability to authenticate
-            data, and CONF the ability to encrypt data.
-          </p></dd>
-<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-            Sets the debugging level.
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543635"></a><h2>GENERATED KEY FILES</h2>
-<p>
-      When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
-      successfully,
-      it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
-      to the standard output.  This is an identification string for
-      the key files it has generated.
-    </p>
-<div class="itemizedlist"><ul type="disc">
-<li><p><code class="filename">nnnn</code> is the key name.
-        </p></li>
-<li><p><code class="filename">aaa</code> is the numeric representation
-          of the
-          algorithm.
-        </p></li>
-<li><p><code class="filename">iiiii</code> is the key identifier (or
-          footprint).
-        </p></li>
-</ul></div>
-<p><span><strong class="command">dnssec-keyfromlabel</strong></span> 
-      creates two files, with names based
-      on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
-      contains the public key, and
-      <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
-      private
-      key.
-    </p>
-<p>
-      The <code class="filename">.key</code> file contains a DNS KEY record
-      that
-      can be inserted into a zone file (directly or with a $INCLUDE
-      statement).
-    </p>
-<p>
-      The <code class="filename">.private</code> file contains algorithm
-      specific
-      fields.  For obvious security reasons, this file does not have
-      general read permission.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543707"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 4034</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543740"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/dnssec/dnssec-keygen.8

@@ -1,204 +0,0 @@
-.\" Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium.
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id$
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-keygen
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: June 30, 2000
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-KEYGEN" "8" "June 30, 2000" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-keygen \- DNSSEC key generation tool
-.SH "SYNOPSIS"
-.HP 14
-\fBdnssec\-keygen\fR {\-a\ \fIalgorithm\fR} {\-b\ \fIkeysize\fR} {\-n\ \fInametype\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-k\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-keygen\fR
-generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
-.PP
-The
-\fBname\fR
-of the key is specified on the command line. For DNSSEC keys, this must match the name of the zone for which the key is being generated.
-.SH "OPTIONS"
-.PP
-\-a \fIalgorithm\fR
-.RS 4
-Selects the cryptographic algorithm. For DNSSEC keys, the value of
-\fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
-.sp
-Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
-.sp
-Note 2: HMAC\-MD5 and DH automatically set the \-k flag.
-.RE
-.PP
-\-b \fIkeysize\fR
-.RS 4
-Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits.
-.RE
-.PP
-\-n \fInametype\fR
-.RS 4
-Specifies the owner type of the key. The value of
-\fBnametype\fR
-must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. Defaults to ZONE for DNSKEY generation.
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
-.RE
-.PP
-\-e
-.RS 4
-If generating an RSAMD5/RSASHA1 key, use a large exponent.
-.RE
-.PP
-\-f \fIflag\fR
-.RS 4
-Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY.
-.RE
-.PP
-\-g \fIgenerator\fR
-.RS 4
-If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2.
-.RE
-.PP
-\-h
-.RS 4
-Prints a short summary of the options and arguments to
-\fBdnssec\-keygen\fR.
-.RE
-.PP
-\-k
-.RS 4
-Generate KEY records rather than DNSKEY records.
-.RE
-.PP
-\-p \fIprotocol\fR
-.RS 4
-Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
-.RE
-.PP
-\-r \fIrandomdev\fR
-.RS 4
-Specifies the source of randomness. If the operating system does not provide a
-\fI/dev/random\fR
-or equivalent device, the default source of randomness is keyboard input.
-\fIrandomdev\fR
-specifies the name of a character device or file containing random data to be used instead of the default. The special value
-\fIkeyboard\fR
-indicates that keyboard input should be used.
-.RE
-.PP
-\-s \fIstrength\fR
-.RS 4
-Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
-.RE
-.PP
-\-t \fItype\fR
-.RS 4
-Indicates the use of the key.
-\fBtype\fR
-must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.SH "GENERATED KEYS"
-.PP
-When
-\fBdnssec\-keygen\fR
-completes successfully, it prints a string of the form
-\fIKnnnn.+aaa+iiiii\fR
-to the standard output. This is an identification string for the key it has generated.
-.TP 4
-\(bu
-\fInnnn\fR
-is the key name.
-.TP 4
-\(bu
-\fIaaa\fR
-is the numeric representation of the algorithm.
-.TP 4
-\(bu
-\fIiiiii\fR
-is the key identifier (or footprint).
-.PP
-\fBdnssec\-keygen\fR
-creates two files, with names based on the printed string.
-\fIKnnnn.+aaa+iiiii.key\fR
-contains the public key, and
-\fIKnnnn.+aaa+iiiii.private\fR
-contains the private key.
-.PP
-The
-\fI.key\fR
-file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement).
-.PP
-The
-\fI.private\fR
-file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission.
-.PP
-Both
-\fI.key\fR
-and
-\fI.private\fR
-files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent.
-.SH "EXAMPLE"
-.PP
-To generate a 768\-bit DSA key for the domain
-\fBexample.com\fR, the following command would be issued:
-.PP
-\fBdnssec\-keygen \-a DSA \-b 768 \-n ZONE example.com\fR
-.PP
-The command would print a string of the form:
-.PP
-\fBKexample.com.+003+26160\fR
-.PP
-In this example,
-\fBdnssec\-keygen\fR
-creates the files
-\fIKexample.com.+003+26160.key\fR
-and
-\fIKexample.com.+003+26160.private\fR.
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-signzone\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 2539,
-RFC 2845,
-RFC 4034.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
-.br

bin/dnssec/dnssec-keygen.c

@@ -1,37 +1,23 @@
 /*
- * Portions Copyright (C) 2004-2008, 2010-2012  Internet Systems Consortium, Inc. ("ISC")
- * Portions Copyright (C) 1999-2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
- * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
- * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
+ * Portions Copyright (C) 2000  Internet Software Consortium.
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
- * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
- * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND
+ * NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
+ * SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK
+ * ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id$ */
-
-/*! \file */
+/* $Id: dnssec-keygen.c,v 1.36 2000/06/22 02:48:12 bwelling Exp $ */
 
 #include <config.h>
 
@@ -49,92 +35,63 @@
 #include <dns/keyvalues.h>
 #include <dns/log.h>
 #include <dns/name.h>
-#include <dns/rdataclass.h>
 #include <dns/result.h>
 #include <dns/secalg.h>
 
 #include <dst/dst.h>
+#include <dst/result.h>
 
 #include "dnssectool.h"
 
-#define MAX_RSA 4096 /* should be long enough... */
+#define MAX_RSA 2048 /* XXX ogud update this when rsa library is updated */
 
 const char *program = "dnssec-keygen";
 int verbose;
 
-static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | RSASHA256 |"
-			  " RSASHA512 | NSEC3DSA | NSEC3RSASHA1 | HMAC-MD5 |"
-			  " HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 |"
-			  " HMAC-SHA384 | HMAC-SHA512";
-
 static isc_boolean_t
 dsa_size_ok(int size) {
 	return (ISC_TF(size >= 512 && size <= 1024 && size % 64 == 0));
 }
 
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
 static void
 usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s -a alg -b bits [-n type] [options] name\n\n",
-		program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-	fprintf(stderr, "Required options:\n");
-	fprintf(stderr, "    -a algorithm: %s\n", algs);
-	fprintf(stderr, "    -b key size, in bits:\n");
-	fprintf(stderr, "        RSAMD5:\t\t[512..%d]\n", MAX_RSA);
-	fprintf(stderr, "        RSASHA1:\t\t[512..%d]\n", MAX_RSA);
-	fprintf(stderr, "        NSEC3RSASHA1:\t\t[512..%d]\n", MAX_RSA);
-	fprintf(stderr, "	 RSASHA256:\t[512..%d]\n", MAX_RSA);
-	fprintf(stderr, "	 RSASHA512:\t[1024..%d]\n", MAX_RSA);
-	fprintf(stderr, "        DH:\t\t[128..4096]\n");
-	fprintf(stderr, "        DSA:\t\t[512..1024] and divisible by 64\n");
-	fprintf(stderr, "        NSEC3DSA:\t\t[512..1024] and divisible by 64\n");
-	fprintf(stderr, "        HMAC-MD5:\t[1..512]\n");
-	fprintf(stderr, "        HMAC-SHA1:\t[1..160]\n");
-	fprintf(stderr, "        HMAC-SHA224:\t[1..224]\n");
-	fprintf(stderr, "        HMAC-SHA256:\t[1..256]\n");
-	fprintf(stderr, "        HMAC-SHA384:\t[1..384]\n");
-	fprintf(stderr, "        HMAC-SHA512:\t[1..512]\n");
-	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
-	fprintf(stderr, "        (DNSKEY generation defaults to ZONE\n");
-	fprintf(stderr, "    name: owner of the key\n");
-	fprintf(stderr, "Other options:\n");
-	fprintf(stderr, "    -c <class> (default: IN)\n");
-	fprintf(stderr, "    -d <digest bits> (0 => max, default)\n");
-	fprintf(stderr, "    -e use large exponent (RSAMD5/RSASHA1 only)\n");
-	fprintf(stderr, "    -f keyflag: KSK\n");
-	fprintf(stderr, "    -g <generator> use specified generator "
-		"(DH only)\n");
-	fprintf(stderr, "    -t <type>: "
-		"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
-		"(default: AUTHCONF)\n");
-	fprintf(stderr, "    -p <protocol>: "
-	       "default: 3 [dnssec]\n");
-	fprintf(stderr, "    -s <strength> strength value this key signs DNS "
-		"records with (default: 0)\n");
-	fprintf(stderr, "    -r <randomdev>: a file containing random data\n");
-	fprintf(stderr, "    -v <verbose level>\n");
-	fprintf(stderr, "    -k : generate a TYPE=KEY key\n");
-	fprintf(stderr, "Output:\n");
-	fprintf(stderr, "     K<name>+<alg>+<id>.key, "
-		"K<name>+<alg>+<id>.private\n");
+	printf("Usage:\n");
+	printf("    %s [options] name\n\n", program);
+	printf("Required options:\n");
+	printf("    -a algorithm: RSA | RSAMD5 | DH | DSA | HMAC-MD5\n");
+	printf("    -b key size, in bits:\n");
+	printf("        RSA:\t\t[512..%d]\n", MAX_RSA);
+	printf("        DH:\t\t[128..4096]\n");
+	printf("        DSA:\t\t[512..1024] and dividable by 64\n");
+	printf("        HMAC-MD5:\t[1..512]\n");
+	printf("    -n nametype: ZONE | HOST | ENTITY | USER\n");
+	printf("    name: owner of the key\n");
+	printf("Other options:\n");
+	printf("    -e use large exponent (RSA only)\n");
+	printf("    -g use specified generator (DH only)\n");
+	printf("    -t type: AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF\n");
+	printf("        default: AUTHCONF\n");
+	printf("    -p protocol value\n");
+	printf("        default: 2 (email) for User keys, "
+	       			"3 (dnssec) for all others\n");
+	printf("    -s strength value this key signs DNS records with\n");
+	printf("        default: 0\n");
+	printf("    -r randomdev\n");
+        printf("        a file containing random data\n");
+	printf("    -v verbose level\n");
 
 	exit (-1);
 }
 
 int
 main(int argc, char **argv) {
-	char		*algname = NULL, *freeit = NULL;
-	char		*nametype = NULL, *type = NULL;
-	char		*classname = NULL;
-	char		*endp;
+	char		*algname = NULL, *nametype = NULL, *type = NULL;
+	char		*randomfile = NULL;
+	char		*prog, *endp;
 	dst_key_t	*key = NULL, *oldkey;
 	dns_fixedname_t	fname;
 	dns_name_t	*name;
-	isc_uint16_t	flags = 0, ksk = 0;
+	isc_uint16_t	flags = 0;
 	dns_secalg_t	alg;
 	isc_boolean_t	conflict = ISC_FALSE, null_key = ISC_FALSE;
 	isc_mem_t	*mctx = NULL;
@@ -146,63 +103,55 @@ main(int argc, char **argv) {
 	isc_buffer_t	buf;
 	isc_log_t	*log = NULL;
 	isc_entropy_t	*ectx = NULL;
-	dns_rdataclass_t rdclass;
-	int		options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
-	int		dbits = 0;
+
+	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
+
+	if ((prog = strrchr(argv[0],'/')) == NULL)
+		prog = isc_mem_strdup(mctx, argv[0]);
+	else
+		prog = isc_mem_strdup(mctx, ++prog);
+	if (prog == NULL)
+		fatal("out of memory");
 
 	if (argc == 1)
 		usage();
 
-	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
-
 	dns_result_register();
 
-	isc_commandline_errprint = ISC_FALSE;
-
 	while ((ch = isc_commandline_parse(argc, argv,
-					 "a:b:c:d:ef:g:kn:t:p:s:r:v:h")) != -1)
+					   "a:b:eg:n:t:p:s:hr:v:")) != -1)
 	{
 	    switch (ch) {
 		case 'a':
-			algname = isc_commandline_argument;
+			algname = isc_mem_strdup(mctx,
+						  isc_commandline_argument);
+			if (algname == NULL)
+				fatal("out of memory");
 			break;
 		case 'b':
 			size = strtol(isc_commandline_argument, &endp, 10);
 			if (*endp != '\0' || size < 0)
 				fatal("-b requires a non-negative number");
 			break;
-		case 'c':
-			classname = isc_commandline_argument;
-			break;
-		case 'd':
-			dbits = strtol(isc_commandline_argument, &endp, 10);
-			if (*endp != '\0' || dbits < 0)
-				fatal("-d requires a non-negative number");
-			break;
 		case 'e':
 			rsa_exp = 1;
 			break;
-		case 'f':
-			if (strcasecmp(isc_commandline_argument, "KSK") == 0)
-				ksk = DNS_KEYFLAG_KSK;
-			else
-				fatal("unknown flag '%s'",
-				      isc_commandline_argument);
-			break;
 		case 'g':
 			generator = strtol(isc_commandline_argument,
 					   &endp, 10);
 			if (*endp != '\0' || generator <= 0)
 				fatal("-g requires a positive number");
 			break;
-		case 'k':
-			options |= DST_TYPE_KEY;
-			break;
 		case 'n':
-			nametype = isc_commandline_argument;
+			nametype = isc_mem_strdup(mctx,
+						  isc_commandline_argument);
+			if (nametype == NULL)
+				fatal("out of memory");
 			break;
 		case 't':
-			type = isc_commandline_argument;
+			type = isc_mem_strdup(mctx, isc_commandline_argument);
+			if (type == NULL)
+				fatal("out of memory");
 			break;
 		case 'p':
 			protocol = strtol(isc_commandline_argument, &endp, 10);
@@ -218,7 +167,10 @@ main(int argc, char **argv) {
 				      "[0..15]");
 			break;
 		case 'r':
-			setup_entropy(mctx, isc_commandline_argument, &ectx);
+			randomfile = isc_mem_strdup(mctx,
+						    isc_commandline_argument);
+			if (randomfile == NULL)
+				fatal("out of memory");
 			break;
 		case 'v':
 			endp = NULL;
@@ -227,22 +179,18 @@ main(int argc, char **argv) {
 				fatal("-v must be followed by a number");
 			break;
 
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
 		case 'h':
 			usage();
-
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
+			fprintf(stderr, "%s: invalid argument -%c\n",
+				program, ch);
+			usage();
+		} 
 	}
 
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
+	setup_entropy(mctx, randomfile, &ectx);
+	if (randomfile != NULL)
+		isc_mem_free(mctx, randomfile);
 	ret = dst_lib_init(mctx, ectx,
 			   ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
 	if (ret != ISC_R_SUCCESS)
@@ -257,40 +205,21 @@ main(int argc, char **argv) {
 
 	if (algname == NULL)
 		fatal("no algorithm was specified");
-	if (strcasecmp(algname, "RSA") == 0) {
-		fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
-				"If you still wish to use RSA (RSAMD5) please "
-				"specify \"-a RSAMD5\"\n");
-		return (1);
-	} else if (strcasecmp(algname, "HMAC-MD5") == 0) {
-		options |= DST_TYPE_KEY;
+	if (strcasecmp(algname, "RSA") == 0)
+		alg = DNS_KEYALG_RSA;
+	else if (strcasecmp(algname, "HMAC-MD5") == 0)
 		alg = DST_ALG_HMACMD5;
-	} else if (strcasecmp(algname, "HMAC-SHA1") == 0) {
-		options |= DST_TYPE_KEY;
-		alg = DST_ALG_HMACSHA1;
-	} else if (strcasecmp(algname, "HMAC-SHA224") == 0) {
-		options |= DST_TYPE_KEY;
-		alg = DST_ALG_HMACSHA224;
-	} else if (strcasecmp(algname, "HMAC-SHA256") == 0) {
-		options |= DST_TYPE_KEY;
-		alg = DST_ALG_HMACSHA256;
-	} else if (strcasecmp(algname, "HMAC-SHA384") == 0) {
-		options |= DST_TYPE_KEY;
-		alg = DST_ALG_HMACSHA384;
-	} else if (strcasecmp(algname, "HMAC-SHA512") == 0) {
-		options |= DST_TYPE_KEY;
-		alg = DST_ALG_HMACSHA512;
-	} else {
+	else {
 		r.base = algname;
 		r.length = strlen(algname);
 		ret = dns_secalg_fromtext(&alg, &r);
 		if (ret != ISC_R_SUCCESS)
 			fatal("unknown algorithm %s", algname);
-		if (alg == DST_ALG_DH)
-			options |= DST_TYPE_KEY;
 	}
+	if (dst_algorithm_supported(alg) == ISC_FALSE)
+		fatal("unsupported algorithm %s", algname);
 
-	if (type != NULL && (options & DST_TYPE_KEY) != 0) {
+	if (type != NULL) {
 		if (strcasecmp(type, "NOAUTH") == 0)
 			flags |= DNS_KEYTYPE_NOAUTH;
 		else if (strcasecmp(type, "NOCONF") == 0)
@@ -310,135 +239,58 @@ main(int argc, char **argv) {
 		fatal("key size not specified (-b option)");
 
 	switch (alg) {
-	case DNS_KEYALG_RSAMD5:
-	case DNS_KEYALG_RSASHA1:
-	case DNS_KEYALG_NSEC3RSASHA1:
-	case DNS_KEYALG_RSASHA256:
+	case DNS_KEYALG_RSA:
 		if (size != 0 && (size < 512 || size > MAX_RSA))
 			fatal("RSA key size %d out of range", size);
 		break;
-	case DNS_KEYALG_RSASHA512:
-		if (size != 0 && (size < 1024 || size > MAX_RSA))
-			fatal("RSA key size %d out of range", size);
-		break;
 	case DNS_KEYALG_DH:
 		if (size != 0 && (size < 128 || size > 4096))
 			fatal("DH key size %d out of range", size);
 		break;
 	case DNS_KEYALG_DSA:
-	case DNS_KEYALG_NSEC3DSA:
 		if (size != 0 && !dsa_size_ok(size))
-			fatal("invalid DSS key size: %d", size);
+			fatal("Invalid DSS key size: %d", size);
 		break;
 	case DST_ALG_HMACMD5:
 		if (size < 1 || size > 512)
 			fatal("HMAC-MD5 key size %d out of range", size);
-		if (dbits != 0 && (dbits < 80 || dbits > 128))
-			fatal("HMAC-MD5 digest bits %d out of range", dbits);
-		if ((dbits % 8) != 0)
-			fatal("HMAC-MD5 digest bits %d not divisible by 8",
-			      dbits);
-		break;
-	case DST_ALG_HMACSHA1:
-		if (size < 1 || size > 160)
-			fatal("HMAC-SHA1 key size %d out of range", size);
-		if (dbits != 0 && (dbits < 80 || dbits > 160))
-			fatal("HMAC-SHA1 digest bits %d out of range", dbits);
-		if ((dbits % 8) != 0)
-			fatal("HMAC-SHA1 digest bits %d not divisible by 8",
-			      dbits);
-		break;
-	case DST_ALG_HMACSHA224:
-		if (size < 1 || size > 224)
-			fatal("HMAC-SHA224 key size %d out of range", size);
-		if (dbits != 0 && (dbits < 112 || dbits > 224))
-			fatal("HMAC-SHA224 digest bits %d out of range", dbits);
-		if ((dbits % 8) != 0)
-			fatal("HMAC-SHA224 digest bits %d not divisible by 8",
-			      dbits);
-		break;
-	case DST_ALG_HMACSHA256:
-		if (size < 1 || size > 256)
-			fatal("HMAC-SHA256 key size %d out of range", size);
-		if (dbits != 0 && (dbits < 128 || dbits > 256))
-			fatal("HMAC-SHA256 digest bits %d out of range", dbits);
-		if ((dbits % 8) != 0)
-			fatal("HMAC-SHA256 digest bits %d not divisible by 8",
-			      dbits);
-		break;
-	case DST_ALG_HMACSHA384:
-		if (size < 1 || size > 384)
-			fatal("HMAC-384 key size %d out of range", size);
-		if (dbits != 0 && (dbits < 192 || dbits > 384))
-			fatal("HMAC-SHA384 digest bits %d out of range", dbits);
-		if ((dbits % 8) != 0)
-			fatal("HMAC-SHA384 digest bits %d not divisible by 8",
-			      dbits);
-		break;
-	case DST_ALG_HMACSHA512:
-		if (size < 1 || size > 512)
-			fatal("HMAC-SHA512 key size %d out of range", size);
-		if (dbits != 0 && (dbits < 256 || dbits > 512))
-			fatal("HMAC-SHA512 digest bits %d out of range", dbits);
-		if ((dbits % 8) != 0)
-			fatal("HMAC-SHA512 digest bits %d not divisible by 8",
-			      dbits);
 		break;
 	}
 
-	if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1 ||
-	      alg == DNS_KEYALG_NSEC3RSASHA1 || alg == DNS_KEYALG_RSASHA256 ||
-	      alg == DNS_KEYALG_RSASHA512) && rsa_exp != 0)
-		fatal("specified RSA exponent for a non-RSA key");
+	if (alg != DNS_KEYALG_RSA && rsa_exp != 0)
+		fatal("specified RSA exponent without RSA");
 
 	if (alg != DNS_KEYALG_DH && generator != 0)
-		fatal("specified DH generator for a non-DH key");
+		fatal("specified DH generator without DH");
 
-	if (nametype == NULL) {
-		if ((options & DST_TYPE_KEY) != 0) /* KEY / HMAC */
-			fatal("no nametype specified");
-		flags |= DNS_KEYOWNER_ZONE;	/* DNSKEY */
-	} else if (strcasecmp(nametype, "zone") == 0)
+	if (nametype == NULL)
+		fatal("no nametype specified");
+	if (strcasecmp(nametype, "zone") == 0)
 		flags |= DNS_KEYOWNER_ZONE;
-	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY / HMAC */
-		if (strcasecmp(nametype, "host") == 0 ||
-			 strcasecmp(nametype, "entity") == 0)
-			flags |= DNS_KEYOWNER_ENTITY;
-		else if (strcasecmp(nametype, "user") == 0)
-			flags |= DNS_KEYOWNER_USER;
+	else if (strcasecmp(nametype, "host") == 0 ||
+		 strcasecmp(nametype, "entity") == 0)
+		flags |= DNS_KEYOWNER_ENTITY;
+	else if (strcasecmp(nametype, "user") == 0)
+		flags |= DNS_KEYOWNER_USER;
+	else
+		fatal("invalid nametype %s", nametype);
+
+	flags |= signatory;
+
+	if (protocol == -1) {
+		if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_USER)
+			protocol = DNS_KEYPROTO_EMAIL;
 		else
-			fatal("invalid KEY nametype %s", nametype);
-	} else if (strcasecmp(nametype, "other") != 0) /* DNSKEY */
-		fatal("invalid DNSKEY nametype %s", nametype);
-
-	rdclass = strtoclass(classname);
-
-	if ((options & DST_TYPE_KEY) != 0)  /* KEY / HMAC */
-		flags |= signatory;
-	else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */
-		flags |= ksk;
-
-	if (protocol == -1)
-		protocol = DNS_KEYPROTO_DNSSEC;
-	else if ((options & DST_TYPE_KEY) == 0 &&
-		 protocol != DNS_KEYPROTO_DNSSEC)
-		fatal("invalid DNSKEY protocol: %d", protocol);
+			protocol = DNS_KEYPROTO_DNSSEC;
+	}
 
 	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
 		if (size > 0)
-			fatal("specified null key with non-zero size");
+			fatal("Specified null key with non-zero size");
 		if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
-			fatal("specified null key with signing authority");
+			fatal("Specified null key with signing authority");
 	}
 
-	if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE &&
-	    (alg == DNS_KEYALG_DH || alg == DST_ALG_HMACMD5 ||
-	     alg == DST_ALG_HMACSHA1 || alg == DST_ALG_HMACSHA224 ||
-	     alg == DST_ALG_HMACSHA256 || alg == DST_ALG_HMACSHA384 ||
-	     alg == DST_ALG_HMACSHA512))
-		fatal("a key with algorithm '%s' cannot be a zone key",
-		      algname);
-
 	dns_fixedname_init(&fname);
 	name = dns_fixedname_name(&fname);
 	isc_buffer_init(&buf, argv[isc_commandline_index],
@@ -446,28 +298,18 @@ main(int argc, char **argv) {
 	isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
 	ret = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
 	if (ret != ISC_R_SUCCESS)
-		fatal("invalid key name %s: %s", argv[isc_commandline_index],
+		fatal("Invalid key name %s: %s", argv[isc_commandline_index],
 		      isc_result_totext(ret));
 
 	switch(alg) {
-	case DNS_KEYALG_RSAMD5:
-	case DNS_KEYALG_RSASHA1:
-	case DNS_KEYALG_NSEC3RSASHA1:
-	case DNS_KEYALG_RSASHA256:
-	case DNS_KEYALG_RSASHA512:
+	case DNS_KEYALG_RSA:
 		param = rsa_exp;
 		break;
 	case DNS_KEYALG_DH:
 		param = generator;
 		break;
 	case DNS_KEYALG_DSA:
-	case DNS_KEYALG_NSEC3DSA:
 	case DST_ALG_HMACMD5:
-	case DST_ALG_HMACSHA1:
-	case DST_ALG_HMACSHA224:
-	case DST_ALG_HMACSHA256:
-	case DST_ALG_HMACSHA384:
-	case DST_ALG_HMACSHA512:
 		param = 0;
 		break;
 	}
@@ -477,34 +319,29 @@ main(int argc, char **argv) {
 
 	isc_buffer_init(&buf, filename, sizeof(filename) - 1);
 
-	do {
-		conflict = ISC_FALSE;
+	do { 
+		conflict = ISC_FALSE; 
 		oldkey = NULL;
 
 		/* generate the key */
 		ret = dst_key_generate(name, alg, size, param, flags, protocol,
-				       rdclass, mctx, &key);
+				       mctx, &key);
 		isc_entropy_stopcallbacksources(ectx);
 
 		if (ret != ISC_R_SUCCESS) {
-			char namestr[DNS_NAME_FORMATSIZE];
-			char algstr[ALG_FORMATSIZE];
-			dns_name_format(name, namestr, sizeof(namestr));
-			alg_format(alg, algstr, sizeof(algstr));
 			fatal("failed to generate key %s/%s: %s\n",
-			      namestr, algstr, isc_result_totext(ret));
+			      nametostr(name), algtostr(alg),
+			      dst_result_totext(ret));
 			exit(-1);
 		}
-
-		dst_key_setbits(key, dbits);
-
+		
 		/*
 		 * Try to read a key with the same name, alg and id from disk.
-		 * If there is one we must continue generating a new one
+		 * If there is one we must continue generating a new one 
 		 * unless we were asked to generate a null key, in which
 		 * case we return failure.
 		 */
-		ret = dst_key_fromfile(name, dst_key_id(key), alg,
+		ret = dst_key_fromfile(name, dst_key_id(key), alg, 
 				       DST_TYPE_PRIVATE, NULL, mctx, &oldkey);
 		/* do not overwrite an existing key  */
 		if (ret == ISC_R_SUCCESS) {
@@ -517,11 +354,10 @@ main(int argc, char **argv) {
 			if (verbose > 0) {
 				isc_buffer_clear(&buf);
 				ret = dst_key_buildfilename(key, 0, NULL, &buf);
-				if (ret == ISC_R_SUCCESS)
-					fprintf(stderr,
-						"%s: %s already exists, "
-						"generating a new key\n",
-						program, filename);
+				fprintf(stderr,
+					"%s: %s already exists, "
+					"generating a new key\n",
+					program, filename);
 			}
 			dst_key_free(&key);
 		}
@@ -532,32 +368,28 @@ main(int argc, char **argv) {
 		fatal("cannot generate a null key when a key with id 0 "
 		      "already exists");
 
-	ret = dst_key_tofile(key, options, NULL);
-	if (ret != ISC_R_SUCCESS) {
-		char keystr[KEY_FORMATSIZE];
-		key_format(key, keystr, sizeof(keystr));
-		fatal("failed to write key %s: %s\n", keystr,
-		      isc_result_totext(ret));
-	}
+	ret = dst_key_tofile(key, DST_TYPE_PUBLIC | DST_TYPE_PRIVATE, NULL);
+	if (ret != ISC_R_SUCCESS)
+		fatal("failed to write key %s/%s/%d: %s\n", nametostr(name),
+		      algtostr(alg), dst_key_id(key), isc_result_totext(ret));
 
 	isc_buffer_clear(&buf);
 	ret = dst_key_buildfilename(key, 0, NULL, &buf);
-	if (ret != ISC_R_SUCCESS)
-		fatal("dst_key_buildfilename returned: %s\n",
-		      isc_result_totext(ret));
 	printf("%s\n", filename);
+	isc_mem_free(mctx, algname);
+	isc_mem_free(mctx, nametype);
+	isc_mem_free(mctx, prog);
+	if (type != NULL)
+		isc_mem_free(mctx, type);
 	dst_key_free(&key);
 
-	cleanup_logging(&log);
+	if (log != NULL)
+		isc_log_destroy(&log);
 	cleanup_entropy(&ectx);
 	dst_lib_destroy();
-	dns_name_destroy();
 	if (verbose > 10)
 		isc_mem_stats(mctx, stdout);
-	isc_mem_destroy(&mctx);
-
-	if (freeit != NULL)
-		free(freeit);
+        isc_mem_destroy(&mctx);
 
 	return (0);
 }

bin/dnssec/dnssec-keygen.docbook

@@ -1,370 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-	       [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2004, 2005, 2007-2010, 2012  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003  Internet Software Consortium.
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id$ -->
-<refentry id="man.dnssec-keygen">
-  <refentryinfo>
-    <date>June 30, 2000</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-keygen</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-keygen</application></refname>
-    <refpurpose>DNSSEC key generation tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2004</year>
-      <year>2005</year>
-      <year>2007</year>
-      <year>2008</year>
-      <year>2009</year>
-      <year>2010</year>
-      <year>2012</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <year>2003</year>
-      <holder>Internet Software Consortium.</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-keygen</command>
-      <arg choice="req">-a <replaceable class="parameter">algorithm</replaceable></arg>
-      <arg choice="req">-b <replaceable class="parameter">keysize</replaceable></arg>
-      <arg choice="req">-n <replaceable class="parameter">nametype</replaceable></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-e</option></arg>
-      <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
-      <arg><option>-g <replaceable class="parameter">generator</replaceable></option></arg>
-      <arg><option>-h</option></arg>
-      <arg><option>-k</option></arg>
-      <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
-      <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
-      <arg><option>-s <replaceable class="parameter">strength</replaceable></option></arg>
-      <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg choice="req">name</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-keygen</command>
-      generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  It can also generate keys for use with
-      TSIG (Transaction Signatures), as defined in RFC 2845.
-    </para>
-    <para>
-      The <option>name</option> of the key is specified on the command
-      line.  For DNSSEC keys, this must match the name of the zone for
-      which the key is being generated.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
-        <listitem>
-          <para>
-            Selects the cryptographic algorithm.  For DNSSEC keys, the value
-            of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
-            DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
-            For TSIG/TKEY, the value must
-            be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
-            HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
-            case insensitive.
-          </para>
-          <para>
-            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.  For TSIG, HMAC-MD5 is
-	    mandatory.
-          </para>
-          <para>
-            Note 2: HMAC-MD5 and DH automatically set the -k flag.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-b <replaceable class="parameter">keysize</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the number of bits in the key.  The choice of key
-            size depends on the algorithm used.  RSA keys must be
-            between 512 and 2048 bits.  Diffie Hellman keys must be between
-            128 and 4096 bits.  DSA keys must be between 512 and 1024
-            bits and an exact multiple of 64.  HMAC keys must be
-            between 1 and 512 bits.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-n <replaceable class="parameter">nametype</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the owner type of the key.  The value of
-            <option>nametype</option> must either be ZONE (for a DNSSEC
-            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
-            a host (KEY)),
-            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are case insensitive.  Defaults to ZONE for DNSKEY
-	    generation.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-        <listitem>
-          <para>
-            Indicates that the DNS record containing the key should have
-            the specified class.  If not specified, class IN is used.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-e</term>
-        <listitem>
-          <para>
-            If generating an RSAMD5/RSASHA1 key, use a large exponent.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-f <replaceable class="parameter">flag</replaceable></term>
-        <listitem>
-          <para>
-            Set the specified flag in the flag field of the KEY/DNSKEY record.
-            		The only recognized flag is KSK (Key Signing Key) DNSKEY.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-g <replaceable class="parameter">generator</replaceable></term>
-        <listitem>
-          <para>
-            If generating a Diffie Hellman key, use this generator.
-            Allowed values are 2 and 5.  If no generator
-            is specified, a known prime from RFC 2539 will be used
-            if possible; otherwise the default is 2.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Prints a short summary of the options and arguments to
-            <command>dnssec-keygen</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-k</term>
-        <listitem>
-          <para>
-            Generate KEY records rather than DNSKEY records.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p <replaceable class="parameter">protocol</replaceable></term>
-        <listitem>
-          <para>
-            Sets the protocol value for the generated key.  The protocol
-            is a number between 0 and 255.  The default is 3 (DNSSEC).
-            Other possible values for this argument are listed in
-            RFC 2535 and its successors.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-r <replaceable class="parameter">randomdev</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the source of randomness.  If the operating
-            system does not provide a <filename>/dev/random</filename>
-            or equivalent device, the default source of randomness
-            is keyboard input.  <filename>randomdev</filename>
-            specifies
-            the name of a character device or file containing random
-            data to be used instead of the default.  The special value
-            <filename>keyboard</filename> indicates that keyboard
-            input should be used.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-s <replaceable class="parameter">strength</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the strength value of the key.  The strength is
-            a number between 0 and 15, and currently has no defined
-            purpose in DNSSEC.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t <replaceable class="parameter">type</replaceable></term>
-        <listitem>
-          <para>
-            Indicates the use of the key.  <option>type</option> must be
-            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-            is AUTHCONF.  AUTH refers to the ability to authenticate
-            data, and CONF the ability to encrypt data.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>GENERATED KEYS</title>
-    <para>
-      When <command>dnssec-keygen</command> completes
-      successfully,
-      it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
-      to the standard output.  This is an identification string for
-      the key it has generated.
-    </para>
-    <itemizedlist>
-      <listitem>
-        <para><filename>nnnn</filename> is the key name.
-        </para>
-      </listitem>
-      <listitem>
-        <para><filename>aaa</filename> is the numeric representation
-          of the
-          algorithm.
-        </para>
-      </listitem>
-      <listitem>
-        <para><filename>iiiii</filename> is the key identifier (or
-          footprint).
-        </para>
-      </listitem>
-    </itemizedlist>
-    <para><command>dnssec-keygen</command> 
-      creates two files, with names based
-      on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
-      contains the public key, and
-      <filename>Knnnn.+aaa+iiiii.private</filename> contains the
-      private
-      key.
-    </para>
-    <para>
-      The <filename>.key</filename> file contains a DNS KEY record
-      that
-      can be inserted into a zone file (directly or with a $INCLUDE
-      statement).
-    </para>
-    <para>
-      The <filename>.private</filename> file contains
-      algorithm-specific
-      fields.  For obvious security reasons, this file does not have
-      general read permission.
-    </para>
-    <para>
-      Both <filename>.key</filename> and <filename>.private</filename>
-      files are generated for symmetric encryption algorithms such as
-      HMAC-MD5, even though the public and private key are equivalent.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>EXAMPLE</title>
-    <para>
-      To generate a 768-bit DSA key for the domain
-      <userinput>example.com</userinput>, the following command would be
-      issued:
-    </para>
-    <para><userinput>dnssec-keygen -a DSA -b 768 -n ZONE example.com</userinput>
-    </para>
-    <para>
-      The command would print a string of the form:
-    </para>
-    <para><userinput>Kexample.com.+003+26160</userinput>
-    </para>
-    <para>
-      In this example, <command>dnssec-keygen</command> creates
-      the files <filename>Kexample.com.+003+26160.key</filename>
-      and
-      <filename>Kexample.com.+003+26160.private</filename>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 2539</citetitle>,
-      <citetitle>RFC 2845</citetitle>,
-      <citetitle>RFC 4034</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-keygen.html

@@ -1,239 +0,0 @@
-<!--
- - Copyright (C) 2004, 2005, 2007-2010, 2012 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003 Internet Software Consortium.
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id$ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dnssec-keygen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dnssec-keygen"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">dnssec-keygen</span> &#8212; DNSSEC key generation tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543486"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-keygen</strong></span>
-      generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  It can also generate keys for use with
-      TSIG (Transaction Signatures), as defined in RFC 2845.
-    </p>
-<p>
-      The <code class="option">name</code> of the key is specified on the command
-      line.  For DNSSEC keys, this must match the name of the zone for
-      which the key is being generated.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543505"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd>
-<p>
-            Selects the cryptographic algorithm.  For DNSSEC keys, the value
-            of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
-            DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
-            For TSIG/TKEY, the value must
-            be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
-            HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
-            case insensitive.
-          </p>
-<p>
-            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.  For TSIG, HMAC-MD5 is
-	    mandatory.
-          </p>
-<p>
-            Note 2: HMAC-MD5 and DH automatically set the -k flag.
-          </p>
-</dd>
-<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
-<dd><p>
-            Specifies the number of bits in the key.  The choice of key
-            size depends on the algorithm used.  RSA keys must be
-            between 512 and 2048 bits.  Diffie Hellman keys must be between
-            128 and 4096 bits.  DSA keys must be between 512 and 1024
-            bits and an exact multiple of 64.  HMAC keys must be
-            between 1 and 512 bits.
-          </p></dd>
-<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
-<dd><p>
-            Specifies the owner type of the key.  The value of
-            <code class="option">nametype</code> must either be ZONE (for a DNSSEC
-            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
-            a host (KEY)),
-            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are case insensitive.  Defaults to ZONE for DNSKEY
-	    generation.
-          </p></dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
-            Indicates that the DNS record containing the key should have
-            the specified class.  If not specified, class IN is used.
-          </p></dd>
-<dt><span class="term">-e</span></dt>
-<dd><p>
-            If generating an RSAMD5/RSASHA1 key, use a large exponent.
-          </p></dd>
-<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
-<dd><p>
-            Set the specified flag in the flag field of the KEY/DNSKEY record.
-            		The only recognized flag is KSK (Key Signing Key) DNSKEY.
-          </p></dd>
-<dt><span class="term">-g <em class="replaceable"><code>generator</code></em></span></dt>
-<dd><p>
-            If generating a Diffie Hellman key, use this generator.
-            Allowed values are 2 and 5.  If no generator
-            is specified, a known prime from RFC 2539 will be used
-            if possible; otherwise the default is 2.
-          </p></dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Prints a short summary of the options and arguments to
-            <span><strong class="command">dnssec-keygen</strong></span>.
-          </p></dd>
-<dt><span class="term">-k</span></dt>
-<dd><p>
-            Generate KEY records rather than DNSKEY records.
-          </p></dd>
-<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
-<dd><p>
-            Sets the protocol value for the generated key.  The protocol
-            is a number between 0 and 255.  The default is 3 (DNSSEC).
-            Other possible values for this argument are listed in
-            RFC 2535 and its successors.
-          </p></dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd><p>
-            Specifies the source of randomness.  If the operating
-            system does not provide a <code class="filename">/dev/random</code>
-            or equivalent device, the default source of randomness
-            is keyboard input.  <code class="filename">randomdev</code>
-            specifies
-            the name of a character device or file containing random
-            data to be used instead of the default.  The special value
-            <code class="filename">keyboard</code> indicates that keyboard
-            input should be used.
-          </p></dd>
-<dt><span class="term">-s <em class="replaceable"><code>strength</code></em></span></dt>
-<dd><p>
-            Specifies the strength value of the key.  The strength is
-            a number between 0 and 15, and currently has no defined
-            purpose in DNSSEC.
-          </p></dd>
-<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
-<dd><p>
-            Indicates the use of the key.  <code class="option">type</code> must be
-            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-            is AUTHCONF.  AUTH refers to the ability to authenticate
-            data, and CONF the ability to encrypt data.
-          </p></dd>
-<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-            Sets the debugging level.
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543840"></a><h2>GENERATED KEYS</h2>
-<p>
-      When <span><strong class="command">dnssec-keygen</strong></span> completes
-      successfully,
-      it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
-      to the standard output.  This is an identification string for
-      the key it has generated.
-    </p>
-<div class="itemizedlist"><ul type="disc">
-<li><p><code class="filename">nnnn</code> is the key name.
-        </p></li>
-<li><p><code class="filename">aaa</code> is the numeric representation
-          of the
-          algorithm.
-        </p></li>
-<li><p><code class="filename">iiiii</code> is the key identifier (or
-          footprint).
-        </p></li>
-</ul></div>
-<p><span><strong class="command">dnssec-keygen</strong></span> 
-      creates two files, with names based
-      on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
-      contains the public key, and
-      <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
-      private
-      key.
-    </p>
-<p>
-      The <code class="filename">.key</code> file contains a DNS KEY record
-      that
-      can be inserted into a zone file (directly or with a $INCLUDE
-      statement).
-    </p>
-<p>
-      The <code class="filename">.private</code> file contains
-      algorithm-specific
-      fields.  For obvious security reasons, this file does not have
-      general read permission.
-    </p>
-<p>
-      Both <code class="filename">.key</code> and <code class="filename">.private</code>
-      files are generated for symmetric encryption algorithms such as
-      HMAC-MD5, even though the public and private key are equivalent.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543922"></a><h2>EXAMPLE</h2>
-<p>
-      To generate a 768-bit DSA key for the domain
-      <strong class="userinput"><code>example.com</code></strong>, the following command would be
-      issued:
-    </p>
-<p><strong class="userinput"><code>dnssec-keygen -a DSA -b 768 -n ZONE example.com</code></strong>
-    </p>
-<p>
-      The command would print a string of the form:
-    </p>
-<p><strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
-    </p>
-<p>
-      In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
-      the files <code class="filename">Kexample.com.+003+26160.key</code>
-      and
-      <code class="filename">Kexample.com.+003+26160.private</code>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544034"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 2539</em>,
-      <em class="citetitle">RFC 2845</em>,
-      <em class="citetitle">RFC 4034</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544065"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/dnssec/dnssec-makekeyset.c

@@ -0,0 +1,424 @@
+/*
+ * Portions Copyright (C) 2000  Internet Software Consortium.
+ * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND
+ * NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
+ * SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK
+ * ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dnssec-makekeyset.c,v 1.28.2.1 2000/08/02 21:59:30 gson Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dnssec.h>
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/rdata.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/result.h>
+#include <dns/secalg.h>
+#include <dns/time.h>
+
+#include <dst/dst.h>
+
+#include "dnssectool.h"
+
+#define BUFSIZE 2048
+
+const char *program = "dnssec-makekeyset";
+int verbose;
+
+typedef struct keynode keynode_t;
+struct keynode {
+	dst_key_t *key;
+	ISC_LINK(keynode_t) link;
+};
+typedef ISC_LIST(keynode_t) keylist_t;
+
+static isc_stdtime_t starttime = 0, endtime = 0, now;
+static int ttl = -1;
+
+static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
+
+static keylist_t keylist;
+
+static isc_stdtime_t
+strtotime(char *str, isc_int64_t now, isc_int64_t base) {
+	isc_int64_t val, offset;
+	isc_result_t result;
+	char *endp;
+
+	if (str[0] == '+') {
+		offset = strtol(str + 1, &endp, 0);
+		if (*endp != '\0')
+			fatal("time value %s is invalid", str);
+		val = base + offset;
+	} else if (strncmp(str, "now+", 4) == 0) {
+		offset = strtol(str + 4, &endp, 0);
+		if (*endp != '\0')
+			fatal("time value %s is invalid", str);
+		val = now + offset;
+	} else {
+		result = dns_time64_fromtext(str, &val);
+		if (result != ISC_R_SUCCESS)
+			fatal("time %s must be numeric", str);
+	}
+
+	return ((isc_stdtime_t) val);
+}
+
+static void
+usage(void) {
+	fprintf(stderr, "Usage:\n");
+	fprintf(stderr, "\t%s [options] keys\n", program);
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "Options: (default value in parenthesis) \n");
+	fprintf(stderr, "\t-s YYYYMMDDHHMMSS|+offset:\n");
+	fprintf(stderr, "\t\tSIG start time - absolute|offset (now)\n");
+	fprintf(stderr, "\t-e YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
+	fprintf(stderr, "\t\tSIG end time  - "
+			     "absolute|from start|from now (now + 30 days)\n");
+	fprintf(stderr, "\t-t ttl\n");
+	fprintf(stderr, "\t-r randomdev:\n");
+	fprintf(stderr, "\t\ta file containing random data\n");
+	fprintf(stderr, "\t-v level:\n");
+	fprintf(stderr, "\t\tverbose level (0)\n");
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "keys:\n");
+	fprintf(stderr, "\tkeyfile (Kname+alg+id)\n");
+	exit(0);
+}
+
+int
+main(int argc, char *argv[]) {
+	int i, ch;
+	char *startstr = NULL, *endstr = NULL;
+	char *randomfile = NULL;
+	dns_fixedname_t fdomain;
+	dns_name_t *domain = NULL;
+	char *output = NULL;
+	char *endp;
+	unsigned char *data;
+	dns_db_t *db;
+	dns_dbnode_t *node;
+	dns_dbversion_t *version;
+	dst_key_t *key = NULL;
+	dns_rdata_t *rdata;
+	dns_rdatalist_t rdatalist, sigrdatalist;
+	dns_rdataset_t rdataset, sigrdataset;
+	isc_result_t result;
+	isc_buffer_t b;
+	isc_region_t r;
+	isc_log_t *log = NULL;
+	keynode_t *keynode;
+	dns_name_t *savedname = NULL;
+
+	result = isc_mem_create(0, 0, &mctx);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to create memory context: %s",
+		      isc_result_totext(result));
+
+	dns_result_register();
+
+	while ((ch = isc_commandline_parse(argc, argv, "s:e:t:r:v:h")) != -1)
+	{
+		switch (ch) {
+		case 's':
+			startstr = isc_mem_strdup(mctx,
+						  isc_commandline_argument);
+			if (startstr == NULL)
+				fatal("out of memory");
+			break;
+
+		case 'e':
+			endstr = isc_mem_strdup(mctx,
+						isc_commandline_argument);
+			if (endstr == NULL)
+				fatal("out of memory");
+			break;
+
+		case 't':
+			endp = NULL;
+			ttl = strtol(isc_commandline_argument, &endp, 0);
+			if (*endp != '\0')
+				fatal("TTL must be numeric");
+			break;
+
+		case 'r':
+			randomfile = isc_mem_strdup(mctx,
+						    isc_commandline_argument);
+			if (randomfile == NULL)
+				fatal("out of memory");
+			break;
+
+		case 'v':
+			endp = NULL;
+			verbose = strtol(isc_commandline_argument, &endp, 0);
+			if (*endp != '\0')
+				fatal("verbose level must be numeric");
+			break;
+
+		case 'h':
+		default:
+			usage();
+
+		}
+	}
+
+	argc -= isc_commandline_index;
+	argv += isc_commandline_index;
+
+	if (argc < 1)
+		usage();
+
+	setup_entropy(mctx, randomfile, &ectx);
+	if (randomfile != NULL)
+		isc_mem_free(mctx, randomfile);
+	result = dst_lib_init(mctx, ectx,
+			      ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not initialize dst");
+
+	isc_stdtime_get(&now);
+
+	if (startstr != NULL) {
+		starttime = strtotime(startstr, now, now);
+		isc_mem_free(mctx, startstr);
+	}
+	else
+		starttime = now;
+
+	if (endstr != NULL) {
+		endtime = strtotime(endstr, now, starttime);
+		isc_mem_free(mctx, endstr);
+	}
+	else
+		endtime = starttime + (30 * 24 * 60 * 60);
+
+	if (ttl == -1) {
+		ttl = 3600;
+		fprintf(stderr, "%s: TTL not specified, assuming 3600\n",
+			program);
+	}
+
+	setup_logging(verbose, mctx, &log);
+
+	dns_rdatalist_init(&rdatalist);
+	rdatalist.rdclass = dns_rdataclass_in;
+	rdatalist.type = dns_rdatatype_key;
+	rdatalist.covers = 0;
+	rdatalist.ttl = ttl;
+
+	ISC_LIST_INIT(keylist);
+
+	for (i = 0; i < argc; i++) {
+		char namestr[1025];
+		key = NULL;
+		result = dst_key_fromnamedfile(argv[i], DST_TYPE_PUBLIC,
+					       mctx, &key);
+		if (result != ISC_R_SUCCESS)
+			fatal("error loading key from %s", argv[i]);
+
+		strncpy(namestr, nametostr(dst_key_name(key)),
+			sizeof(namestr) - 1);
+		namestr[sizeof(namestr) - 1] = 0;
+
+		if (savedname == NULL) {
+			savedname = isc_mem_get(mctx, sizeof(dns_name_t));
+			if (savedname == NULL)
+				fatal("out of memory");
+			dns_name_init(savedname, NULL);
+			result = dns_name_dup(dst_key_name(key), mctx,
+					      savedname);
+			if (result != ISC_R_SUCCESS)
+				fatal("out of memory");
+		} else {
+			if (!dns_name_equal(savedname, dst_key_name(key)) != 0)
+				fatal("all keys must have the same owner - %s "
+				      "and %s do not match",
+				      nametostr(savedname), namestr);
+		}
+		if (output == NULL) {
+			output = isc_mem_allocate(mctx,
+						  strlen(namestr) +
+						  strlen("keyset") + 1);
+			if (output == NULL)
+				fatal("out of memory");
+			strcpy(output, namestr);
+			strcat(output, "keyset");
+		}
+		if (domain == NULL) {
+			dns_fixedname_init(&fdomain);
+			domain = dns_fixedname_name(&fdomain);
+			isc_buffer_init(&b, namestr, strlen(namestr));
+			isc_buffer_add(&b, strlen(namestr));
+			result = dns_name_fromtext(domain, &b, dns_rootname,
+						   ISC_FALSE, NULL);
+			if (result != ISC_R_SUCCESS)
+				fatal("%s is not a valid name: %s",
+				      namestr, isc_result_totext(result));
+		}
+		if (dst_key_iszonekey(key)) {
+			dst_key_t *zonekey = NULL;
+			result = dst_key_fromnamedfile(argv[i],
+						       DST_TYPE_PRIVATE,
+						       mctx, &zonekey);
+			if (result != ISC_R_SUCCESS)
+				fatal("failed to read key %s: %s",
+				      argv[i], isc_result_totext(result));
+			keynode = isc_mem_get(mctx, sizeof (keynode_t));
+			if (keynode == NULL)
+				fatal("out of memory");
+			keynode->key = zonekey;
+			ISC_LINK_INIT(keynode, link);
+			ISC_LIST_APPEND(keylist, keynode, link);
+		}
+		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
+		if (rdata == NULL)
+			fatal("out of memory");
+		data = isc_mem_get(mctx, BUFSIZE);
+		if (data == NULL)
+			fatal("out of memory");
+		isc_buffer_init(&b, data, BUFSIZE);
+		result = dst_key_todns(key, &b);
+		if (result != ISC_R_SUCCESS)
+			fatal("failed to convert key %s to a DNS KEY: %s",
+			      argv[i], isc_result_totext(result));
+		isc_buffer_usedregion(&b, &r);
+		dns_rdata_fromregion(rdata, dns_rdataclass_in,
+				     dns_rdatatype_key, &r);
+		ISC_LIST_APPEND(rdatalist.rdata, rdata, link);
+		dst_key_free(&key);
+	}
+
+	dns_rdataset_init(&rdataset);
+	result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
+	check_result(result, "dns_rdatalist_tordataset()");
+
+	dns_rdatalist_init(&sigrdatalist);
+	sigrdatalist.rdclass = dns_rdataclass_in;
+	sigrdatalist.type = dns_rdatatype_sig;
+	sigrdatalist.covers = dns_rdatatype_key;
+	sigrdatalist.ttl = ttl;
+
+	if (ISC_LIST_EMPTY(keylist))
+		fprintf(stderr,
+			"%s: no private zone key found; not self-signing\n",
+			program);
+	for (keynode = ISC_LIST_HEAD(keylist);
+	     keynode != NULL;
+	     keynode = ISC_LIST_NEXT(keynode, link))
+	{
+		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
+		if (rdata == NULL)
+			fatal("out of memory");
+		data = isc_mem_get(mctx, BUFSIZE);
+		if (data == NULL)
+			fatal("out of memory");
+		isc_buffer_init(&b, data, BUFSIZE);
+		result = dns_dnssec_sign(domain, &rdataset, keynode->key,
+					 &starttime, &endtime, mctx, &b,
+					 rdata);
+		isc_entropy_stopcallbacksources(ectx);
+		if (result != ISC_R_SUCCESS)
+			fatal("failed to sign keyset with key %s/%s/%d: %s",
+			      nametostr(dst_key_name(keynode->key)),
+			      algtostr(dst_key_alg(keynode->key)),
+			      dst_key_id(keynode->key),
+			      isc_result_totext(result));
+		ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link);
+		dns_rdataset_init(&sigrdataset);
+		result = dns_rdatalist_tordataset(&sigrdatalist, &sigrdataset);
+		check_result(result, "dns_rdatalist_tordataset()");
+	}
+
+	db = NULL;
+	result = dns_db_create(mctx, "rbt", domain, dns_dbtype_zone,
+			       dns_rdataclass_in, 0, NULL, &db);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to create a database for %s", nametostr(domain));
+
+	version = NULL;
+	dns_db_newversion(db, &version);
+
+	node = NULL;
+	result = dns_db_findnode(db, domain, ISC_TRUE, &node);
+	check_result(result, "dns_db_findnode()");
+
+	dns_db_addrdataset(db, node, version, 0, &rdataset, 0, NULL);
+	if (!ISC_LIST_EMPTY(keylist))
+		dns_db_addrdataset(db, node, version, 0, &sigrdataset, 0,
+				   NULL);
+
+	dns_db_detachnode(db, &node);
+	dns_db_closeversion(db, &version, ISC_TRUE);
+	result = dns_db_dump(db, version, output);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to write database for %s to %s",
+		      nametostr(domain), output);
+
+	dns_db_detach(&db);
+
+	dns_rdataset_disassociate(&rdataset);
+	while (!ISC_LIST_EMPTY(rdatalist.rdata)) {
+		rdata = ISC_LIST_HEAD(rdatalist.rdata);
+		ISC_LIST_UNLINK(rdatalist.rdata, rdata, link);
+		isc_mem_put(mctx, rdata->data, BUFSIZE);
+		isc_mem_put(mctx, rdata, sizeof *rdata);
+	}
+	while (!ISC_LIST_EMPTY(sigrdatalist.rdata)) {
+		rdata = ISC_LIST_HEAD(sigrdatalist.rdata);
+		ISC_LIST_UNLINK(sigrdatalist.rdata, rdata, link);
+		isc_mem_put(mctx, rdata->data, BUFSIZE);
+		isc_mem_put(mctx, rdata, sizeof *rdata);
+	}
+
+	while (!ISC_LIST_EMPTY(keylist)) {
+		keynode = ISC_LIST_HEAD(keylist);
+		ISC_LIST_UNLINK(keylist, keynode, link);
+		dst_key_free(&keynode->key);
+		isc_mem_put(mctx, keynode, sizeof(keynode_t));
+	}
+
+	if (savedname != NULL) {
+		dns_name_free(savedname, mctx);
+		isc_mem_put(mctx, savedname, sizeof(dns_name_t));
+	}
+
+	if (log != NULL)
+		isc_log_destroy(&log);
+	cleanup_entropy(&ectx);
+
+	isc_mem_free(mctx, output);
+	dst_lib_destroy();
+	if (verbose > 10)
+		isc_mem_stats(mctx, stdout);
+	isc_mem_destroy(&mctx);
+	return (0);
+}

bin/dnssec/dnssec-signkey.c

@@ -0,0 +1,385 @@
+/*
+ * Portions Copyright (C) 2000  Internet Software Consortium.
+ * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND
+ * NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
+ * SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK
+ * ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dnssec-signkey.c,v 1.28 2000/06/22 21:49:03 tale Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/string.h>
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dnssec.h>
+#include <dns/log.h>
+#include <dns/rdata.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/rdatastruct.h>
+#include <dns/result.h>
+#include <dns/secalg.h>
+
+#include <dst/dst.h>
+
+#include "dnssectool.h"
+
+const char *program = "dnssec-signkey";
+int verbose;
+
+#define BUFSIZE 2048
+
+typedef struct keynode keynode_t;
+struct keynode {
+	dst_key_t *key;
+	isc_boolean_t verified;
+	ISC_LINK(keynode_t) link;
+};
+typedef ISC_LIST(keynode_t) keylist_t;
+
+static isc_stdtime_t now;
+
+static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
+static keylist_t keylist;
+
+static void
+usage(void) {
+	fprintf(stderr, "Usage:\n");
+	fprintf(stderr, "\t%s [options] keyset keys\n", program);
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "Options: (default value in parenthesis) \n");
+	fprintf(stderr, "\t-v level:\n");
+	fprintf(stderr, "\t\tverbose level (0)\n");
+	fprintf(stderr, "\t-p\n");
+	fprintf(stderr, "\t\tuse pseudorandom data (faster but less secure)\n");
+	fprintf(stderr, "\t-r randomdev:\n");
+	fprintf(stderr, "\t\ta file containing random data\n");
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "keyset:\n");
+	fprintf(stderr, "\tfile name of key set to be signed\n");
+	fprintf(stderr, "keys:\n");
+	fprintf(stderr, "\tkeyfile (Kname+alg+id)\n");
+	exit(0);
+}
+
+static void
+loadkeys(dns_name_t *name, dns_rdataset_t *rdataset) {
+	dst_key_t *key;
+	dns_rdata_t rdata;
+	keynode_t *keynode;
+	isc_result_t result;
+
+	ISC_LIST_INIT(keylist);
+	result = dns_rdataset_first(rdataset);
+	check_result(result, "dns_rdataset_first");
+	for (; result == ISC_R_SUCCESS; result = dns_rdataset_next(rdataset)) {
+		dns_rdataset_current(rdataset, &rdata);
+		key = NULL;
+		result = dns_dnssec_keyfromrdata(name, &rdata, mctx, &key);
+		if (result != ISC_R_SUCCESS)
+			continue;
+		if (!dst_key_iszonekey(key))
+			continue;
+		keynode = isc_mem_get(mctx, sizeof (keynode_t));
+		if (keynode == NULL)
+			fatal("out of memory");
+		keynode->key = key;
+		keynode->verified = ISC_FALSE;
+		ISC_LINK_INIT(keynode, link);
+		ISC_LIST_APPEND(keylist, keynode, link);
+	}
+	if (result != ISC_R_NOMORE)
+		fatal("failure traversing key list");
+}
+
+static dst_key_t *
+findkey(dns_rdata_sig_t *sig) {
+	keynode_t *keynode;
+	for (keynode = ISC_LIST_HEAD(keylist);
+	     keynode != NULL;
+	     keynode = ISC_LIST_NEXT(keynode, link))
+	{
+		if (dst_key_id(keynode->key) == sig->keyid &&
+		    dst_key_alg(keynode->key) == sig->algorithm) {
+			keynode->verified = ISC_TRUE;
+			return (keynode->key);
+		}
+	}
+	fatal("signature generated by non-zone or missing key");
+	return (NULL);
+}
+
+int
+main(int argc, char *argv[]) {
+	int i, ch;
+	char tdomain[1025];
+	dns_fixedname_t fdomain;
+	dns_name_t *domain;
+	char *output = NULL;
+	char *endp;
+	unsigned char *data;
+	char *randomfile = NULL;
+	dns_db_t *db;
+	dns_dbnode_t *node;
+	dns_dbversion_t *version;
+	dst_key_t *key = NULL;
+	dns_rdata_t *rdata, sigrdata;
+	dns_rdatalist_t sigrdatalist;
+	dns_rdataset_t rdataset, sigrdataset, newsigrdataset;
+	dns_rdata_sig_t sig;
+	isc_result_t result;
+	isc_buffer_t b;
+	isc_region_t r;
+	isc_log_t *log = NULL;
+	keynode_t *keynode;
+	isc_boolean_t pseudorandom = ISC_FALSE;
+	unsigned int eflags;
+
+	result = isc_mem_create(0, 0, &mctx);
+	check_result(result, "isc_mem_create()");
+
+	dns_result_register();
+
+	while ((ch = isc_commandline_parse(argc, argv, "pr:v:h")) != -1)
+	{
+		switch (ch) {
+		case 'p':
+			pseudorandom = ISC_TRUE;
+			break;
+
+		case 'r':
+			randomfile = isc_mem_strdup(mctx,
+						    isc_commandline_argument);
+			if (randomfile == NULL)
+				fatal("out of memory");
+			break;
+
+		case 'v':
+			endp = NULL;
+			verbose = strtol(isc_commandline_argument, &endp, 0);
+			if (*endp != '\0')
+				fatal("verbose level must be numeric");
+			break;
+
+		case 'h':
+		default:
+			usage();
+
+		}
+	}
+
+	argc -= isc_commandline_index;
+	argv += isc_commandline_index;
+
+	if (argc < 2)
+		usage();
+
+	setup_entropy(mctx, randomfile, &ectx);
+	if (randomfile != NULL)
+		isc_mem_free(mctx, randomfile);
+	eflags = ISC_ENTROPY_BLOCKING;
+	if (!pseudorandom)
+		eflags |= ISC_ENTROPY_GOODONLY;
+	result = dst_lib_init(mctx, ectx, eflags);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not initialize dst");
+
+	isc_stdtime_get(&now);
+
+	setup_logging(verbose, mctx, &log);
+
+	if (strlen(argv[0]) < 8 ||
+	    strcmp(argv[0] + strlen(argv[0]) - 7, ".keyset") != 0)
+		fatal("keyset file must end in .keyset");
+
+	dns_fixedname_init(&fdomain);
+	domain = dns_fixedname_name(&fdomain);
+	isc_buffer_init(&b, argv[0], strlen(argv[0]) - 7);
+	isc_buffer_add(&b, strlen(argv[0]) - 7);
+	result = dns_name_fromtext(domain, &b, dns_rootname, ISC_FALSE, NULL);
+	if (result != ISC_R_SUCCESS)
+		fatal("'%s' does not contain a valid domain name", argv[0]);
+	isc_buffer_init(&b, tdomain, sizeof(tdomain) - 1);
+	result = dns_name_totext(domain, ISC_FALSE, &b);
+	check_result(result, "dns_name_totext()");
+	isc_buffer_usedregion(&b, &r);
+	tdomain[r.length] = 0;
+
+	output = isc_mem_allocate(mctx,
+				  strlen(tdomain) + strlen("signedkey") + 1);
+	if (output == NULL)
+		fatal("out of memory");
+	strcpy(output, tdomain);
+	strcat(output, "signedkey");
+
+	db = NULL;
+	result = dns_db_create(mctx, "rbt", domain, dns_dbtype_zone,
+			       dns_rdataclass_in, 0, NULL, &db);
+	check_result(result, "dns_db_create()");
+
+	result = dns_db_load(db, argv[0]);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to load database from '%s': %s", argv[0],
+		      isc_result_totext(result));
+
+	version = NULL;
+	dns_db_newversion(db, &version);
+
+	node = NULL;
+	result = dns_db_findnode(db, domain, ISC_FALSE, &node);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to find database node '%s': %s",
+		      nametostr(domain), isc_result_totext(result));
+
+	dns_rdataset_init(&rdataset);
+	dns_rdataset_init(&sigrdataset);
+	result = dns_db_findrdataset(db, node, version, dns_rdatatype_key, 0,
+				     0, &rdataset, &sigrdataset);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to find rdataset '%s KEY': %s",
+		      nametostr(domain), isc_result_totext(result));
+
+	loadkeys(domain, &rdataset);
+
+	if (!dns_rdataset_isassociated(&sigrdataset))
+		fatal("no SIG KEY set present");
+
+	result = dns_rdataset_first(&sigrdataset);
+	check_result(result, "dns_rdataset_first()");
+	do {
+		dns_rdataset_current(&sigrdataset, &sigrdata);
+		result = dns_rdata_tostruct(&sigrdata, &sig, mctx);
+		check_result(result, "dns_rdata_tostruct()");
+		key = findkey(&sig);
+		result = dns_dnssec_verify(domain, &rdataset, key,
+					   ISC_TRUE, mctx, &sigrdata);
+		if (result != ISC_R_SUCCESS)
+			fatal("signature by key '%s/%s/%d' did not verify: %s",
+			      nametostr(dst_key_name(key)),
+			      algtostr(dst_key_alg(key)),
+			      dst_key_id(key), isc_result_totext(result));
+		dns_rdata_freestruct(&sig);
+		result = dns_rdataset_next(&sigrdataset);
+	} while (result == ISC_R_SUCCESS);
+
+	for (keynode = ISC_LIST_HEAD(keylist);
+	     keynode != NULL;
+	     keynode = ISC_LIST_NEXT(keynode, link))
+		if (!keynode->verified)
+			fatal("Not all zone keys self signed the key set");
+
+	result = dns_rdataset_first(&sigrdataset);
+	check_result(result, "dns_rdataset_first()");
+	dns_rdataset_current(&sigrdataset, &sigrdata);
+	result = dns_rdata_tostruct(&sigrdata, &sig, mctx);
+	check_result(result, "dns_rdata_tostruct()");
+
+	dns_rdataset_disassociate(&sigrdataset);
+
+	argc -= 1;
+	argv += 1;
+
+	dns_rdatalist_init(&sigrdatalist);
+	sigrdatalist.rdclass = rdataset.rdclass;
+	sigrdatalist.type = dns_rdatatype_sig;
+	sigrdatalist.covers = dns_rdatatype_key;
+	sigrdatalist.ttl = rdataset.ttl;
+
+	for (i = 0; i < argc; i++) {
+		key = NULL;
+		result = dst_key_fromnamedfile(argv[i], DST_TYPE_PRIVATE,
+					       mctx, &key);
+		if (result != ISC_R_SUCCESS)
+			fatal("failed to read key %s from disk: %s",
+			      argv[i], isc_result_totext(result));
+
+		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
+		if (rdata == NULL)
+			fatal("out of memory");
+		data = isc_mem_get(mctx, BUFSIZE);
+		if (data == NULL)
+			fatal("out of memory");
+		isc_buffer_init(&b, data, BUFSIZE);
+		result = dns_dnssec_sign(domain, &rdataset, key,
+					 &sig.timesigned, &sig.timeexpire,
+					 mctx, &b, rdata);
+		isc_entropy_stopcallbacksources(ectx);
+		if (result != ISC_R_SUCCESS)
+			fatal("key '%s/%s/%d' failed to sign data: %s",
+			      nametostr(dst_key_name(key)),
+			      algtostr(dst_key_alg(key)),
+			      dst_key_id(key), isc_result_totext(result));
+		ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link);
+		dst_key_free(&key);
+	}
+
+	dns_rdataset_init(&newsigrdataset);
+	result = dns_rdatalist_tordataset(&sigrdatalist, &newsigrdataset);
+	check_result (result, "dns_rdatalist_tordataset()");
+
+	dns_db_addrdataset(db, node, version, 0, &newsigrdataset, 0, NULL);
+	check_result (result, "dns_db_addrdataset()");
+
+	dns_db_detachnode(db, &node);
+	dns_db_closeversion(db, &version, ISC_TRUE);
+	result = dns_db_dump(db, version, output);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to write database to '%s': %s",
+		      output, isc_result_totext(result));
+
+	dns_rdataset_disassociate(&rdataset);
+	dns_rdataset_disassociate(&newsigrdataset);
+
+	dns_rdata_freestruct(&sig);
+
+        while (!ISC_LIST_EMPTY(sigrdatalist.rdata)) {
+                rdata = ISC_LIST_HEAD(sigrdatalist.rdata);
+                ISC_LIST_UNLINK(sigrdatalist.rdata, rdata, link);
+                isc_mem_put(mctx, rdata->data, BUFSIZE);
+                isc_mem_put(mctx, rdata, sizeof *rdata);
+        }
+
+	dns_db_detach(&db);
+
+	while (!ISC_LIST_EMPTY(keylist)) {
+		keynode = ISC_LIST_HEAD(keylist);
+		ISC_LIST_UNLINK(keylist, keynode, link);
+		dst_key_free(&keynode->key);
+		isc_mem_put(mctx, keynode, sizeof(keynode_t));
+	}
+
+	if (log != NULL)
+		isc_log_destroy(&log);
+
+        isc_mem_free(mctx, output);
+	cleanup_entropy(&ectx);
+	dst_lib_destroy();
+	if (verbose > 10)
+		isc_mem_stats(mctx, stdout);
+	isc_mem_destroy(&mctx);
+	return (0);
+}

bin/dnssec/dnssec-signzone.8

@@ -1,310 +0,0 @@
-.\" Copyright (C) 2004-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
-.\" Copyright (C) 2000-2003 Internet Software Consortium.
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id$
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-signzone
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: June 08, 2009
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-SIGNZONE" "8" "June 08, 2009" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-signzone \- DNSSEC zone signing tool
-.SH "SYNOPSIS"
-.HP 16
-\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-P\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-signzone\fR
-signs a zone. It generates NSEC and RRSIG records and produces a signed version of the zone. It also generates a
-\fIkeyset\-\fR
-file containing the key\-signing keys for the zone, and if signing a zone which contains delegations, it can optionally generate DS records for the child zones from their
-\fIkeyset\-\fR
-files.
-.SH "OPTIONS"
-.PP
-\-a
-.RS 4
-Verify all generated signatures.
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Specifies the DNS class of the zone.
-.RE
-.PP
-\-k \fIkey\fR
-.RS 4
-Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times.
-.RE
-.PP
-\-l \fIdomain\fR
-.RS 4
-Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records.
-.RE
-.PP
-\-d \fIdirectory\fR
-.RS 4
-Look for
-\fIkeyset\fR
-files in
-\fBdirectory\fR
-as the directory
-.RE
-.PP
-\-g
-.RS 4
-If the zone contains any delegations, and there are
-\fIkeyset\-\fR
-files for any of the child zones, then DS records for the child zones will be generated from the keys in those files. Existing DS records will be removed.
-.RE
-.PP
-\-s \fIstart\-time\fR
-.RS 4
-Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
-\fBstart\-time\fR
-is specified, the current time minus 1 hour (to allow for clock skew) is used.
-.RE
-.PP
-\-e \fIend\-time\fR
-.RS 4
-Specify the date and time when the generated RRSIG records expire. As with
-\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
-\fBend\-time\fR
-is specified, 30 days from the start time is used as a default.
-.RE
-.PP
-\-f \fIoutput\-file\fR
-.RS 4
-The name of the output file containing the signed zone. The default is to append
-\fI.signed\fR
-to the input filename.
-.RE
-.PP
-\-h
-.RS 4
-Prints a short summary of the options and arguments to
-\fBdnssec\-signzone\fR.
-.RE
-.PP
-\-i \fIinterval\fR
-.RS 4
-When a previously\-signed zone is passed as input, records may be resigned. The
-\fBinterval\fR
-option specifies the cycle interval as an offset from the current time (in seconds). If a RRSIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced.
-.sp
-The default cycle interval is one quarter of the difference between the signature end and start times. So if neither
-\fBend\-time\fR
-or
-\fBstart\-time\fR
-are specified,
-\fBdnssec\-signzone\fR
-generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they would be replaced.
-.RE
-.PP
-\-I \fIinput\-format\fR
-.RS 4
-The format of the input zone file. Possible formats are
-\fB"text"\fR
-(default) and
-\fB"raw"\fR. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be signed directly. The use of this option does not make much sense for non\-dynamic zones.
-.RE
-.PP
-\-j \fIjitter\fR
-.RS 4
-When signing a zone with a fixed signature lifetime, all RRSIG records issued at the time of signing expires simultaneously. If the zone is incrementally signed, i.e. a previously\-signed zone is passed as input to the signer, all expired signatures have to be regenerated at about the same time. The
-\fBjitter\fR
-option specifies a jitter window that will be used to randomize the signature expire time, thus spreading incremental signature regeneration over time.
-.sp
-Signature lifetime jitter also to some extent benefits validators and servers by spreading out cache expiration, i.e. if large numbers of RRSIGs don't expire at the same time from all caches there will be less congestion than if all validators need to refetch at mostly the same time.
-.RE
-.PP
-\-n \fIncpus\fR
-.RS 4
-Specifies the number of threads to use. By default, one thread is started for each detected CPU.
-.RE
-.PP
-\-N \fIsoa\-serial\-format\fR
-.RS 4
-The SOA serial number format of the signed zone. Possible formats are
-\fB"keep"\fR
-(default),
-\fB"increment"\fR
-and
-\fB"unixtime"\fR.
-.RS 4
-.PP
-\fB"keep"\fR
-.RS 4
-Do not modify the SOA serial number.
-.RE
-.PP
-\fB"increment"\fR
-.RS 4
-Increment the SOA serial number using RFC 1982 arithmetics.
-.RE
-.PP
-\fB"unixtime"\fR
-.RS 4
-Set the SOA serial number to the number of seconds since epoch.
-.RE
-.RE
-.RE
-.PP
-\-o \fIorigin\fR
-.RS 4
-The zone origin. If not specified, the name of the zone file is assumed to be the origin.
-.RE
-.PP
-\-O \fIoutput\-format\fR
-.RS 4
-The format of the output file containing the signed zone. Possible formats are
-\fB"text"\fR
-(default) and
-\fB"raw"\fR.
-.RE
-.PP
-\-p
-.RS 4
-Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
-.RE
-.PP
-\-P
-.RS 4
-Disable post sign verification tests.
-.sp
-The post sign verification test ensures that for each algorithm in use there is at least one non revoked self signed KSK key, that all revoked KSK keys are self signed, and that all records in the zone are signed by the algorithm. This option skips these tests.
-.RE
-.PP
-\-r \fIrandomdev\fR
-.RS 4
-Specifies the source of randomness. If the operating system does not provide a
-\fI/dev/random\fR
-or equivalent device, the default source of randomness is keyboard input.
-\fIrandomdev\fR
-specifies the name of a character device or file containing random data to be used instead of the default. The special value
-\fIkeyboard\fR
-indicates that keyboard input should be used.
-.RE
-.PP
-\-t
-.RS 4
-Print statistics at completion.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.PP
-\-z
-.RS 4
-Ignore KSK flag on key when determining what to sign.
-.RE
-.PP
-\-3 \fIsalt\fR
-.RS 4
-Generate a NSEC3 chain with the given hex encoded salt. A dash (\fIsalt\fR) can be used to indicate that no salt is to be used when generating the NSEC3 chain.
-.RE
-.PP
-\-H \fIiterations\fR
-.RS 4
-When generating an NSEC3 chain, use this many iterations. The default is 100.
-.RE
-.PP
-\-A
-.RS 4
-When generating a NSEC3 chain set the OPTOUT flag on all NSEC3 records and do not generate NSEC3 records for insecure delegations.
-.RE
-.PP
-zonefile
-.RS 4
-The file containing the zone to be signed.
-.RE
-.PP
-key
-.RS 4
-Specify which keys should be used to sign the zone. If no keys are specified, then the zone will be examined for DNSKEY records at the zone apex. If these are found and there are matching private keys, in the current directory, then these will be used for signing.
-.RE
-.SH "EXAMPLE"
-.PP
-The following command signs the
-\fBexample.com\fR
-zone with the DSA key generated by
-\fBdnssec\-keygen\fR
-(Kexample.com.+003+17247). The zone's keys must be in the master file (\fIdb.example.com\fR). This invocation looks for
-\fIkeyset\fR
-files, in the current directory, so that DS records can be generated from them (\fB\-g\fR).
-.sp
-.RS 4
-.nf
-% dnssec\-signzone \-g \-o example.com db.example.com \\
-Kexample.com.+003+17247
-db.example.com.signed
-%
-.fi
-.RE
-.PP
-In the above example,
-\fBdnssec\-signzone\fR
-creates the file
-\fIdb.example.com.signed\fR. This file should be referenced in a zone statement in a
-\fInamed.conf\fR
-file.
-.PP
-This example re\-signs a previously signed zone with default parameters. The private keys are assumed to be in the current directory.
-.sp
-.RS 4
-.nf
-% cp db.example.com.signed db.example.com
-% dnssec\-signzone \-o example.com db.example.com
-db.example.com.signed
-%
-.fi
-.RE
-.SH "KNOWN BUGS"
-.PP
-\fBdnssec\-signzone\fR
-was designed so that it could sign a zone partially, using only a subset of the DNSSEC keys needed to produce a fully\-signed zone. This permits a zone administrator, for example, to sign a zone with one key on one machine, move the resulting partially\-signed zone to a second machine, and sign it again with a second key.
-.PP
-An unfortunate side\-effect of this flexibility is that
-\fBdnssec\-signzone\fR
-does not check to make sure it's signing a zone with any valid keys at all. An attempt to sign a zone without any keys will appear to succeed, producing a "signed" zone with no signatures. There is no warning issued when a zone is not fully signed.
-.PP
-This will be corrected in a future release. In the meantime, ISC recommends examining the output of
-\fBdnssec\-signzone\fR
-to confirm that the zone is properly signed by all keys before using it.
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-keygen\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 4033.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2004\-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
-.br

bin/dnssec/dnssec-signzone.docbook

@@ -1,561 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-	       [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2004-2009, 2012, 2013  Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003  Internet Software Consortium.
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id$ -->
-<refentry id="man.dnssec-signzone">
-  <refentryinfo>
-    <date>June 08, 2009</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-signzone</application></refentrytitle>
-   <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-signzone</application></refname>
-    <refpurpose>DNSSEC zone signing tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2004</year>
-      <year>2005</year>
-      <year>2006</year>
-      <year>2007</year>
-      <year>2008</year>
-      <year>2009</year>
-      <year>2012</year>
-      <year>2013</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <year>2003</year>
-      <holder>Internet Software Consortium.</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-signzone</command>
-      <arg><option>-a</option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
-      <arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
-      <arg><option>-g</option></arg>
-      <arg><option>-h</option></arg>
-      <arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
-      <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
-      <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
-      <arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
-      <arg><option>-j <replaceable class="parameter">jitter</replaceable></option></arg>
-      <arg><option>-N <replaceable class="parameter">soa-serial-format</replaceable></option></arg>
-      <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
-      <arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
-      <arg><option>-p</option></arg>
-      <arg><option>-P</option></arg>
-      <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
-      <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
-      <arg><option>-t</option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-z</option></arg>
-      <arg><option>-3 <replaceable class="parameter">salt</replaceable></option></arg>
-      <arg><option>-H <replaceable class="parameter">iterations</replaceable></option></arg>
-      <arg><option>-A</option></arg>
-      <arg choice="req">zonefile</arg>
-      <arg rep="repeat">key</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-signzone</command>
-      signs a zone.  It generates
-      NSEC and RRSIG records and produces a signed version of the
-      zone.  It also generates a <filename>keyset-</filename> file containing
-      the key-signing keys for the zone, and if signing a zone which
-      contains delegations, it can optionally generate DS records for
-      the child zones from their <filename>keyset-</filename> files.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-a</term>
-        <listitem>
-          <para>
-            Verify all generated signatures.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the DNS class of the zone.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-k <replaceable class="parameter">key</replaceable></term>
-        <listitem>
-          <para>
-            Treat specified key as a key signing key ignoring any
-            key flags.  This option may be specified multiple times.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-l <replaceable class="parameter">domain</replaceable></term>
-        <listitem>
-          <para>
-            Generate a DLV set in addition to the key (DNSKEY) and DS sets.
-            The domain is appended to the name of the records.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-d <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Look for <filename>keyset</filename> files in
-            <option>directory</option> as the directory
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-g</term>
-        <listitem>
-          <para>
-            If the zone contains any delegations, and there are
-            <filename>keyset-</filename> files for any of the child zones,
-            then DS records for the child zones will be generated from the
-            keys in those files.  Existing DS records will be removed.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-s <replaceable class="parameter">start-time</replaceable></term>
-        <listitem>
-          <para>
-            Specify the date and time when the generated RRSIG records
-            become valid.  This can be either an absolute or relative
-            time.  An absolute start time is indicated by a number
-            in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-            14:45:00 UTC on May 30th, 2000.  A relative start time is
-            indicated by +N, which is N seconds from the current time.
-            If no <option>start-time</option> is specified, the current
-            time minus 1 hour (to allow for clock skew) is used.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-e <replaceable class="parameter">end-time</replaceable></term>
-        <listitem>
-          <para>
-            Specify the date and time when the generated RRSIG records
-            expire.  As with <option>start-time</option>, an absolute
-            time is indicated in YYYYMMDDHHMMSS notation.  A time relative
-            to the start time is indicated with +N, which is N seconds from
-            the start time.  A time relative to the current time is
-            indicated with now+N.  If no <option>end-time</option> is
-            specified, 30 days from the start time is used as a default.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-f <replaceable class="parameter">output-file</replaceable></term>
-        <listitem>
-          <para>
-            The name of the output file containing the signed zone.  The
-            default is to append <filename>.signed</filename> to
-            the
-            input filename.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Prints a short summary of the options and arguments to
-            <command>dnssec-signzone</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-i <replaceable class="parameter">interval</replaceable></term>
-        <listitem>
-          <para>
-            When a previously-signed zone is passed as input, records
-            may be resigned.  The <option>interval</option> option
-            specifies the cycle interval as an offset from the current
-            time (in seconds).  If a RRSIG record expires after the
-            cycle interval, it is retained.  Otherwise, it is considered
-            to be expiring soon, and it will be replaced.
-          </para>
-          <para>
-            The default cycle interval is one quarter of the difference
-            between the signature end and start times.  So if neither
-            <option>end-time</option> or <option>start-time</option>
-            are specified, <command>dnssec-signzone</command>
-            generates
-            signatures that are valid for 30 days, with a cycle
-            interval of 7.5 days.  Therefore, if any existing RRSIG records
-            are due to expire in less than 7.5 days, they would be
-            replaced.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-I <replaceable class="parameter">input-format</replaceable></term>
-        <listitem>
-          <para>
-            The format of the input zone file.
-	    Possible formats are <command>"text"</command> (default)
-	    and <command>"raw"</command>.
-	    This option is primarily intended to be used for dynamic
-            signed zones so that the dumped zone file in a non-text
-            format containing updates can be signed directly.
-	    The use of this option does not make much sense for
-	    non-dynamic zones.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-j <replaceable class="parameter">jitter</replaceable></term>
-        <listitem>
-          <para>
-            When signing a zone with a fixed signature lifetime, all
-            RRSIG records issued at the time of signing expires
-            simultaneously.  If the zone is incrementally signed, i.e.
-            a previously-signed zone is passed as input to the signer,
-            all expired signatures have to be regenerated at about the
-            same time.  The <option>jitter</option> option specifies a
-            jitter window that will be used to randomize the signature
-            expire time, thus spreading incremental signature
-            regeneration over time.
-          </para>
-          <para>
-            Signature lifetime jitter also to some extent benefits
-            validators and servers by spreading out cache expiration,
-            i.e. if large numbers of RRSIGs don't expire at the same time
-            from all caches there will be less congestion than if all
-            validators need to refetch at mostly the same time.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-n <replaceable class="parameter">ncpus</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the number of threads to use.  By default, one
-            thread is started for each detected CPU.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-N <replaceable class="parameter">soa-serial-format</replaceable></term>
-        <listitem>
-          <para>
-            The SOA serial number format of the signed zone.
-	    Possible formats are <command>"keep"</command> (default),
-            <command>"increment"</command> and
-	    <command>"unixtime"</command>.
-          </para>
-
-          <variablelist>
-	    <varlistentry>
-	      <term><command>"keep"</command></term>
-              <listitem>
-                <para>Do not modify the SOA serial number.</para>
-	      </listitem>
-            </varlistentry>
-
-	    <varlistentry>
-	      <term><command>"increment"</command></term>
-              <listitem>
-                <para>Increment the SOA serial number using RFC 1982
-                      arithmetics.</para>
-	      </listitem>
-            </varlistentry>
-
-	    <varlistentry>
-	      <term><command>"unixtime"</command></term>
-              <listitem>
-                <para>Set the SOA serial number to the number of seconds
-	        since epoch.</para>
-	      </listitem>
-            </varlistentry>
-	 </variablelist>
-
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-o <replaceable class="parameter">origin</replaceable></term>
-        <listitem>
-          <para>
-            The zone origin.  If not specified, the name of the zone file
-            is assumed to be the origin.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-O <replaceable class="parameter">output-format</replaceable></term>
-        <listitem>
-          <para>
-            The format of the output file containing the signed zone.
-	    Possible formats are <command>"text"</command> (default)
-	    and <command>"raw"</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p</term>
-        <listitem>
-          <para>
-            Use pseudo-random data when signing the zone.  This is faster,
-            but less secure, than using real random data.  This option
-            may be useful when signing large zones or when the entropy
-            source is limited.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-P</term>
-        <listitem>
-          <para>
-	    Disable post sign verification tests.
-          </para>
-          <para>
-	    The post sign verification test ensures that for each algorithm
-	    in use there is at least one non revoked self signed KSK key,
-	    that all revoked KSK keys are self signed, and that all records
-	    in the zone are signed by the algorithm.
-	    This option skips these tests.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-r <replaceable class="parameter">randomdev</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the source of randomness.  If the operating
-            system does not provide a <filename>/dev/random</filename>
-            or equivalent device, the default source of randomness
-            is keyboard input.  <filename>randomdev</filename>
-            specifies
-            the name of a character device or file containing random
-            data to be used instead of the default.  The special value
-            <filename>keyboard</filename> indicates that keyboard
-            input should be used.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t</term>
-        <listitem>
-          <para>
-            Print statistics at completion.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-z</term>
-        <listitem>
-          <para>
-            Ignore KSK flag on key when determining what to sign.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-3 <replaceable class="parameter">salt</replaceable></term>
-        <listitem>
-          <para>
-            Generate a NSEC3 chain with the given hex encoded salt.
-	    A dash (<replaceable class="parameter">salt</replaceable>) can
-	    be used to indicate that no salt is to be used when generating		    the NSEC3 chain.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-H <replaceable class="parameter">iterations</replaceable></term>
-        <listitem>
-          <para>
-	    When generating an NSEC3 chain, use this many iterations.  The
-	    default is 100.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-A</term>
-        <listitem>
-          <para>
-	    When generating a NSEC3 chain set the OPTOUT flag on all
-	    NSEC3 records and do not generate NSEC3 records for insecure
-	    delegations.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>zonefile</term>
-        <listitem>
-          <para>
-            The file containing the zone to be signed.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>key</term>
-        <listitem>
-          <para>
-	    Specify which keys should be used to sign the zone.  If
-	    no keys are specified, then the zone will be examined
-	    for DNSKEY records at the zone apex.  If these are found and
-	    there are matching private keys, in the current directory,
-	    then these will be used for signing.
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>EXAMPLE</title>
-    <para>
-      The following command signs the <userinput>example.com</userinput>
-      zone with the DSA key generated by <command>dnssec-keygen</command>
-      (Kexample.com.+003+17247).  The zone's keys must be in the master
-      file (<filename>db.example.com</filename>).  This invocation looks
-      for <filename>keyset</filename> files, in the current directory,
-      so that DS records can be generated from them (<command>-g</command>).
-    </para>
-<programlisting>% dnssec-signzone -g -o example.com db.example.com \
-Kexample.com.+003+17247
-db.example.com.signed
-%</programlisting>
-    <para>
-      In the above example, <command>dnssec-signzone</command> creates
-      the file <filename>db.example.com.signed</filename>.  This
-      file should be referenced in a zone statement in a
-      <filename>named.conf</filename> file.
-    </para>
-    <para>
-      This example re-signs a previously signed zone with default parameters.
-      The private keys are assumed to be in the current directory.
-    </para>
-<programlisting>% cp db.example.com.signed db.example.com
-% dnssec-signzone -o example.com db.example.com
-db.example.com.signed
-%</programlisting>
-  </refsect1>
-
-  <refsect1>
-    <title>KNOWN BUGS</title>
-    <para>
-        <command>dnssec-signzone</command> was designed so that it could
-        sign a zone partially, using only a subset of the DNSSEC keys
-        needed to produce a fully-signed zone.  This permits a zone
-        administrator, for example, to sign a zone with one key on one
-        machine, move the resulting partially-signed zone to a second
-        machine, and sign it again with a second key.
-    </para>
-    <para>
-        An unfortunate side-effect of this flexibility is that
-        <command>dnssec-signzone</command> does not check to make sure
-        it's signing a zone with any valid keys at all.  An attempt to
-        sign a zone without any keys will appear to succeed, producing
-        a "signed" zone with no signatures.  There is no warning issued
-        when a zone is not fully signed.
-    </para>
-
-    <para>
-        This will be corrected in a future release.  In the meantime, ISC
-        recommends examining the output of <command>dnssec-signzone</command>
-        to confirm that the zone is properly signed by all keys before
-        using it.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 4033</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-signzone.html

@@ -1,342 +0,0 @@
-<!--
- - Copyright (C) 2004-2009, 2012, 2013 Internet Systems Consortium, Inc. ("ISC")
- - Copyright (C) 2000-2003 Internet Software Consortium.
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id$ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dnssec-signzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dnssec-signzone"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">dnssec-signzone</span> &#8212; DNSSEC zone signing tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543564"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-signzone</strong></span>
-      signs a zone.  It generates
-      NSEC and RRSIG records and produces a signed version of the
-      zone.  It also generates a <code class="filename">keyset-</code> file containing
-      the key-signing keys for the zone, and if signing a zone which
-      contains delegations, it can optionally generate DS records for
-      the child zones from their <code class="filename">keyset-</code> files.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543582"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-a</span></dt>
-<dd><p>
-            Verify all generated signatures.
-          </p></dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
-            Specifies the DNS class of the zone.
-          </p></dd>
-<dt><span class="term">-k <em class="replaceable"><code>key</code></em></span></dt>
-<dd><p>
-            Treat specified key as a key signing key ignoring any
-            key flags.  This option may be specified multiple times.
-          </p></dd>
-<dt><span class="term">-l <em class="replaceable"><code>domain</code></em></span></dt>
-<dd><p>
-            Generate a DLV set in addition to the key (DNSKEY) and DS sets.
-            The domain is appended to the name of the records.
-          </p></dd>
-<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Look for <code class="filename">keyset</code> files in
-            <code class="option">directory</code> as the directory
-          </p></dd>
-<dt><span class="term">-g</span></dt>
-<dd><p>
-            If the zone contains any delegations, and there are
-            <code class="filename">keyset-</code> files for any of the child zones,
-            then DS records for the child zones will be generated from the
-            keys in those files.  Existing DS records will be removed.
-          </p></dd>
-<dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
-<dd><p>
-            Specify the date and time when the generated RRSIG records
-            become valid.  This can be either an absolute or relative
-            time.  An absolute start time is indicated by a number
-            in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-            14:45:00 UTC on May 30th, 2000.  A relative start time is
-            indicated by +N, which is N seconds from the current time.
-            If no <code class="option">start-time</code> is specified, the current
-            time minus 1 hour (to allow for clock skew) is used.
-          </p></dd>
-<dt><span class="term">-e <em class="replaceable"><code>end-time</code></em></span></dt>
-<dd><p>
-            Specify the date and time when the generated RRSIG records
-            expire.  As with <code class="option">start-time</code>, an absolute
-            time is indicated in YYYYMMDDHHMMSS notation.  A time relative
-            to the start time is indicated with +N, which is N seconds from
-            the start time.  A time relative to the current time is
-            indicated with now+N.  If no <code class="option">end-time</code> is
-            specified, 30 days from the start time is used as a default.
-          </p></dd>
-<dt><span class="term">-f <em class="replaceable"><code>output-file</code></em></span></dt>
-<dd><p>
-            The name of the output file containing the signed zone.  The
-            default is to append <code class="filename">.signed</code> to
-            the
-            input filename.
-          </p></dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Prints a short summary of the options and arguments to
-            <span><strong class="command">dnssec-signzone</strong></span>.
-          </p></dd>
-<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
-<dd>
-<p>
-            When a previously-signed zone is passed as input, records
-            may be resigned.  The <code class="option">interval</code> option
-            specifies the cycle interval as an offset from the current
-            time (in seconds).  If a RRSIG record expires after the
-            cycle interval, it is retained.  Otherwise, it is considered
-            to be expiring soon, and it will be replaced.
-          </p>
-<p>
-            The default cycle interval is one quarter of the difference
-            between the signature end and start times.  So if neither
-            <code class="option">end-time</code> or <code class="option">start-time</code>
-            are specified, <span><strong class="command">dnssec-signzone</strong></span>
-            generates
-            signatures that are valid for 30 days, with a cycle
-            interval of 7.5 days.  Therefore, if any existing RRSIG records
-            are due to expire in less than 7.5 days, they would be
-            replaced.
-          </p>
-</dd>
-<dt><span class="term">-I <em class="replaceable"><code>input-format</code></em></span></dt>
-<dd><p>
-            The format of the input zone file.
-	    Possible formats are <span><strong class="command">"text"</strong></span> (default)
-	    and <span><strong class="command">"raw"</strong></span>.
-	    This option is primarily intended to be used for dynamic
-            signed zones so that the dumped zone file in a non-text
-            format containing updates can be signed directly.
-	    The use of this option does not make much sense for
-	    non-dynamic zones.
-          </p></dd>
-<dt><span class="term">-j <em class="replaceable"><code>jitter</code></em></span></dt>
-<dd>
-<p>
-            When signing a zone with a fixed signature lifetime, all
-            RRSIG records issued at the time of signing expires
-            simultaneously.  If the zone is incrementally signed, i.e.
-            a previously-signed zone is passed as input to the signer,
-            all expired signatures have to be regenerated at about the
-            same time.  The <code class="option">jitter</code> option specifies a
-            jitter window that will be used to randomize the signature
-            expire time, thus spreading incremental signature
-            regeneration over time.
-          </p>
-<p>
-            Signature lifetime jitter also to some extent benefits
-            validators and servers by spreading out cache expiration,
-            i.e. if large numbers of RRSIGs don't expire at the same time
-            from all caches there will be less congestion than if all
-            validators need to refetch at mostly the same time.
-          </p>
-</dd>
-<dt><span class="term">-n <em class="replaceable"><code>ncpus</code></em></span></dt>
-<dd><p>
-            Specifies the number of threads to use.  By default, one
-            thread is started for each detected CPU.
-          </p></dd>
-<dt><span class="term">-N <em class="replaceable"><code>soa-serial-format</code></em></span></dt>
-<dd>
-<p>
-            The SOA serial number format of the signed zone.
-	    Possible formats are <span><strong class="command">"keep"</strong></span> (default),
-            <span><strong class="command">"increment"</strong></span> and
-	    <span><strong class="command">"unixtime"</strong></span>.
-          </p>
-<div class="variablelist"><dl>
-<dt><span class="term"><span><strong class="command">"keep"</strong></span></span></dt>
-<dd><p>Do not modify the SOA serial number.</p></dd>
-<dt><span class="term"><span><strong class="command">"increment"</strong></span></span></dt>
-<dd><p>Increment the SOA serial number using RFC 1982
-                      arithmetics.</p></dd>
-<dt><span class="term"><span><strong class="command">"unixtime"</strong></span></span></dt>
-<dd><p>Set the SOA serial number to the number of seconds
-	        since epoch.</p></dd>
-</dl></div>
-</dd>
-<dt><span class="term">-o <em class="replaceable"><code>origin</code></em></span></dt>
-<dd><p>
-            The zone origin.  If not specified, the name of the zone file
-            is assumed to be the origin.
-          </p></dd>
-<dt><span class="term">-O <em class="replaceable"><code>output-format</code></em></span></dt>
-<dd><p>
-            The format of the output file containing the signed zone.
-	    Possible formats are <span><strong class="command">"text"</strong></span> (default)
-	    and <span><strong class="command">"raw"</strong></span>.
-          </p></dd>
-<dt><span class="term">-p</span></dt>
-<dd><p>
-            Use pseudo-random data when signing the zone.  This is faster,
-            but less secure, than using real random data.  This option
-            may be useful when signing large zones or when the entropy
-            source is limited.
-          </p></dd>
-<dt><span class="term">-P</span></dt>
-<dd>
-<p>
-	    Disable post sign verification tests.
-          </p>
-<p>
-	    The post sign verification test ensures that for each algorithm
-	    in use there is at least one non revoked self signed KSK key,
-	    that all revoked KSK keys are self signed, and that all records
-	    in the zone are signed by the algorithm.
-	    This option skips these tests.
-          </p>
-</dd>
-<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
-<dd><p>
-            Specifies the source of randomness.  If the operating
-            system does not provide a <code class="filename">/dev/random</code>
-            or equivalent device, the default source of randomness
-            is keyboard input.  <code class="filename">randomdev</code>
-            specifies
-            the name of a character device or file containing random
-            data to be used instead of the default.  The special value
-            <code class="filename">keyboard</code> indicates that keyboard
-            input should be used.
-          </p></dd>
-<dt><span class="term">-t</span></dt>
-<dd><p>
-            Print statistics at completion.
-          </p></dd>
-<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-            Sets the debugging level.
-          </p></dd>
-<dt><span class="term">-z</span></dt>
-<dd><p>
-            Ignore KSK flag on key when determining what to sign.
-          </p></dd>
-<dt><span class="term">-3 <em class="replaceable"><code>salt</code></em></span></dt>
-<dd><p>
-            Generate a NSEC3 chain with the given hex encoded salt.
-	    A dash (<em class="replaceable"><code>salt</code></em>) can
-	    be used to indicate that no salt is to be used when generating		    the NSEC3 chain.
-          </p></dd>
-<dt><span class="term">-H <em class="replaceable"><code>iterations</code></em></span></dt>
-<dd><p>
-	    When generating an NSEC3 chain, use this many iterations.  The
-	    default is 100.
-          </p></dd>
-<dt><span class="term">-A</span></dt>
-<dd><p>
-	    When generating a NSEC3 chain set the OPTOUT flag on all
-	    NSEC3 records and do not generate NSEC3 records for insecure
-	    delegations.
-          </p></dd>
-<dt><span class="term">zonefile</span></dt>
-<dd><p>
-            The file containing the zone to be signed.
-          </p></dd>
-<dt><span class="term">key</span></dt>
-<dd><p>
-	    Specify which keys should be used to sign the zone.  If
-	    no keys are specified, then the zone will be examined
-	    for DNSKEY records at the zone apex.  If these are found and
-	    there are matching private keys, in the current directory,
-	    then these will be used for signing.
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544509"></a><h2>EXAMPLE</h2>
-<p>
-      The following command signs the <strong class="userinput"><code>example.com</code></strong>
-      zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
-      (Kexample.com.+003+17247).  The zone's keys must be in the master
-      file (<code class="filename">db.example.com</code>).  This invocation looks
-      for <code class="filename">keyset</code> files, in the current directory,
-      so that DS records can be generated from them (<span><strong class="command">-g</strong></span>).
-    </p>
-<pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
-Kexample.com.+003+17247
-db.example.com.signed
-%</pre>
-<p>
-      In the above example, <span><strong class="command">dnssec-signzone</strong></span> creates
-      the file <code class="filename">db.example.com.signed</code>.  This
-      file should be referenced in a zone statement in a
-      <code class="filename">named.conf</code> file.
-    </p>
-<p>
-      This example re-signs a previously signed zone with default parameters.
-      The private keys are assumed to be in the current directory.
-    </p>
-<pre class="programlisting">% cp db.example.com.signed db.example.com
-% dnssec-signzone -o example.com db.example.com
-db.example.com.signed
-%</pre>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544561"></a><h2>KNOWN BUGS</h2>
-<p>
-        <span><strong class="command">dnssec-signzone</strong></span> was designed so that it could
-        sign a zone partially, using only a subset of the DNSSEC keys
-        needed to produce a fully-signed zone.  This permits a zone
-        administrator, for example, to sign a zone with one key on one
-        machine, move the resulting partially-signed zone to a second
-        machine, and sign it again with a second key.
-    </p>
-<p>
-        An unfortunate side-effect of this flexibility is that
-        <span><strong class="command">dnssec-signzone</strong></span> does not check to make sure
-        it's signing a zone with any valid keys at all.  An attempt to
-        sign a zone without any keys will appear to succeed, producing
-        a "signed" zone with no signatures.  There is no warning issued
-        when a zone is not fully signed.
-    </p>
-<p>
-        This will be corrected in a future release.  In the meantime, ISC
-        recommends examining the output of <span><strong class="command">dnssec-signzone</strong></span>
-        to confirm that the zone is properly signed by all keys before
-        using it.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544723"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 4033</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544747"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/dnssec/dnssectool.c

@@ -1,27 +1,21 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2009, 2012  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id$ */
-
-/*! \file */
-
-/*%
- * DNSSEC Support Routines.
- */
+/* $Id: dnssectool.c,v 1.12.2.1 2000/08/07 16:41:38 gson Exp $ */
 
 #include <config.h>
 
@@ -29,61 +23,45 @@
 
 #include <isc/buffer.h>
 #include <isc/entropy.h>
-#include <isc/list.h>
-#include <isc/mem.h>
+#include <isc/keyboard.h>
 #include <isc/string.h>
 #include <isc/time.h>
 #include <isc/util.h>
-#include <isc/print.h>
 
 #include <dns/log.h>
 #include <dns/name.h>
-#include <dns/rdatastruct.h>
-#include <dns/rdataclass.h>
 #include <dns/rdatatype.h>
 #include <dns/result.h>
 #include <dns/secalg.h>
-#include <dns/time.h>
 
 #include "dnssectool.h"
 
 extern int verbose;
 extern const char *program;
 
-typedef struct entropysource entropysource_t;
-
-struct entropysource {
-	isc_entropysource_t *source;
-	isc_mem_t *mctx;
-	ISC_LINK(entropysource_t) link;
-};
-
-static ISC_LIST(entropysource_t) sources;
-static fatalcallback_t *fatalcallback = NULL;
+static isc_entropysource_t *source = NULL;
+static isc_keyboard_t kbd;
+static isc_boolean_t wantkeyboard = ISC_FALSE;
 
 void
 fatal(const char *format, ...) {
 	va_list args;
 
-	fprintf(stderr, "%s: fatal: ", program);
+	fprintf(stderr, "%s: ", program);
 	va_start(args, format);
 	vfprintf(stderr, format, args);
 	va_end(args);
 	fprintf(stderr, "\n");
-	if (fatalcallback != NULL)
-		(*fatalcallback)();
 	exit(1);
 }
 
-void
-setfatalcallback(fatalcallback_t *callback) {
-	fatalcallback = callback;
-}
-
 void
 check_result(isc_result_t result, const char *message) {
-	if (result != ISC_R_SUCCESS)
-		fatal("%s: %s", message, isc_result_totext(result));
+	if (result != ISC_R_SUCCESS) {
+		fprintf(stderr, "%s: %s: %s\n", program, message,
+			isc_result_totext(result));
+		exit(1);
+	}
 }
 
 void
@@ -97,65 +75,62 @@ vbprintf(int level, const char *fmt, ...) {
 	va_end(ap);
 }
 
-void
-type_format(const dns_rdatatype_t type, char *cp, unsigned int size) {
+char *
+nametostr(dns_name_t *name) {
 	isc_buffer_t b;
 	isc_region_t r;
 	isc_result_t result;
+	static char data[1025];
 
-	isc_buffer_init(&b, cp, size - 1);
+	isc_buffer_init(&b, data, sizeof(data));
+	result = dns_name_totext(name, ISC_FALSE, &b);
+	check_result(result, "dns_name_totext()");
+	isc_buffer_usedregion(&b, &r);
+	r.base[r.length] = 0;
+	return (char *) r.base;
+}
+
+char *
+typetostr(const dns_rdatatype_t type) {
+	isc_buffer_t b;
+	isc_region_t r;
+	isc_result_t result;
+	static char data[20];
+
+	isc_buffer_init(&b, data, sizeof(data));
 	result = dns_rdatatype_totext(type, &b);
 	check_result(result, "dns_rdatatype_totext()");
 	isc_buffer_usedregion(&b, &r);
 	r.base[r.length] = 0;
+	return (char *) r.base;
 }
 
-void
-alg_format(const dns_secalg_t alg, char *cp, unsigned int size) {
+char *
+algtostr(const dns_secalg_t alg) {
 	isc_buffer_t b;
 	isc_region_t r;
 	isc_result_t result;
+	static char data[10];
 
-	isc_buffer_init(&b, cp, size - 1);
+	isc_buffer_init(&b, data, sizeof(data));
 	result = dns_secalg_totext(alg, &b);
 	check_result(result, "dns_secalg_totext()");
 	isc_buffer_usedregion(&b, &r);
 	r.base[r.length] = 0;
-}
-
-void
-sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size) {
-	char namestr[DNS_NAME_FORMATSIZE];
-	char algstr[DNS_NAME_FORMATSIZE];
-
-	dns_name_format(&sig->signer, namestr, sizeof(namestr));
-	alg_format(sig->algorithm, algstr, sizeof(algstr));
-	snprintf(cp, size, "%s/%s/%d", namestr, algstr, sig->keyid);
-}
-
-void
-key_format(const dst_key_t *key, char *cp, unsigned int size) {
-	char namestr[DNS_NAME_FORMATSIZE];
-	char algstr[DNS_NAME_FORMATSIZE];
-
-	dns_name_format(dst_key_name(key), namestr, sizeof(namestr));
-	alg_format((dns_secalg_t) dst_key_alg(key), algstr, sizeof(algstr));
-	snprintf(cp, size, "%s/%s/%d", namestr, algstr, dst_key_id(key));
+	return ((char *)r.base);
 }
 
 void
 setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp) {
 	isc_result_t result;
 	isc_logdestination_t destination;
-	isc_logconfig_t *logconfig = NULL;
-	isc_log_t *log = NULL;
+	isc_logconfig_t *logconfig;
+	isc_log_t *log = 0;
 	int level;
 
-	if (verbose < 0)
-		verbose = 0;
 	switch (verbose) {
-	case 0:
-		/*
+        case 0:
+                /*
 		 * We want to see warnings about things like out-of-zone
 		 * data in the master file even when not verbose.
 		 */
@@ -168,7 +143,7 @@ setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp) {
 		level = ISC_LOG_DEBUG(verbose - 2 + 1);
 		break;
 	}
-
+	
 	RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
 	isc_log_setcontext(log);
 	dns_log_init(log);
@@ -192,122 +167,114 @@ setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp) {
 				       &destination,
 				       ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL);
 	check_result(result, "isc_log_createchannel()");
-
+	
 	RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",
 					 NULL, NULL) == ISC_R_SUCCESS);
 
 	*logp = log;
 }
 
-void
-cleanup_logging(isc_log_t **logp) {
-	isc_log_t *log;
+static isc_result_t
+kbdstart(isc_entropysource_t *source, void *arg, isc_boolean_t blocking) {
+	isc_keyboard_t *kbd = (isc_keyboard_t *)arg;
+	static isc_boolean_t first = ISC_TRUE;
 
-	REQUIRE(logp != NULL);
+	UNUSED(source);
 
-	log = *logp;
-	if (log == NULL)
-		return;
-	isc_log_destroy(&log);
-	isc_log_setcontext(NULL);
-	dns_log_setcontext(NULL);
-	logp = NULL;
+	if (!blocking)
+		return (ISC_R_NOENTROPY);
+	if (first) {
+		if (!wantkeyboard) {
+			fprintf(stderr, "You must use the keyboard to create "
+				"entropy, since your system is lacking\n");
+			fprintf(stderr, "/dev/random\n\n");
+		}
+		first = ISC_FALSE;
+	}
+	fprintf(stderr, "start typing:\n");
+	return (isc_keyboard_open(kbd));
+}
+
+static void
+kbdstop(isc_entropysource_t *source, void *arg) {
+	isc_keyboard_t *kbd = (isc_keyboard_t *)arg;
+
+	UNUSED(source);
+
+	if (!isc_keyboard_canceled(kbd))
+		fprintf(stderr, "stop typing.\r\n");
+	(void)isc_keyboard_close(kbd, 3);
+}
+
+static isc_result_t
+kbdget(isc_entropysource_t *source, void *arg, isc_boolean_t blocking) {
+	isc_keyboard_t *kbd = (isc_keyboard_t *)arg;
+	isc_result_t result;
+	isc_time_t t;
+	isc_uint32_t sample;
+	isc_uint32_t extra;
+	unsigned char c;
+
+	if (!blocking)
+		return (ISC_R_NOENTROPY);
+
+	result = isc_keyboard_getchar(kbd, &c);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	result = isc_time_now(&t);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+        sample = isc_time_nanoseconds(&t);
+	extra = c;
+
+	result = isc_entropy_addcallbacksample(source, sample, extra);
+	if (result != ISC_R_SUCCESS) {
+		fprintf(stderr, "\r\n");
+		return (result);
+	}
+
+	fprintf(stderr, ".");
+	fflush(stderr);
+
+	return (result);
 }
 
 void
 setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
 	isc_result_t result;
-	isc_entropysource_t *source = NULL;
-	entropysource_t *elt;
-	int usekeyboard = ISC_ENTROPY_KEYBOARDMAYBE;
-
-	REQUIRE(ectx != NULL);
-
-	if (*ectx == NULL) {
-		result = isc_entropy_create(mctx, ectx);
-		if (result != ISC_R_SUCCESS)
-			fatal("could not create entropy object");
-		ISC_LIST_INIT(sources);
-	}
-
-	if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
-		usekeyboard = ISC_ENTROPY_KEYBOARDYES;
-		randomfile = NULL;
-	}
-
-	result = isc_entropy_usebestsource(*ectx, &source, randomfile,
-					   usekeyboard);
 
+	result = isc_entropy_create(mctx, ectx);
 	if (result != ISC_R_SUCCESS)
-		fatal("could not initialize entropy source: %s",
-		      isc_result_totext(result));
-
-	if (source != NULL) {
-		elt = isc_mem_get(mctx, sizeof(*elt));
-		if (elt == NULL)
-			fatal("out of memory");
-		elt->source = source;
-		elt->mctx = mctx;
-		ISC_LINK_INIT(elt, link);
-		ISC_LIST_APPEND(sources, elt, link);
+		fatal("could not create entropy object");
+	if (randomfile != NULL && strcasecmp(randomfile, "keyboard") != 0) {
+		result = isc_entropy_createfilesource(*ectx, randomfile);
+		if (result != ISC_R_SUCCESS)
+			fatal("could not open randomdev %s: %s", randomfile,
+			      isc_result_totext(result));
+	}
+	else {
+		if (randomfile == NULL) {
+			result = isc_entropy_createfilesource(*ectx,
+							      "/dev/random");
+			if (result == ISC_R_SUCCESS)
+				return;
+		}
+		else
+			wantkeyboard = ISC_TRUE;
+		result = isc_entropy_createcallbacksource(*ectx, kbdstart,
+							  kbdget, kbdstop,
+							  &kbd, &source);
+		if (result != ISC_R_SUCCESS)
+			fatal("failed to open keyboard: %s\n",
+			      isc_result_totext(result));
 	}
 }
 
 void
 cleanup_entropy(isc_entropy_t **ectx) {
-	entropysource_t *source;
-	while (!ISC_LIST_EMPTY(sources)) {
-		source = ISC_LIST_HEAD(sources);
-		ISC_LIST_UNLINK(sources, source, link);
-		isc_entropy_destroysource(&source->source);
-		isc_mem_put(source->mctx, source, sizeof(*source));
-	}
+	if (source != NULL)
+		isc_entropy_destroysource(&source);
 	isc_entropy_detach(ectx);
 }
-
-isc_stdtime_t
-strtotime(const char *str, isc_int64_t now, isc_int64_t base) {
-	isc_int64_t val, offset;
-	isc_result_t result;
-	char *endp;
-
-	if (str[0] == '+') {
-		offset = strtol(str + 1, &endp, 0);
-		if (*endp != '\0')
-			fatal("time value %s is invalid", str);
-		val = base + offset;
-	} else if (strncmp(str, "now+", 4) == 0) {
-		offset = strtol(str + 4, &endp, 0);
-		if (*endp != '\0')
-			fatal("time value %s is invalid", str);
-		val = now + offset;
-	} else if (strlen(str) == 8U) {
-		char timestr[15];
-		sprintf(timestr, "%s000000", str);
-		result = dns_time64_fromtext(timestr, &val);
-		if (result != ISC_R_SUCCESS)
-			fatal("time value %s is invalid", str);
-	} else {
-		result = dns_time64_fromtext(str, &val);
-		if (result != ISC_R_SUCCESS)
-			fatal("time value %s is invalid", str);
-	}
-
-	return ((isc_stdtime_t) val);
-}
-
-dns_rdataclass_t
-strtoclass(const char *str) {
-	isc_textregion_t r;
-	dns_rdataclass_t rdclass;
-	isc_result_t ret;
-
-	if (str == NULL)
-		return dns_rdataclass_in;
-	DE_CONST(str, r.base);
-	r.length = strlen(str);
-	ret = dns_rdataclass_fromtext(&rdclass, &r);
-	if (ret != ISC_R_SUCCESS)
-		fatal("unknown class %s", str);
-	return (rdclass);
-}

bin/dnssec/dnssectool.h

@@ -1,77 +1,52 @@
 /*
- * Copyright (C) 2004, 2007-2009, 2011, 2012  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id$ */
+/* $Id: dnssectool.h,v 1.6 2000/06/22 21:49:07 tale Exp $ */
 
 #ifndef DNSSECTOOL_H
 #define DNSSECTOOL_H 1
 
 #include <isc/log.h>
-#include <isc/stdtime.h>
-#include <dns/rdatastruct.h>
-#include <dst/dst.h>
-
-typedef void (fatalcallback_t)(void);
-
-ISC_PLATFORM_NORETURN_PRE void
-fatal(const char *format, ...)
-ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
 
 void
-setfatalcallback(fatalcallback_t *callback);
+fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
 
 void
 check_result(isc_result_t result, const char *message);
 
 void
-vbprintf(int level, const char *fmt, ...) ISC_FORMAT_PRINTF(2, 3);
+vbprintf(int level, const char *fmt, ...);
 
-void
-type_format(const dns_rdatatype_t type, char *cp, unsigned int size);
-#define TYPE_FORMATSIZE 20
+char *
+nametostr(dns_name_t *name);
 
-void
-alg_format(const dns_secalg_t alg, char *cp, unsigned int size);
-#define ALG_FORMATSIZE 20
+char *
+typetostr(const dns_rdatatype_t type);
 
-void
-sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size);
-#define SIG_FORMATSIZE (DNS_NAME_FORMATSIZE + ALG_FORMATSIZE + sizeof("65535"))
-
-void
-key_format(const dst_key_t *key, char *cp, unsigned int size);
-#define KEY_FORMATSIZE (DNS_NAME_FORMATSIZE + ALG_FORMATSIZE + sizeof("65535"))
+char *
+algtostr(const dns_secalg_t alg);
 
 void
 setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp);
 
-void
-cleanup_logging(isc_log_t **logp);
-
 void
 setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx);
 
 void
 cleanup_entropy(isc_entropy_t **ectx);
 
-isc_stdtime_t
-strtotime(const char *str, isc_int64_t now, isc_int64_t base);
-
-dns_rdataclass_t
-strtoclass(const char *str);
-
 #endif /* DNSSEC_DNSSECTOOL_H */

bin/dnssec/win32/dnssectool.dsp

@@ -1,113 +0,0 @@
-# Microsoft Developer Studio Project File - Name="dnssectool" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
-
-CFG=dnssectool - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "dnssectool.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dnssectool.mak" CFG="dnssectool - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dnssectool - Win32 Release" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE "dnssectool - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "dnssectool - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddnssectool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /out:"Release/dnssectool.lib"
-
-!ELSEIF  "$(CFG)" == "dnssectool - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddnssectool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /debug out:"Debug/dnssectool.lib"
-
-!ENDIF 
-
-# Begin Target
-
-# Name "dnssectool - Win32 Release"
-# Name "dnssectool - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# Begin Group "Main Dns Lib"
-
-# PROP Default_Filter "c"
-# Begin Source File
-
-SOURCE=..\dnssectool.c
-# End Source File
-# End Group
-# End Target
-# End Project

bin/dnssec/win32/dnssectool.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "dighost"=".\dnssectool.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dnssec/win32/dsfromkey.dsp

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="dsfromkey" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=dsfromkey - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "dsfromkey.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dsfromkey.mak" CFG="dsfromkey - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dsfromkey - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "dsfromkey - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-dsfromkey.exe"
-
-!ELSEIF  "$(CFG)" == "dsfromkey - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-dsfromkey.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "dsfromkey - Win32 Release"
-# Name "dsfromkey - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\dnssec-dsfromkey.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/dnssec/win32/dsfromkey.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "dsfromkey"=".\dsfromkey.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dnssec/win32/dsfromkey.mak

@@ -1,324 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on dsfromkey.dsp
-!IF "$(CFG)" == ""
-CFG=dsfromkey - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to dsfromkey - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "dsfromkey - Win32 Release" && "$(CFG)" != "dsfromkey - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dsfromkey.mak" CFG="dsfromkey - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dsfromkey - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "dsfromkey - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\dnssec-dsfromkey.exe"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\dnssec-dsfromkey.obj"
-	-@erase "$(INTDIR)\dnssectool.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\dnssec-dsfromkey.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dsfromkey.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\dsfromkey.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dnssec-dsfromkey.pdb" /machine:I386 /out:"../../../Build/Release/dnssec-dsfromkey.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\dnssec-dsfromkey.obj" \
-	"$(INTDIR)\dnssectool.obj"
-
-"..\..\..\Build\Release\dnssec-dsfromkey.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "dsfromkey - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\dnssec-dsfromkey.exe" "$(OUTDIR)\dsfromkey.bsc"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\dnssec-dsfromkey.obj"
-	-@erase "$(INTDIR)\dnssec-dsfromkey.sbr"
-	-@erase "$(INTDIR)\dnssectool.obj"
-	-@erase "$(INTDIR)\dnssectool.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\dnssec-dsfromkey.pdb"
-	-@erase "$(OUTDIR)\dsfromkey.bsc"
-	-@erase "..\..\..\Build\Debug\dnssec-dsfromkey.exe"
-	-@erase "..\..\..\Build\Debug\dnssec-dsfromkey.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\dsfromkey.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\dnssec-dsfromkey.sbr" \
-	"$(INTDIR)\dnssectool.sbr"
-
-"$(OUTDIR)\dsfromkey.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dnssec-dsfromkey.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dnssec-dsfromkey.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\dnssec-dsfromkey.obj" \
-	"$(INTDIR)\dnssectool.obj"
-
-"..\..\..\Build\Debug\dnssec-dsfromkey.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("dsfromkey.dep")
-!INCLUDE "dsfromkey.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "dsfromkey.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "dsfromkey - Win32 Release" || "$(CFG)" == "dsfromkey - Win32 Debug"
-SOURCE="..\dnssec-dsfromkey.c"
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-
-
-"$(INTDIR)\dnssec-dsfromkey.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "dsfromkey - Win32 Debug"
-
-
-"$(INTDIR)\dnssec-dsfromkey.obj"	"$(INTDIR)\dnssec-dsfromkey.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\dnssectool.c
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-
-
-"$(INTDIR)\dnssectool.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "dsfromkey - Win32 Debug"
-
-
-"$(INTDIR)\dnssectool.obj"	"$(INTDIR)\dnssectool.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dnssec/win32/keyfromlabel.dsp

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="keyfromlabel" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=keyfromlabel - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "keyfromlabel.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "keyfromlabel.mak" CFG="keyfromlabel - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "keyfromlabel - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "keyfromlabel - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-keyfromlabel.exe"
-
-!ELSEIF  "$(CFG)" == "keyfromlabel - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keyfromlabel.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "keyfromlabel - Win32 Release"
-# Name "keyfromlabel - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\dnssec-keyfromlabel.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/dnssec/win32/keyfromlabel.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "keyfromlabel"=".\keyfromlabel.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dnssec/win32/keyfromlabel.mak

@@ -1,324 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on keyfromlabel.dsp
-!IF "$(CFG)" == ""
-CFG=keyfromlabel - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to keyfromlabel - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "keyfromlabel - Win32 Release" && "$(CFG)" != "keyfromlabel - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "keyfromlabel.mak" CFG="keyfromlabel - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "keyfromlabel - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "keyfromlabel - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\dnssec-keyfromlabel.exe"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\dnssec-keyfromlabel.obj"
-	-@erase "$(INTDIR)\dnssectool.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\dnssec-keyfromlabel.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\keyfromlabel.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\keyfromlabel.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dnssec-keyfromlabel.pdb" /machine:I386 /out:"../../../Build/Release/dnssec-keyfromlabel.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\dnssec-keyfromlabel.obj" \
-	"$(INTDIR)\dnssectool.obj"
-
-"..\..\..\Build\Release\dnssec-keyfromlabel.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "keyfromlabel - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\dnssec-keyfromlabel.exe" "$(OUTDIR)\keyfromlabel.bsc"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\dnssec-keyfromlabel.obj"
-	-@erase "$(INTDIR)\dnssec-keyfromlabel.sbr"
-	-@erase "$(INTDIR)\dnssectool.obj"
-	-@erase "$(INTDIR)\dnssectool.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\dnssec-keyfromlabel.pdb"
-	-@erase "$(OUTDIR)\keyfromlabel.bsc"
-	-@erase "..\..\..\Build\Debug\dnssec-keyfromlabel.exe"
-	-@erase "..\..\..\Build\Debug\dnssec-keyfromlabel.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\keyfromlabel.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\dnssec-keyfromlabel.sbr" \
-	"$(INTDIR)\dnssectool.sbr"
-
-"$(OUTDIR)\keyfromlabel.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dnssec-keyfromlabel.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keyfromlabel.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\dnssec-keyfromlabel.obj" \
-	"$(INTDIR)\dnssectool.obj"
-
-"..\..\..\Build\Debug\dnssec-keyfromlabel.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("keyfromlabel.dep")
-!INCLUDE "keyfromlabel.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "keyfromlabel.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "keyfromlabel - Win32 Release" || "$(CFG)" == "keyfromlabel - Win32 Debug"
-SOURCE="..\dnssec-keyfromlabel.c"
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-
-
-"$(INTDIR)\dnssec-keyfromlabel.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "keyfromlabel - Win32 Debug"
-
-
-"$(INTDIR)\dnssec-keyfromlabel.obj"	"$(INTDIR)\dnssec-keyfromlabel.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\dnssectool.c
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-
-
-"$(INTDIR)\dnssectool.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "keyfromlabel - Win32 Debug"
-
-
-"$(INTDIR)\dnssectool.obj"	"$(INTDIR)\dnssectool.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dnssec/win32/keygen.dsp

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="keygen" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=keygen - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "keygen.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "keygen.mak" CFG="keygen - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "keygen - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "keygen - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "keygen - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-keygen.exe"
-
-!ELSEIF  "$(CFG)" == "keygen - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keygen.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "keygen - Win32 Release"
-# Name "keygen - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\dnssec-keygen.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/dnssec/win32/keygen.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "keygen"=".\keygen.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-