This commit was manufactured by cvs2git to create tag 'v9_4_0b2'.

[RT #16360]

Atffile

@@ -1,5 +0,0 @@
-Content-Type: application/X-atf-atffile; version="1"
-
-prop: test-suite = bind9
-
-tp: lib

COPYRIGHT

@@ -1,7 +1,7 @@
-Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
 Copyright (C) 1996-2003  Internet Software Consortium.
 
-Permission to use, copy, modify, and/or distribute this software for any
+Permission to use, copy, modify, and distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
 copyright notice and this permission notice appear in all copies.
 
@@ -13,15 +13,9 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 PERFORMANCE OF THIS SOFTWARE.
 
-$Id: COPYRIGHT,v 1.14.176.4 2011/02/22 06:40:42 marka Exp $
+$Id: COPYRIGHT,v 1.9.18.2 2006/01/04 00:37:23 marka Exp $
 
-	Portions of this code release fall under one or more of the
-	following Copyright notices.  Please see individual source
-	files for details.
-
-	For binary releases also see: OpenSSL-LICENSE.
-
-Copyright (C) 1996-2001  Nominum, Inc.
+Portions Copyright (C) 1996-2001  Nominum, Inc.
 
 Permission to use, copy, modify, and distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
@@ -34,485 +28,3 @@ ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
 WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
 ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
 OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 1995-2000 by Network Associates, Inc.
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
-ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
-FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the
-above copyright notice and this permission notice appear in all
-copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET
-DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
-USE OR PERFORMANCE OF THIS SOFTWARE.
-
-The development of Dynamically Loadable Zones (DLZ) for Bind 9 was
-conceived and contributed by Rob Butler.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the
-above copyright notice and this permission notice appear in all
-copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER
-DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
-USE OR PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1987, 1990, 1993, 1994
-     The Regents of the University of California.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. All advertising materials mentioning features or use of this software
-   must display the following acknowledgement:
-     This product includes software developed by the University of
-     California, Berkeley and its contributors.
-4. Neither the name of the University nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) The Internet Society 2005.  This version of
-this module is part of RFC 4178; see the RFC itself for
-full legal notices.
-
-(The above copyright notice is per RFC 3978 5.6 (a), q.v.)
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 2004 Masarykova universita
-(Masaryk University, Brno, Czech Republic)
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice,
-   this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the University nor the names of its contributors may
-   be used to endorse or promote products derived from this software
-   without specific prior written permission.
- 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
-(Royal Institute of Technology, Stockholm, Sweden). 
-All rights reserved. 
-
-Redistribution and use in source and binary forms, with or without 
-modification, are permitted provided that the following conditions 
-are met: 
-
-1. Redistributions of source code must retain the above copyright 
-   notice, this list of conditions and the following disclaimer. 
-
-2. Redistributions in binary form must reproduce the above copyright 
-   notice, this list of conditions and the following disclaimer in the 
-   documentation and/or other materials provided with the distribution. 
-
-3. Neither the name of the Institute nor the names of its contributors 
-   may be used to endorse or promote products derived from this software 
-   without specific prior written permission. 
-
-THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-SUCH DAMAGE. 
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1998 Doug Rabson
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright ((c)) 2002, Rice University
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-    notice, this list of conditions and the following disclaimer.
-
-    * Redistributions in binary form must reproduce the above
-    copyright notice, this list of conditions and the following
-    disclaimer in the documentation and/or other materials provided
-    with the distribution.
-
-    * Neither the name of Rice University (RICE) nor the names of its
-    contributors may be used to endorse or promote products derived
-    from this software without specific prior written permission.
-
-
-This software is provided by RICE and the contributors on an "as is"
-basis, without any representations or warranties of any kind, express
-or implied including, but not limited to, representations or
-warranties of non-infringement, merchantability or fitness for a
-particular purpose. In no event shall RICE or contributors be liable
-for any direct, indirect, incidental, special, exemplary, or
-consequential damages (including, but not limited to, procurement of
-substitute goods or services; loss of use, data, or profits; or
-business interruption) however caused and on any theory of liability,
-whether in contract, strict liability, or tort (including negligence
-or otherwise) arising in any way out of the use of this software, even
-if advised of the possibility of such damage.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1993 by Digital Equipment Corporation.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies, and that
-the name of Digital Equipment Corporation not be used in advertising or
-publicity pertaining to distribution of the document or software without
-specific, written prior permission.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
-CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright 2000 Aaron D. Gifford.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. Neither the name of the copyright holder nor the names of contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
- 
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1998 Doug Rabson.
-Copyright (c) 2001 Jake Burkholder.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. Neither the name of the project nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1999-2000 by Nortel Networks Corporation
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS
-ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS
-BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
-OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
-WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
-ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 2000-2002 Japan Network Information Center.  All rights reserved.
- 
-By using this file, you agree to the terms and conditions set forth bellow.
-
-                        LICENSE TERMS AND CONDITIONS 
-
-The following License Terms and Conditions apply, unless a different
-license is obtained from Japan Network Information Center ("JPNIC"),
-a Japanese association, Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda,
-Chiyoda-ku, Tokyo 101-0047, Japan.
-
-1. Use, Modification and Redistribution (including distribution of any
-   modified or derived work) in source and/or binary forms is permitted
-   under this License Terms and Conditions.
-
-2. Redistribution of source code must retain the copyright notices as they
-   appear in each source code file, this License Terms and Conditions.
-
-3. Redistribution in binary form must reproduce the Copyright Notice,
-   this License Terms and Conditions, in the documentation and/or other
-   materials provided with the distribution.  For the purposes of binary
-   distribution the "Copyright Notice" refers to the following language:
-   "Copyright (c) 2000-2002 Japan Network Information Center.  All rights
-   reserved."
-
-4. The name of JPNIC may not be used to endorse or promote products
-   derived from this Software without specific prior written approval of
-   JPNIC.
-
-5. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY JPNIC
-   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL JPNIC BE LIABLE
-   FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-   SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-   ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 2004  Nominet, Ltd.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND NOMINET DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Portions Copyright RSA Security Inc.
-
-License to copy and use this software is granted provided that it is
-identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-(Cryptoki)" in all material mentioning or referencing this software.
-
-License is also granted to make and use derivative works provided that
-such works are identified as "derived from the RSA Security Inc. PKCS #11
-Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-referencing the derived work.
-
-RSA Security Inc. makes no representations concerning either the
-merchantability of this software or the suitability of this software for
-any particular purpose. It is provided "as is" without express or implied
-warranty of any kind.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1996, David Mazieres <dm@uun.org>
-Copyright (c) 2008, Damien Miller <djm@openbsd.org>
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
------------------------------------------------------------------------------
-
-Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in
-   the documentation and/or other materials provided with the
-   distribution.
-
-3. All advertising materials mentioning features or use of this
-   software must display the following acknowledgment:
-   "This product includes software developed by the OpenSSL Project
-   for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-
-4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-   endorse or promote products derived from this software without
-   prior written permission. For written permission, please contact
-   licensing@OpenSSL.org.
-
-5. Products derived from this software may not be called "OpenSSL"
-   nor may "OpenSSL" appear in their names without prior written
-   permission of the OpenSSL Project.
-
-6. Redistributions of any form whatsoever must retain the following
-   acknowledgment:
-   "This product includes software developed by the OpenSSL Project
-   for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-
-THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-OF THE POSSIBILITY OF SUCH DAMAGE.
-

EXCLUDED

@@ -1,519 +0,0 @@
-3005.   [port]          Solaris: Work around the lack of
-                        gsskrb5_register_acceptor_identity() by setting
-                        the KRB5_KTNAME environment variable to the
-                        contents of tkey-gssapi-keytab.  Also fixed
-                        test errors on MacOSX.  [RT #22853]
-
-3003.   [experimental]  Added update-policy match type "external",
-                        enabling named to defer the decision of whether to
-                        allow a dynamic update to an external daemon.
-                        (Contributed by Andrew Tridgell.) [RT #22758]
-
-3000.   [bug]           More TKEY/GSS fixes:
-                         - nsupdate can now get the default realm from
-                           the user's Kerberos principal
-                         - corrected gsstest compilation flags
-                         - improved documentation
-                         - fixed some NULL dereferences
-                        [RT #22795]
-
-2992.   [contrib]       contrib/check-secure-delegation.pl:  A simple tool
-                        for looking at a secure delegation. [RT #22059]
-
-2991.   [contrib]       contrib/zone-edit.sh: A simple zone editing tool for
-                        dynamic zones. [RT #22365]
-
-2990.   [bug]           'dnssec-settime -S' no longer tests prepublication
-                        interval validity when the interval is set to 0.
-                        [RT #22761]
-
-2988.   [experimental]  Added a "dlopen" DLZ driver, allowing the creation
-                        of external DLZ drivers that can be loaded as
-                        shared objects at runtime rather than linked with
-                        named.  Currently this is switched on via a
-                        compile-time option, "configure --with-dlz-dlopen".
-                        Note: the syntax for configuring DLZ zones
-                        is likely to be refined in future releases.
-                        (Contributed by Andrew Tridgell of the Samba
-                        project.) [RT #22629]
-
-2985.   [bug]           Add a regression test for change #2896. [RT #21324]
-
-2983.   [bug]           Include "loadkeys" in rndc help output. [RT #22493]
-
-2980.   [bug]           named didn't properly handle UPDATES that changed the
-                        TTL of the NSEC3PARAM RRset. [RT #22363]
-
-2977.   [bug]           'nsupdate -l' report if the session key is missing.
-                        [RT #21670]
-
-2973.   [bug]           bind.keys.h was being removed by the "make clean"
-                        at the end of configure resulting in build failures
-                        where there is very old version of perl installed.
-                        Move it to "make maintainer-clean". [RT #22230]
-
-2963.   [security]      The allow-query acl was being applied instead of the
-                        allow-query-cache acl to cache lookups. [RT #22114]
-
-2961.   [bug]           Be still more selective about the non-authoritative
-                        answers we apply change 2748 to. [RT #22074]
-
-2949.   [bug]           dns_view_setnewzones() contained a memory leak if
-                        it was called multiple times. [RT #21942]
-
-2948.   [port]          MacOS: provide a mechanism to configure the test
-                        interfaces at reboot. See bin/tests/system/README
-                        for details.
-
-2940.   [port]          Remove connection aborted error message on
-                        Windows. [RT #21549]
-
-2938.   [bug]           When generating signed responses, from a signed zone
-                        that uses NSEC3, named would use a uninitialised
-                        pointer if it needed to skip a NSEC3 record because
-                        it didn't match the selected NSEC3PARAM record for
-                        zone. [RT# 21868]
-
-2930.   [experimental]  New "rndc addzone" and "rndc delzone" commads
-                        allow dynamic addition and deletion of zones.
-                        To enable this feature, specify a "new-zone-file"
-                        option at the view or options level in named.conf.
-                        Zone configuration information for the new zones
-                        will be written into that file.  To make the new
-                        zones persist after a restart, "include" the file
-                        into named.conf in the appropriate view.  (Note:
-                        This feature is not yet documented, and its syntax
-                        is expected to change.) [RT #19447]
-
-2928.   [bug]           Be more selective about the non-authoritative
-                        answer we apply change 2748 to. [RT #21594]
-
-2914.   [bug]           Make the "autosign" system test more portable.
-                        [RT #20997]
-
-2909.   [bug]           named-checkconf -p could die if "update-policy local;"
-                        was specified in named.conf. [RT #21416]
-
-2907.   [bug]           The export version of libdns had undefined references.
-                        [RT #21444]
-
-2906.   [bug]           Address RFC 5011 implementation issues. [RT #20903]
-
-2903.   [bug]           managed-keys-directory missing from namedconf.c.
-                        [RT #21370]
-
-2897.   [bug]           NSEC3 chains could be left behind when transitioning
-                        to insecure. [RT #21040]
-
-2896.   [bug]           "rndc sign" failed to properly update the zone
-                        when adding a DNSKEY for publication only. [RT #21045]
-
-2893.   [bug]           Improve managed keys support.  New named.conf option
-                        managed-keys-directory. [RT #20924]
-
-2892.   [bug]           Handle REVOKED keys better. [RT #20961]
-
-2887.   [bug]           Report the keytag times in UTC in the .key file,
-                        local time is presented as a comment within the
-                        comment.  [RT #21223]
-
-2886.   [bug]           ctime() is not thread safe. [RT #21223]
-
-2880.   [cleanup]       Make the output of dnssec-keygen and dnssec-revoke
-                        consistent. [RT #21078]
-
-2873.   [bug]           Cancelling a dynamic update via the dns/client module
-                        could trigger an assertion failure. [RT #21133]
-
-2872.   [bug]           Modify dns/client.c:dns_client_createx() to only
-                        require one of IPv4 or IPv6 rather than both.
-                        [RT #21122]
-
-2871.   [bug]           Type mismatch in mem_api.c between the definition and
-                        the header file, causing build failure with
-                        --enable-exportlib. [RT #21138]
-
-2861.   [doc]           dnssec-settime man pages didn't correctly document the
-                        inactivation time. [RT #21039]
-
-2860.   [bug]           named-checkconf's usage was out of date. [RT #21039]
-
-2848.   [doc]           Moved README.dnssec, README.libdns, README.pkcs11 and
-                        README.rfc5011 into the ARM. [RT #20899]
-
-2847.   [cleanup]       Corrected usage message in dnssec-settime. [RT #20921]
-
-2845.   [bug]           RFC 5011 client could crash on shutdown. [RT #20903]
-
-2841.   [bug]           Change 2836 was not complete. [RT #20883]
-
-2839.   [bug]           A KSK revoked by named could not be deleted.
-                        [RT #20881]
-
-2836.   [bug]           Keys that were scheduled to become active could
-                        be delayed. [RT #20874]
-
-2835.   [bug]           Key inactivity dates were inadvertently stored in
-                        the private key file with the outdated tag
-                        "Unpublish" rather than "Inactive".  This has been
-                        fixed; however, any existing keys that had Inactive
-                        dates set will now need to have them reset, using
-                        'dnssec-settime -I'. [RT #20868]
-
-2833.   [cleanup]       Fix usage messages in dnssec-keygen and dnssec-settime.
-                        [RT #20851]
-
-2832.   [bug]           Modify "struct stat" in lib/export/samples/nsprobe.c
-                        to avoid redefinition in some OSs [RT 20831]
-
-2824.   [bug]           "rndc sign" was not being run by the correct task.
-                        [RT #20759]
-
-2821.   [doc]           Add note that named-checkconf doesn't automatically
-                        read rndc.key and bind.keys [RT #20758]
-
-2816.   [bug]           previous_closest_nsec() could fail to return
-                        data for NSEC3 nodes [RT #29730]
-
-2811.   [cleanup]       Add "rndc sign" to list of commands in rndc usage
-                        output. [RT #20733]
-
-2809.   [cleanup]       Restored accidentally-deleted text in usage output
-                        in dnssec-settime and dnssec-revoke [RT #20739]
-
-2808.   [bug]           Remove the attempt to install atomic.h from lib/isc.
-                        atomic.h is correctly installed by the architecture
-                        specific subdirectories.  [RT #20722]
-
-2807.   [bug]           Fixed a possible ASSERT when reconfiguring zone
-                        keys. [RT #20720]
-
-2806.   [bug]           "rdnc sign" could delay re-signing the DNSKEY
-                        when it had changed. [RT #20703]
-
-2805.   [bug]           Fixed namespace problems encountered when building
-                        external programs using non-exported BIND9 libraries
-                        (i.e., built without --enable-exportlib). [RT #20679]
-
-2804.   [bug]           Send notifies when a zone is signed with "rndc sign"
-                        or as a result of a scheduled key change. [RT #20700]
-
-2803.   [port]          win32: Install named-journalprint, nsec3hash, arpaname
-                        and genrandom under windows. [RT #20670]
-
-2802.   [cleanup]       Rename journalprint to named-journalprint. [RT #20670]
-
-2799.   [cleanup]       Changed the "secure-to-insecure" option to
-                        "dnssec-secure-to-insecure", and "dnskey-ksk-only"
-                        to "dnssec-dnskey-kskonly", for clarity. [RT #20586]
-
-2798.   [bug]           Addressed bugs in managed-keys initialization
-                        and rollover. [RT #20683]
-
-2796.	[bug]		Missing dns_rdataset_disassociate() call in
-			dns_nsec3_delnsec3sx(). [RT #20681]
-
-2795.	[cleanup]	Add text to differentiate "update with no effect"
-			log messages. [RT #18889]
-
-2794.	[bug]		Install <isc/namespace.h>.  [RT #20677]
-
-2791.	[bug]		The installation of isc-config.sh was broken.
-			[RT #20667]
-
-2788.	[bug]		dnssec-signzone could sign with keys that were
-			not requested [RT #20625]
-
-2787.   [bug]           Spurious log message when zone keys were
-                        dynamically reconfigured. [RT #20659]
-
-2785.	[bug]		Revoked keys could fail to self-sign [RT #20652]
-
-2781.	[bug]		Inactive keys could be used for signing. [RT #20649]
-
-2780.	[bug]		dnssec-keygen -A none didn't properly unset the
-			activation date in all cases. [RT #20648]
-
-2779.	[bug]		Dynamic key revokation could fail. [RT #20644]
-
-2778.	[bug]		dnssec-signzone could fail when a key was revoked
-			without deleting the unrevoked version. [RT #20638]
-
-2763.	[bug]		"rndc sign" didn't create an NSEC chain. [RT #20591]
-
-2761.	[cleanup]	Enable internal symbol table for backtrace only for
-			systems that are known to work.  Currently, BSD
-			variants, Linux and Solaris are supported. [RT# 20202]
-
-2775.	[bug]		Accept RSASHA256 and RSASHA512 as NSEC3 compatible
-			in dnssec-keyfromlabel. [RT #20643]
-
-2773.	[bug]		In autosigned zones, the SOA could be signed
-			with the KSK. [RT #20628]
-
-2771.	[bug]		dnssec-signzone: DNSKEY records could be
-			corrupted when importing from key files [RT #20624]
-
-2770.	[cleanup]	Add log messages to resolver.c to indicate events
-			causing FORMERR responses. [RT #20526]
-
-2769.   [cleanup]       Change #2742 was incomplete. [RT #19589]
-
-2768.	[bug]		dnssec-signzone: -S no longer implies -g [RT #20568]
-
-2767.	[bug]		named could crash on startup if a zone was
-			configured with auto-dnssec and there was no
-			key-directory. [RT #20615]
-
-2766.	[bug]		isc_socket_fdwatchpoke() should only update the
-			socketmgr state if the socket is not pending on a
-			read or write.  [RT #20603]
-
-2764.   [bug]           "rndc-confgen -a" could trigger a REQUIRE. [RT #20610]
-
-2756.   [bug]           Fixed corrupt logfile message in update.c. [RT# 20597]
-
-2753.   [bug]           Removed an unnecessary warning that could appear when
-                        building an NSEC chain. [RT #20589]
-
-2776.   [bug]           Change #2762 was not correct. [RT #20647]
-
-2762.   [bug]           DLV validation failed with a local slave DLV zone.
-                        [RT #20577]
-
-2752.   [bug]           Locking violation. [RT #20587]
-
-2751.   [bug]           Fixed a memory leak in dnssec-keyfromlabel. [RT #20588]
-
-2746.	[port]		hpux: address signed/unsigned expansion mismatch of
-			dns_rbtnode_t.nsec. [RT #20542]
-
-2745.   [bug]           configure script didn't probe the return type of
-                        gai_strerror(3) correctly. [RT #20573]
-
-2774.   [bug]           Existing cache DB wasn't being reused after
-                        reconfiguration. [RT #20629]
-
-2742.   [cleanup]       Clarify some DNSSEC-related log messages in
-                        validator.c. [RT #19589]
-
-2739.	[cleanup]	Clean up API for initializing and clearing trust
-			anchors for a view. [RT #20211]
-
-2735.	[bug]		dnssec-signzone could fail to read keys
-			that were specified on the command line with
-			full paths, but weren't in the current
-			directory. [RT #20421]
-
-2734.	[port]		cygwin: arpaname did not compile. [RT #20473]
-
-2733.	[cleanup]	Clean up coding style in pkcs11-* tools. [RT #20355]
-
-2728.	[bug]		dssec-keygen, dnssec-keyfromlabel and
-			dnssec-signzone now warn immediately if asked to
-			write into a nonexistent directory. [RT #20278]
-
-2725.	[doc]		Added information about the file "managed-keys.bind"
-			to the ARM. [RT #20235]
-
-2724.   [bug]           Updates to a existing node in secure zone using NSEC
-                        were failing. [RT #20448]
-
-2720.	[bug]		RFC 5011 trust anchor updates could trigger an
-			assert if the DNSKEY record was unsigned. [RT #20406]
-
-2717.	[bug]		named failed to update the NSEC/NSEC3 record when
-			the last private type record was removed as a result
-			of completing the signing the zone with a key.
-			[RT #20399]
-
-2711.	[port]		win32: Add the bin/pkcs11 tools into the full
-			build. [RT #20372]
-
-2694.	[bug]		Reduce default NSEC3 iterations from 100 to 10.
-			[RT #19970]
-
-2693.	[port]		Add some noreturn attributes. [RT #20257]
-
-2687.	[bug]		Fixed dnssec-signzone -S handling of revoked keys.
-			Also, added warnings when revoking a ZSK, as this is
-			not defined by protocol (but is legal).  [RT #19943]
-
-2685.	[contrib]	Update contrib/zkt to version 0.99c. [RT #20054]
-
-2684.	[cleanup]	dig: formalize +ad and +cd as synonyms for
-			+adflag and +cdflag.  [RT #19305]
-
-2682.	[bug]		"configure --enable-symtable=all" failed to
-			build. [RT #20282]
-
-2676.	[bug]		--with-export-installdir should have been
-			--with-export-includedir. [RT #20252]
-
-2675.	[bug]		dnssec-signzone could crash if the key directory
-			did not exist. [RT #20232]
-
-2674.	[bug]		"dnssec-lookaside auto;" crashed if named was built
-			without openssl. [RT #20231]
-
-2673.   [bug]           The managed-keys.bind zone file could fail to
-                        load due to a spurious result from sync_keyzone()
-                        [RT #20045]
-
-2671.	[bug]		Add support for PKCS#11 providers not returning
-			the public exponent in RSA private keys
-			(OpenCryptoki for instance) in
-			dnssec-keyfromlabel. [RT #19294]
-
-2664.	[bug]		create_keydata() and minimal_update() in zone.c
-			didn't properly check return values for some
-			functions.  [RT #19956]
-
-2658.	[bug]		dnssec-settime and dnssec-revoke didn't process
-			key file paths correctly. [RT #20078]
-
-2657.	[cleanup]	Lower "journal file <path> does not exist, creating it"
-			log level to debug 1. [RT #20058]
-
-2654.   [bug]           Improve error reporting on duplicated names for
-                        deny-answer-xxx. [RT #20164]
-
-2651.   [bug]           Dates could print incorrectly in K*.key files on
-                        64-bit systems. [RT #20076]
-
-2650.   [bug]           Assertion failure in dnssec-signzone when trying
-                        to read keyset-* files. [RT #20075]
-
-2644.   [bug]           Change #2628 caused a regression on some systems;
-                        named was unable to write the PID file and would
-                        fail on startup. [RT #20001]
-
-2641.   [bug]           Fixed an error in parsing update-policy syntax,
-                        added a regression test to check it. [RT #20007]
-
-2638.	[bug]		Install arpaname. [RT #19957]
-
-2634.	[port]		win32: Add support for libxml2, enable
-			statschannel. [RT #19773]
-
-2631.   [bug]           Handle "//", "/./" and "/../" in mkdirpath().
-                        [RT #19926 ]
-
-2629.   [port]          Check for seteuid()/setegid(), use setresuid()/
-                        setresgid() if not present. [RT #19932]
-
-2628.   [port]          linux: Allow /var/run/named/named.pid to be opened
-                        at startup with reduced capabilities in operation.
-                        [RT #19884]
-
-2627.   [bug]           Named aborted if the same key was included in
-                        trusted-keys more than once. [RT #19918]
-
-2626.   [bug]           Multiple trusted-keys could trigger an assertion
-                        failure. [RT #19914]
-
-2622.   [bug]           Printing of named.conf grammar was broken. [RT #19919]
-
-2600.   [doc]           ARM: miscellaneous reformatting for different
-                        page widths. [RT #19574]
-
-2566.	[cleanup]	Clarify logged message when an insecure DNSSEC
-			response arrives from a zone thought to be secure:
-			"insecurity proof failed" instead of "not
-			insecure". [RT #19400]
-
-2525.   [experimental]	New logging category "query-errors" to provide detailed
-			internal information about query failures, especially
-			about server failures. [RT #19027]
-
-2537.	[func]		Added more statistics counters including those on socket
-			I/O events and query RTT histograms. [RT #18802]
-
-2655.	[doc]		Document that key-directory does not affect
-			rndc.key.  [RT #20155]
-
-2834.	[bug]		HMAC-SHA* keys that were longer than the algorithm
-			digest length were used incorrectly, leading to
-			interoperability problems with other DNS
-			implementations.  This has been corrected.
-			(Note: If an oversize key is in use, and
-			compatibility is needed with an older release of
-			BIND, the new tool "isc-hmac-fixup" can convert
-			the key secret to a form that will work with all
-			versions.) [RT #20751]
-
-2840.	[bug]		Temporary fixed pkcs11-destroy usage check.
-			[RT #20760]
-
-3010.	[bug]		Fixed a bug where "rndc reconfig" stopped the timer
-			for refreshing managed-keys. [RT #22296]
-
-3013.	[bug]		The DNS64 ttl was not always being set as expected.
-			[RT #23034]
-
-3017.	[doc]		dnssec-keyfromlabel -I was not properly documented.
-			[RT #22887]
-
-3020.	[bug]		auto-dnssec failed to correctly update the zone when
-			changing the DNSKEY RRset. [RT #23232]
-
-3021.	[bug]		Change #3010 was incomplete. [RT #22296]
-
-3022.	[bug]		Fixed rpz SERVFAILs after failed zone transfers
-                        [RT #23246]
-
-3038.	[bug]		Install <dns/rpz.h>.  [RT #23342]
-
-3045.	[removed]	Replaced by change #3050.
-
-3048.	[bug]		Fully separate view key mangement. [RT #23419]
-
-3050.	[bug]		The autosign system test was timing dependent.
-			Wait for the initial autosigning to complete
-			before running the rest of the test. [RT #23035]
-
-3052.	[test]		Fixed last autosign test report. [RT #23256]
-
-3054.	[bug]		Added elliptic curve support check in
-			GOST OpenSSL engine detection. [RT #23485]
-
-3057.	[bug]		"rndc secroots" would abort after the first error
-			and so could miss some views. [RT #23488]
-
-3072.	[bug]		dns_dns64_aaaaok() potential NULL pointer dereference.
-			[RT #20256]
-
-3073.	[bug]		managed-keys changes were not properly being recorded.
-			[RT #20256]
-
-3075.	[bug]		dns_dnssec_findzonekeys{2} used a inconsistant
-			timestamp when determining which keys are active.
-			[RT #23642]
-
-3077.	[bug]		zone.c:zone_refreshkeys() incorrectly called
-			dns_zone_attach(), use zone->irefs instead. [RT #23303]
-
-3082.	[port]		strtok_r is threads only. [RT #23747]
-
-3086.	[bug]		Running dnssec-settime -f on an old-style key will
-			now force an update to the new key format even if no
-			other change has been specified, using "-P now -A now"
-			as default values.  [RT #22474]
-
-3087.	[bug]		DDNS updates using SIG(0) with update-policy match
-			type "external" could cause a crash. [RT #23735]
-
-3091.	[bug]		Fixed a bug in which zone keys that were published
-			and then subsequently activated could fail to trigger
-			automatic signing. [RT #22911]
-
-3094.	[doc]		Expand dns64 documentation.
-
-3096.	[bug]		Set KRB5_KTNAME before calling log_cred() in
-			dst_gssapi_acceptctx(). [RT #24004]
-
-2655.	[doc]		Document that key-directory does not affect
-			bind.keys, rndc.key or session.key.  [RT #20155]
-
-2810.   [doc]           Clarified the process of transitioning an NSEC3 zone
-                        to insecure. [RT #20746]

KNOWN-DEFECTS

@@ -1,15 +0,0 @@
-dnssec-signzone was designed so that it could sign a zone partially, using
-only a subset of the DNSSEC keys needed to produce a fully-signed zone.
-This permits a zone administrator, for example, to sign a zone with one
-key on one machine, move the resulting partially-signed zone to a second
-machine, and sign it again with a second key.
-
-An unfortunate side-effect of this flexibility is that dnssec-signzone
-does not check to make sure it's signing a zone with any valid keys at
-all.  An attempt to sign a zone without any keys will appear to succeed,
-producing a "signed" zone with no signatures.  There is no warning issued
-when a zone is not signed.
-
-This will be corrected in a future release.  In the meantime, ISC
-recommends examining the output of dnssec-signzone to confirm that
-the zone is properly signed by all keys before using it.

Makefile.in

@@ -1,7 +1,7 @@
-# Copyright (C) 2004-2009, 2011  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2002  Internet Software Consortium.
 #
-# Permission to use, copy, modify, and/or distribute this software for any
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.52.48.4 2011/02/28 01:18:39 tbox Exp $
+# $Id: Makefile.in,v 1.43.18.4 2006/05/19 00:04:01 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,17 +21,18 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-SUBDIRS =	make unit lib bin doc
+SUBDIRS =	make lib bin doc @LIBBIND@
 TARGETS =
 
-MANPAGES =	isc-config.sh.1
- 
-HTMLPAGES =	isc-config.sh.html
- 
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
-
 @BIND9_MAKE_RULES@
 
+distclean::
+	@if [ "X@LIBBIND@" = "X" ] ; then \
+		i=lib/bind; \
+		echo "making $@ in `pwd`/$$i"; \
+		(cd $$i; ${MAKE} ${MAKEDEFS} $@) || exit 1; \
+	fi
+
 distclean::
 	rm -f config.cache config.h config.log config.status TAGS
 	rm -f libtool isc-config.sh configure.lineno
@@ -42,19 +43,12 @@ distclean::
 maintainer-clean::
 	rm -f configure
 
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-doc man:: ${MANOBJS}
-
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \
 	${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
 
 install:: isc-config.sh installdirs
 	${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}
-	${INSTALL_DATA} ${srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1
 
 tags:
 	rm -f TAGS
@@ -64,11 +58,10 @@ check: test
 
 test:
 	(cd bin/tests && ${MAKE} ${MAKEDEFS} test)
-	(test -f unit/unittest.sh && $(SHELL) unit/unittest.sh)
 
 FAQ: FAQ.xml
 	${XSLTPROC} doc/xsl/isc-docbook-text.xsl FAQ.xml | \
-	LC_ALL=C ${W3M} -T text/html -dump -cols 72 >$@.tmp
+	${W3M} -T text/html -dump >$@.tmp
 	mv $@.tmp $@
 
 clean::

NSEC3-NOTES

@@ -1,128 +0,0 @@
-
-			DNSSEC and UPDATE
-
-		Converting from insecure to secure
-
-As of BIND 9.6.0 it is possible to move a zone between being insecure
-to secure and back again.  A secure zone can be using NSEC or NSEC3.
-
-To move a zone from insecure to secure you need to configure named
-so that it can see the K* files which contain the public and private
-parts of the keys that will be used to sign the zone.  These files
-will have been generated by dnssec-keygen.  You can do this by
-placing them in the key-directory as specified in named.conf.
-
-	zone example.net {
-		type master;
-		allow-update { .... };
-		file "dynamic/example.net/example.net";
-		key-directory "dynamic/example.net";
-	};
-
-Assuming one KSK and one ZSK DNSKEY key have been generated.  Then
-this will cause the zone to be signed with the ZSK and the DNSKEY
-RRset to be signed with the KSK DNSKEY.  A NSEC chain will also be
-generated as part of the initial signing process.
-
-	% nsupdate
-	> ttl 3600
-	> update add example.net DNSKEY 256 3 7 AwEAAZn17pUF0KpbPA2c7Gz76Vb18v0teKT3EyAGfBfL8eQ8al35zz3Y I1m/SAQBxIqMfLtIwqWPdgthsu36azGQAX8=
-	> update add example.net DNSKEY 257 3 7 AwEAAd/7odU/64o2LGsifbLtQmtO8dFDtTAZXSX2+X3e/UNlq9IHq3Y0 XtC0Iuawl/qkaKVxXe2lo8Ct+dM6UehyCqk=
-	> send
-
-While the update request will complete almost immediately the zone
-will not be completely signed until named has had time to walk the
-zone and generate the NSEC and RRSIG records.  Initially the NSEC
-record at the zone apex will have the OPT bit set.  When the NSEC
-chain is complete the OPT bit will be cleared.  Additionally when
-the zone is fully signed the private type (default TYPE65534) records
-will have a non zero value for the final octet. 
-
-The private type record has 5 octets.
-	algorithm (octet 1)
-	key id in network order (octet 2 and 3)
-	removal flag (octet 4)
-	complete flag (octet 5)
-
-If you wish to go straight to a secure zone using NSEC3 you should
-also add a NSEC3PARAM record to the update request with the flags
-field set to indicate whether the NSEC3 chain will have the OPTOUT
-bit set or not.
-
-	% nsupdate
-	> ttl 3600
-	> update add example.net DNSKEY 256 3 7 AwEAAZn17pUF0KpbPA2c7Gz76Vb18v0teKT3EyAGfBfL8eQ8al35zz3Y I1m/SAQBxIqMfLtIwqWPdgthsu36azGQAX8=
-	> update add example.net DNSKEY 257 3 7 AwEAAd/7odU/64o2LGsifbLtQmtO8dFDtTAZXSX2+X3e/UNlq9IHq3Y0 XtC0Iuawl/qkaKVxXe2lo8Ct+dM6UehyCqk=
-	> update add example.net NSEC3PARAM 1 1 100 1234567890
-	> send
-
-Again the update request will complete almost immediately however the
-NSEC3PARAM record will have additional flag bits set indicating that the
-NSEC3 chain is under construction.  When the NSEC3 chain is complete the
-flags field will be set to zero. 
-
-While the initial signing and NSEC/NSEC3 chain generation is happening
-other updates are possible.
-
-		DNSKEY roll overs via UPDATE
-
-It is possible to perform key rollovers via update.  You need to
-add the K* files for the new keys so that named can find them.  You
-can then add the new DNSKEY RRs via update.  Named will then cause
-the zone to be signed with the new keys.  When the signing is
-complete the private type records will be updated so that the last
-octet is non zero.
-
-If this is for a KSK you need to inform the parent and any trust
-anchor repositories of the new KSK.
-
-You should then wait for the maximum TLL in the zone before removing the
-old DNSKEY.  If it is a KSK that is being updated you also need to wait
-for the DS RRset in the parent to be updated and its TTL to expire.
-This ensures that all clients will be able to verify at least a signature
-when you remove the old DNSKEY.
-
-The old DNSKEY can be removed via UPDATE.  Take care to specify
-the correct key.  Named will clean out any signatures generated by
-the old key after the update completes.
-
-		NSEC3PARAM rollovers via UPDATE.
-
-Add the new NSEC3PARAM record via update.  When the new NSEC3 chain
-has been generated the NSEC3PARAM flag field will be zero.  At this
-point you can remove the old NSEC3PARAM record.  The old chain will
-be removed after the update request completes.
-
-		Converting from NSEC to NSEC3
-
-To do this you just need to add a NSEC3PARAM record.  When the
-conversion is complete the NSEC chain will have been removed and
-the NSEC3PARAM record will have a zero flag field.  The NSEC3 chain
-will be generated before the NSEC chain is destroyed.
-
-		Converting from NSEC3 to NSEC
-
-To do this remove all NSEC3PARAM records with a zero flag field.  The
-NSEC chain will be generated before the NSEC3 chain is removed.
-
-		Converting from secure to insecure
-
-To do this remove all the DNSKEY records.  Any NSEC or NSEC3 chains
-will be removed as well as associated NSEC3PARAM records.  This will
-take place after the update requests completes.
-
-		Periodic re-signing.
-
-Named will periodically re-sign RRsets which have not been re-signed
-as a result of some update action.  The signature lifetimes will
-be adjusted so as to spread the re-sign load over time rather than
-all at once.
-
-		NSEC3 and OPTOUT
-
-Named only supports creating new NSEC3 chains where all the NSEC3
-records in the zone have the same OPTOUT state.  Named supports
-UPDATES to zones where the NSEC3 records in the chain have mixed
-OPTOUT state.  Named does not support changing the OPTOUT state of
-an individual NSEC3 record, the entire chain needs to be changed if
-the OPTOUT state of an individual NSEC3 needs to be changed.

README

@@ -42,83 +42,13 @@ BIND 9
 		Stichting NLnet - NLnet Foundation
 		Nominum, Inc.
 
-BIND 9.6-ESV-R5 (Extended Support Version)
-
-	BIND 9.4-ESV-R5 is a maintenance release, fixing bugs in BIND
-	9.6-ESV-R4.
-
-BIND 9.6.3/BIND 9.6-ESV-R4
-
-	BIND 9.6.3/BIND 9.6-ESV-R4 is a maintenance release, fixing bugs
-	in 9.6.2.
-
-BIND 9.6.2
-
-	BIND 9.6.2 is a maintenance release, fixing bugs in 9.6.1.
-        It also introduces support for the SHA-2 DNSSEC algorithms,
-        RSASHA256 and RSASHA512.
-
-        Known issues in this release:
-
-        - A validating resolver that has been incorrectly configured with
-          an invalid trust anchor will be unable to resolve names covered
-          by that trust anchor.  In all current versions of BIND 9, such a
-          resolver will also generate significant unnecessary DNS traffic
-          while trying to validate.  The latter problem will be addressed
-          in future BIND 9 releases.  In the meantime, to avoid these
-          problems, exercise caution when configuring "trusted-keys":
-          make sure all keys are correct and current when you add them,
-          and update your configuration in a timely manner when keys
-          roll over.
-
-BIND 9.6.1
-
-	BIND 9.6.1 is a maintenance release, fixing bugs in 9.6.0.
-
-BIND 9.6.0
-
-        BIND 9.6.0 includes a number of changes from BIND 9.5 and earlier
-        releases, including:
-
-        Full NSEC3 support
-
-        Automatic zone re-signing
-
-	New update-policy methods tcp-self and 6to4-self
-
-        The BIND 8 resolver library, libbind, has been removed from the
-        BIND 9 distribution and is now available as a separate download.
-
-	Change the default pid file location from /var/run to
-	/var/run/{named,lwresd} for improved chroot/setuid support.
-
-BIND 9.5.0
-
-	BIND 9.5.0 has a number of new features over 9.4,
-	including:
-
-	GSS-TSIG support (RFC 3645).
-
-	DHCID support.
-
-	Experimental http server and statistics support for named via xml.
-
-	More detailed statistics counters including those supported in BIND 8.
-
-	Faster ACL processing.
-
-	Use Doxygen to generate internal documentation.
-
-        Efficient LRU cache-cleaning mechanism.
-
-        NSID support.
 
 BIND 9.4.0
 
 	BIND 9.4.0 has a number of new features over 9.3,
 	including:
 
-	Implemented "additional section caching (or acache)", an
+	Implemented "additional section caching" (or "acache"), an
 	internal cache framework for additional section content to
 	improve response performance.  Several configuration options
 	were provided to control the behavior.
@@ -130,14 +60,11 @@ BIND 9.4.0
 
 	rndc now allows addresses to be set in the server clauses.
 
-	New option "allow-query-cache".  This lets "allow-query"
-	be used to specify the default zone access level rather
-	than having to have every zone override the global value.
-	"allow-query-cache" can be set at both the options and view
-	levels.  If "allow-query-cache" is not set then "allow-recursion"
-	is used if set, otherwise "allow-query" is used if set
-	unless "recursion no;" is set in which case "none;" is used,
-	otherwise the default (localhost; localnets;) is used.
+	New option "allow-query-cache".  This lets allow-query be
+	used to specify the default zone access level rather than
+	having to have every zone override the global value.
+	allow-query-cache can be set at both the options and view
+	levels.  If allow-query-cache is not set allow-query applies.
 
 	rndc: the source address can now be specified.
 
@@ -210,12 +137,11 @@ BIND 9.4.0
 
 	Add support for CH A record.
 
-	Add additional zone data constancy checks.  named-checkzone
+	Add additional zone data consistancy checks.  named-checkzone
 	has extended checking of NS, MX and SRV record and the hosts
 	they reference.  named has extended post zone load checks.
 	New zone options: check-mx and integrity-check.
 
-
 	edns-udp-size can now be overridden on a per server basis.
 
 	dig can now specify the EDNS version when making a query.
@@ -228,7 +154,7 @@ BIND 9.4.0
 	Detect duplicates of UDP queries we are recursing on and
 	drop them.  New stats category "duplicates".
 
-	"USE INTERNAL MALLOC" is now runtime selectable.
+	Memory management. "USE INTERNAL MALLOC" is now runtime selectable.
 
 	The lame cache is now done on a <qname,qclass,qtype> basis
 	as some servers only appear to be lame for certain query
@@ -243,9 +169,9 @@ BIND 9.4.0
 
 	Support for IPSECKEY rdata type.
 
-	Raise the UDP recieve buffer size to 32k if it is less than 32k.
+	Raise the UDP receive buffer size to 32k if it is less than 32k.
 
-	x86 and x86_64 now have seperate atomic locking implementations.
+	x86 and x86_64 now have separate atomic locking implementations.
 
 	named-checkconf now validates update-policy entries.
 
@@ -273,9 +199,69 @@ BIND 9.4.0
 	to set 'RA' when 'RD' is set unless a server is explicitly
 	set.
 
-	Integrate contibuted DLZ code into named.
+	Integrate contributed DLZ code into named.
 
-	Integrate contibuted IDN code from JPNIC.
+	Integrate contributed IDN code from JPNIC.
+
+	Validate pending NS RRsets, in the authority section, prior
+	to returning them if it can be done without requiring DNSKEYs
+	to be fetched.
+
+	It is now possible to configure named to accept expired
+	RRSIGs.  Default "dnssec-accept-expired no;".  Setting
+	"dnssec-accept-expired yes;" leaves named vulnerable to
+	replay attacks.
+
+	Additional memory leakage checks.
+
+	The maximum EDNS UDP response named will send can now be
+	set in named.conf (max-udp-size).  This is independent of
+	the advertised receive buffer (edns-udp-size).
+
+	Named now falls back to advertising EDNS with a 512 byte
+	receive buffer if the initial EDNS queries fail.
+
+	Control the zeroing of the negative response TTL to a soa
+	query.  Defaults "zero-no-soa-ttl yes;" and
+	"zero-no-soa-ttl-cache no;".
+			
+	Separate out MX and SRV to CNAME checks.
+
+	dig/nslookup/host: warn about missing "QR".
+
+	TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
+	HMACSHA512 support.
+
+	dnssec-signzone: output the SOA record as the first record
+	in the signed zone.
+
+	Two new update policies.  "selfsub" and "selfwild".
+
+	dig, nslookup and host now advertise a 4096 byte EDNS UDP
+	buffer size by default.
+
+	Report when a zone is removed.
+
+	DS/DLV SHA256 digest algorithm support.
+
+	Implement "rrset-order fixed".
+
+	Check the KSK flag when updating a secure dynamic zone.
+	New zone option "update-check-ksk yes;".
+
+	It is now possible to explicitly enable DNSSEC validation.
+	default dnssec-validation no; to be changed to yes in 9.5.0.
+
+	It is now possible to enable/disable DNSSEC validation
+	from rndc.  This is useful for the mobile hosts where the
+	current connection point breaks DNSSEC (firewall/proxy).
+
+		rndc validation newstate [view]
+
+	dnssec-signzone can now update the SOA record of the signed
+	zone, either as an increment or as the system time().
+
+	Statistics about acache now recorded and sent to log.
 
 	libbind: corresponds to that from BIND 8.4.7.
 
@@ -354,7 +340,7 @@ BIND 9.2.0
 	    This does not apply to the use of TSIG, which does not
 	    require OpenSSL.
 
-	  - The source distribution now builds on Windows.
+	  - The source distribution now builds on Windows NT/2000.
 	    See win32utils/readme1.txt and win32utils/win32-build.txt
 	    for details.
 
@@ -403,8 +389,11 @@ BIND 9.2.0
 
 		--with-libtool does not work on AIX.
 
-	A bug in some versions of the Microsoft DNS server can cause zone
-        transfers from a BIND 9 server to a W2K server to fail.  For details,
+		--with-libtool does not work on SunOS 4.  configure
+		requires "printf" which is not available.
+
+	A bug in the Windows 2000 DNS server can cause zone transfers
+	from a BIND 9 server to a W2K server to fail.  For details,
 	see the "Zone Transfers" section in doc/misc/migration.
 
 	For a detailed list of user-visible changes from
@@ -419,35 +408,27 @@ Building
 	We've had successful builds and tests on the following systems:
 
 		COMPAQ Tru64 UNIX 5.1B
-		Fedora Core 6
-		FreeBSD 4.10, 5.2.1, 6.2
+		FreeBSD 4.10, 5.2.1
 		HP-UX 11.11
-		Mac OS X 10.5
-		NetBSD 3.x and 4.0-beta
-		OpenBSD 3.3 and up
-		Solaris 8, 9, 9 (x86), 10
-		Ubuntu 7.04, 7.10
-		Windows XP/2003/2008
+		NetBSD 1.5
+		Slackware Linux 8.1
+		Solaris 8, 9, 9 (x86)
+		Windows NT/2000/XP/2003
 
-        NOTE:  As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
-        Windows, including Windows NT and Windows 2000, are no longer
-        supported.
+	Additionally, we have unverified reports of success building
+	previous versions of BIND 9 from users of the following systems:
 
-	We have recent reports from the user community that a supported
-	version of BIND will build and run on the following systems:
-
-		AIX 4.3, 5L
-		CentOS 4, 4.5, 5
-		Darwin 9.0.0d1/ARM
-		Debian 4
-		Fedora Core 5, 7
-		FreeBSD 6.1
-		HP-UX 11.23 PA
-		MacOS X 10.4, 10.5
-		Red Hat Enterprise Linux 4, 5
-		SCO OpenServer 5.0.6
-		Slackware 9, 10
-		SuSE 9, 10
+		AIX 5L
+		SuSE Linux 7.0
+		Slackware Linux 7.x, 8.0
+	        Red Hat Linux 7.1
+		Debian GNU/Linux 2.2 and 3.0
+		Mandrake 8.1
+		OpenBSD 2.6, 2.8, 2.9, 3.1, 3.6, 3.8
+		UnixWare 7.1.1
+		HP-UX 10.20
+		BSD/OS 4.2
+		Mac OS X 10.1, 10.3.8
 
 	To build, just
 
@@ -484,17 +465,6 @@ Building
 				    -DDIG_SIGCHASE_BU=1)
 		Disable dropping queries from particular well known ports.
 		  -DNS_CLIENT_DROPPORT=0
-	        Sibling glue checking in named-checkzone is enabled by default.
-		To disable the default check set.  -DCHECK_SIBLING=0
-		named-checkzone checks out-of-zone addresses by default.
-		To disable this default set.  -DCHECK_LOCAL=0
-		To create the default pid files in ${localstatedir}/run rather
-		than ${localstatedir}/run/{named,lwresd}/ set.
-		  -DNS_RUN_PID_DIR=0
-		Enable workaround for Solaris kernel bug about /dev/poll
-		  -DISC_SOCKET_USE_POLLWATCH=1
-		  The watch timeout is also configurable, e.g.,
-		  -DISC_SOCKET_POLLWATCH_TIMEOUT=20
 
 	    LDFLAGS
 		Linker flags. Defaults to empty string.
@@ -520,9 +490,8 @@ Building
 	a nonstandard prefix, you can tell configure where to
 	look for it using "--with-openssl=/prefix".
 
-	On some platforms it is necessary to explictly request large
-	file support to handle files bigger than 2GB.  This can be
-	done by "--enable-largefile" on the configure command line.
+	To build libbind (the BIND 8 resolver library), specify
+	"--enable-libbind" on the configure command line.
 
 	On some platforms, BIND 9 can be built with multithreading
 	support, allowing it to take advantage of multiple CPUs.
@@ -531,11 +500,6 @@ Building
 	on the configure command line.  The default is operating
 	system dependent.
 
-        Support for the "fixed" rrset-order option can be enabled
-        or disabled by specifying "--enable-fixed-rrset" or
-        "--disable-fixed-rrset" on the configure command line.
-        The default is "disabled", to reduce memory footprint.
-
 	If your operating system has integrated support for IPv6, it
 	will be used automatically.  If you have installed KAME IPv6
 	separately, use "--with-kame[=PATH]" to specify its location.
@@ -578,9 +542,6 @@ Building
 	on your system, and some require Perl; see bin/tests/system/README
 	for details.
 
-	SunOS 4 requires "printf" to be installed to make the shared
-	libraries.  sh-utils-1.16 provides a "printf" which compiles
-	on SunOS 4.
 
 Documentation
 

README.idnkit

@@ -55,7 +55,7 @@ at least specify `--with-idn' option to enable IDN support.
 
 	`--with-libiconv' assumes that your C compiler has `-R'
 	option, and that the option adds the specified run-time path
-	to an executable binary.  If `-R' option of your compiler has
+	to an exacutable binary.  If `-R' option of your compiler has
 	different meaning, or your compiler lacks the option, you
 	should use `--with-iconv' option instead.  Binary command
 	without run-time path information might be unexecutable.
@@ -68,7 +68,7 @@ at least specify `--with-idn' option to enable IDN support.
 	specified, `--with-iconv' is prior to `--with-libiconv'.
 
     --with-iconv=ICONV_LIBSPEC
-	If your libc doesn't provide iconv(), you need to specify the
+	If your libc doens't provide iconv(), you need to specify the
 	library containing iconv() with this option.  `ICONV_LIBSPEC'
 	is the argument(s) to `cc' or `ld' to link the library, for
 	example, `--with-iconv="-L/usr/local/lib -liconv"'.
@@ -82,7 +82,7 @@ at least specify `--with-idn' option to enable IDN support.
 	this option is not specified, `-L${PREFIX}/lib -lidnkit' is
 	assumed, where ${PREFIX} is the installation prefix specified
 	with `--with-idn' option above.  You may need to use this
-	option to specify extra arguments, for example,
+	option to specify extra argments, for example,
 	`--with-idnlib="-L/usr/local/lib -R/usr/local/lib -lidnkit"'.
 
 Please consult `README' for other configuration options.
@@ -109,4 +109,4 @@ about idnkit and this patch.
 Bug reports and comments on this kit should be sent to
 mdnkit-bugs@nic.ad.jp and idn-cmt@nic.ad.jp, respectively.
 
-; $Id: README.idnkit,v 1.2.762.1 2009/01/18 23:25:14 marka Exp $
+; $Id: README.idnkit,v 1.2.2.2 2005/09/12 02:12:08 marka Exp $

README.pkcs11

@@ -1,61 +0,0 @@
-
-			BIND-9 PKCS#11 support
-
-Prerequisite
-
-The PKCS#11 support needs a PKCS#11 OpenSSL engine based on the Solaris one,
-released the 2007-11-21 for OpenSSL 0.9.8g, with a bug fix (call to free)
-and some improvements, including user friendly PIN management.
-
-Compilation
-
-"configure --with-pkcs11 ..."
-
-PKCS#11 Libraries
-
-Tested with Solaris one with a SCA board and with openCryptoki with the
-software token.
-
-OpenSSL Engines
-
-With PKCS#11 support the PKCS#11 engine is statically loaded but at its
-initialization it dynamically loads the PKCS#11 objects.
-Even the pre commands are therefore unused they are defined with:
- SO_PATH:
-   define: PKCS11_SO_PATH
-   default: /usr/local/lib/engines/engine_pkcs11.so
- MODULE_PATH:
-   define: PKCS11_MODULE_PATH
-   default: /usr/lib/libpkcs11.so
-Without PKCS#11 support, a specific OpenSSL engine can be still used
-by defining ENGINE_ID at compile time.
-
-PKCS#11 tools
-
-The contrib/pkcs11-keygen directory contains a set of experimental tools
-to handle keys stored in a Hardware Security Module at the benefit of BIND.
-
-The patch for OpenSSL 0.9.8g is in this directory. Read its README.pkcs11
-for the way to use it (these are the original notes so with the original
-path, etc. Define OPENCRYPTOKI to use it with openCryptoki.)
-
-PIN management
-
-With the just fixed PKCS#11 OpenSSL engine, the PIN should be entered
-each time it is required. With the improved engine, the PIN should be
-entered the first time it is required or can be configured in the
-OpenSSL configuration file (aka. openssl.cnf) by adding in it:
- - at the beginning:
-	openssl_conf = openssl_def
- - at any place these sections:
-	[ openssl_def ]
-	engines = engine_section
-	[ engine_section ]
-	pkcs11 = pkcs11_section
-	[ pkcs11_section ]
-	PIN = put__your__pin__value__here
-
-Note
-
-Some names here are registered trademarks, at least Solaris is a trademark
-of Sun Microsystems Inc...

RELEASE-NOTES-BIND-9.6-ESV.html

@@ -1,319 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
-<!--
- - Copyright (C) 2011  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: RELEASE-NOTES-BIND-9.6-ESV.html,v 1.1.24.9 2011/07/24 08:05:48 tbox Exp $ -->
-
-<html xmlns="http://www.w3.org/1999/xhtml"><head><meta http-equiv="Content-Type" content="text/html; charset=UTF-8" /><title></title><link rel="stylesheet" href="release-notes.css" type="text/css" /><meta name="generator" content="DocBook XSL Stylesheets V1.71.1" /></head><body><div class="article" lang="en" xml:lang="en"><div class="titlepage"><hr /></div>
-
-  <div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3359830"></a>Introduction</h2></div></div></div>
-    
-    <p>
-			BIND 9.6-ESV-R5 is the current production release
-			of BIND 9.6.
-		</p>
-    <p>
-			This document summarizes changes from BIND 9.6-ESV-R4 to BIND 9.6-ESV-R5.
-			Please see the CHANGES file in the source code release for a
-			complete list of all changes.
-		</p>
-  </div>
-
-  <div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3359873"></a>Download</h2></div></div></div>
-    
-    <p>
-			The latest release of BIND 9 software can always be found
-	 		on our web site at
-      <a href="http://www.isc.org/downloads/all" target="_top">http://www.isc.org/downloads/all</a>.
-  		There you will find additional information about each release,
- 			source code, and some pre-compiled versions for certain operating
- 			systems.
-		</p>
-  </div>
-
-  <div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3358813"></a>Support</h2></div></div></div>
-    
-    <p>Product support information is available on
-      <a href="http://www.isc.org/services/support" target="_top">http://www.isc.org/services/support</a>
-      for paid support options.  Free support is provided by our user
- 			community via a mailing list.  Information on all public email
- 			lists is available at
-      <a href="https://lists.isc.org/mailman/listinfo" target="_top">https://lists.isc.org/mailman/listinfo</a>.
-    </p>
-  </div>
-
-  <div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3358862"></a>New Features</h2></div></div></div>
-    
-		<div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id3358903"></a>9.6-ESV-R5</h3></div></div></div>
-			
-			<div class="itemizedlist"><ul type="disc"><li>
-Added a tool able to generate malformed packets to allow testing
-of how named handles them.
-[RT #24096]
-</li></ul></div>
-		</div>
-  </div>
-
-  <div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3358941"></a>Security Fixes</h2></div></div></div>
-    
-		<div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id3358961"></a>9.6-ESV-R5</h3></div></div></div>
-			
-			<div class="itemizedlist"><ul type="disc"><li>
-named, set up to be a caching resolver, is vulnerable to a
-user querying a domain with very large resource record sets (RRSets)
-when trying to negatively cache the response. Due to an off-by-one
-error, caching the response could cause named to crash. [RT #24650]
-[CVE-2011-1910]
-</li><li>
-Change #2912 populated the message section in replies to UPDATE requests,
-which some Windows clients wanted. This exposed a latent bug that allowed
-the response message to crash named. With this fix, change 2912 has been
-reduced to copy only the zone section to the reply. A more complete fix
-for the latent bug will be released later.
-[RT #24777]
-</li></ul></div>
-		</div>
-  </div>
-
-  <div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3359009"></a>Feature Changes</h2></div></div></div>
-    
-		<div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id3359028"></a>9.6-ESV-R5</h3></div></div></div>
-			
-			<div class="itemizedlist"><ul type="disc"><li>
-Merged in the NetBSD ATF test framework (currently
-version 0.12) for development of future unit tests.
-Use configure --with-atf to build ATF internally
-or configure --with-atf=prefix to use an external
-copy. [RT #23209]
-</li><li>
-Added more verbose error reporting from DLZ LDAP. [RT #23402]
-</li><li>
-Replaced compile time constant with STDTIME_ON_32BITS.
-[RT #23587]
-</li></ul></div>
-		</div>
-  </div>
-
-  <div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3359049"></a>Bug Fixes</h2></div></div></div>
-    
-		<div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h3 class="title"><a id="id3359056"></a>9.6-ESV-R5</h3></div></div></div>
-			
-	    <div class="itemizedlist"><ul type="disc"><li>
-<p>
-During RFC5011 processing some journal write errors were not detected.
-This could lead to managed-keys changes being committed but not 
-recorded in the journal files, causing potential inconsistencies  
-during later processing.  [RT #20256]
-</p>
-<p>
-A potential NULL pointer deference in the DNS64 code could cause 
-named to terminate unexpectedly. [RT #20256]
-</p>
-<p>
-A state variable relating to DNSSEC could fail to be set during 
-some infrequently-executed code paths, allowing it to be used whilst
-in an unitialized state during cache updates, with unpredictable results.
-[RT #20256]
-</p>
-<p>
-A potential NULL pointer deference in DNSSEC signing code could 
-cause named to terminate unexpectedly  [RT #20256]
-</p>
-<p>
-Several cosmetic code changes were made to silence warnings
-generated by a static code analysis tool. [RT #20256]
-</p>
-</li><li>
-When using _builtin in named.conf, named.conf changes were not found
-when reloading the config file. Now checks _builtin zone arguments
-to see if the zone is re-usable or not. [RT #21914]
-</li><li>
-After an external code review, a code cleanup was done. [RT #22521]
-</li><li>
-When signing records, named didn't filter out any TTL changes
-to DNSKEY records. This resulted in an incomplete key set. TTL
-changes are now dealt with before signing. [RT #22590]
-</li><li>
-The IN6_IS_ADDR_LINKLOCAL and IN6_IS_ADDR_SITELOCAL macros in win32 were
-updated/corrected per current Windows OS. [RT #22724]
-</li><li>
-Cause named to terminate at startup or rndc reconfig
-reload to fail, if a log file specified in the
-conf file isn't a plain file. (RT #22771]
-</li><li>
-named now forces the ADB cache time for glue related data to zero  
-instead of relying on TTL.  This corrects problematic behavior in cases  
-where a server was authoritative for the A record of a nameserver for a  
-delegated zone and was queried to recursively resolve records within  
-that zone.  [RT #22842]
-</li><li>
-Fix the zonechecks system test to fail on error (warning in 9.6,
-fatal in 9.7) to match behaviour for 9.4. [RT #22905]
-</li><li>
-The "rndc" command usage statement was missing the "-b" option.
-[RT #22937]
-</li><li>
-Fixed a possible deadlock due to zone re-signing. [RT #22964]
-</li><li>
-Fixed precedence order bug with NS and DNAME records if both are present.
-(Also fixed timing of autosign test in 9.7+) [RT #23035]
-</li><li>
-The secure zone update feature in named is based on the zone being
-signed and configured for dynamic updates. A bug in the ACL processing
-for "allow-update { none; };" resulted in a zone that is supposed to
-be static being treated as a dynamic zone. Thus, named would try to
-sign/re-sign that zone erroneously. [RT #23120]
-</li><li>
-A new test has been added to check the apex NSEC3 records after DNSKEY
-records have been added via dynamic update. [RT #23229]
-</li><li>
-If a slave initiates a TSIG signed AXFR from the master and the master
-fails to correctly TSIG sign the final message, the slave would be left
-with the zone in an unclean state. named detected this error too late
-and named would crash with an INSIST. The order dependancy has been
-fixed. [RT #23254]
-</li><li>
-If the server has an IPv6 address but does not have IPv6 connectivity
-to the internet, dig +trace could fail attempting to use IPv6
-addresses. [RT #23297]
-</li><li>
-Changing TTL did not cause dnssec-signzone to generate new signatures.
-[RT #23330]
-</li><li>
-Have the validating resolver use RRSIG original TTL to compute
-validated RRset and RRSIG TTL. [RT #23332]
-</li><li>
-In "make test" bin/tests/resolver, hold the socket manager lock
-while freeing the socket.
-[RT #23333]
-</li><li>
-If named encountered a CNAME instead of a DS record when walking
-the chain of trust down from the trust anchor, it incorrectly stopped
-validating. [RT #23338]
-</li><li>
-RRSIG records could have time stamps too far in the future.
-[RT #23356]
-</li><li>
-named stores cached data in an in-memory database and keeps track of
-how recently the data is used with a heap. The heap is stored within the
-cache's memory space. Under a sustained high query load and with a small
-cache size, this could lead to the heap exhausting the cache space. This
-would result in cache misses and SERVFAILs, with named never releasing
-the cache memory the heap used up and never recovering.
-
-This fix removes the heap into its own memory space, preventing the heap
-from exhausting the cache space and allowing named to recover gracefully
-when the high query load abates. [RT #23371]
-</li><li>
-If running on a powerpc CPU and with atomic operations enabled,
-named could lock up. Added sync instructions to the end of atomic
-operations. [RT #23469]
-</li><li>
-If OpenSSL was built without engine support, named would have
-compile errors and fail to build.
-[RT #23473]
-</li><li>
-Handle isc_event_allocate failures in t_tasks test.
-[RT #23572]
-</li><li>
-ixfr-from-differences {master|slave};
-failed to select the master/slave zones, resulting in on diff/journal
-file being created.
-[RT #23580]
-</li><li>
-If a DNAME substitution failed, named returned NOERROR. The correct
-response should be YXDOMAIN.
-[RT #23591]
-</li><li>
-Remove bin/tests/system/logfileconfig/ns1/named.conf and
-add setup.sh in order to resolve changing named.conf issue. [RT #23687]
-</li><li>
-NOTIFY messages were not being sent when generating
-a NSEC3 chain incrementally. [RT #23702]
-</li><li>
-Signatures for records at the zone apex could go
-stale due to an incorrect timer setting. [RT #23769]
-</li><li>
-The autosign tests attempted to open ports within reserved ranges. Test
-now avoids those ports.
-[RT #23957]
-</li><li>
-named, acting as authoritative server for DLZ zones, was not correctly
-setting the authoritative (AA) bit.
-[RT #24146]
-</li><li>
-Clean up some cross-compiling issues and added two undocumented
-configure options, --with-gost and --with-rlimtype, to allow over-riding
-default settings (gost=no and rlimtype="long int") when cross-compiling.
-[RT #24367]
-</li><li>
-When trying sign with NSEC3, if dnssec-signzone couldn't find the
-KSK, it would give an incorrect error "NSEC3 iterations too big for
-weakest DNSKEY strength" rather than the correct "failed to find
-keys at the zone apex: not found" [RT #24369]
-</li><li>
-nsupdate could dump core on shutdown when using SIG(0) keys. [RT #24604]
-</li><li>
-Named could fail to validate zones list in a DLV that validated insecure
-without using DLV and had DS records in the parent zone. [RT #24631]
-</li><li>
-A bug in FreeBSD kernels causes IPv6 UDP responses greater than
-1280 bytes to not fragment as they should. Until there is a kernel
-fix, named will work around this by setting IPV6_USE_MIN_MTU on a
-per packet basis. [RT #24950]
-</li><li>
-To avoid excessive startup time for configurations with large numbers
-of zones, an environment variable, BIND9_ZONE_TASKS_HINTS, may now
-be set prior to starting named.  Divide your number of zones by 200
-to find the recommended setting for this environment variable (i.e.,
-if you have 200000 zones, set BIND9_ZONE_TASKS_HINTS to 1000 before
-starting named). [RT #25084]
-</li></ul></div>
-		</div>
-  </div>
-  
-  <div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3359404"></a>Known issues in this release</h2></div></div></div>
-    
-    <div class="itemizedlist"><ul type="disc"><li>
-        <p>
-          "make test" will fail on OSX and possibly other operating systems.
-          The failure occurs in a new test to check for allow-query ACLs.
-          The failure is caused because the source address is not specified on
-          the dig commands issued in the test.
-        </p>
-        <p>
-          If running "make test" is part of your usual acceptance process,
-          please edit the file <code class="code">bin/tests/system/allow_query/test.sh</code>
-          and add
-          </p><p>
-            <code class="code">-b 10.53.0.2</code>
-          </p><p>
-          to the <code class="code">DIGOPTS</code> line.
-        </p>
-      </li></ul></div>
-  </div>
-
-  <div class="section" lang="en" xml:lang="en"><div class="titlepage"><div><div><h2 class="title" style="clear: both"><a id="id3359438"></a>Thank You</h2></div></div></div>
-    
-    <p>
-      Thank you to everyone who assisted us in making this release possible.
-      If you would like to contribute to ISC to assist us in continuing to make
-      quality open source software, please visit our donations page at
-      <a href="http://www.isc.org/supportisc" target="_top">http://www.isc.org/supportisc</a>.
-    </p>
-  </div>
-</div></body></html>

RELEASE-NOTES-BIND-9.6-ESV.txt

@@ -1,199 +0,0 @@
-     __________________________________________________________________
-
-Introduction
-
-   BIND 9.6-ESV-R5 is the current production release of BIND 9.6.
-
-   This document summarizes changes from BIND 9.6-ESV-R4 to BIND
-   9.6-ESV-R5. Please see the CHANGES file in the source code release for
-   a complete list of all changes.
-
-Download
-
-   The latest release of BIND 9 software can always be found on our web
-   site at http://www.isc.org/downloads/all. There you will find
-   additional information about each release, source code, and some
-   pre-compiled versions for certain operating systems.
-
-Support
-
-   Product support information is available on
-   http://www.isc.org/services/support for paid support options. Free
-   support is provided by our user community via a mailing list.
-   Information on all public email lists is available at
-   https://lists.isc.org/mailman/listinfo.
-
-New Features
-
-9.6-ESV-R5
-
-     * Added a tool able to generate malformed packets to allow testing of
-       how named handles them. [RT #24096]
-
-Security Fixes
-
-9.6-ESV-R5
-
-     * named, set up to be a caching resolver, is vulnerable to a user
-       querying a domain with very large resource record sets (RRSets)
-       when trying to negatively cache the response. Due to an off-by-one
-       error, caching the response could cause named to crash. [RT #24650]
-       [CVE-2011-1910]
-     * Change #2912 populated the message section in replies to UPDATE
-       requests, which some Windows clients wanted. This exposed a latent
-       bug that allowed the response message to crash named. With this
-       fix, change 2912 has been reduced to copy only the zone section to
-       the reply. A more complete fix for the latent bug will be released
-       later. [RT #24777]
-
-Feature Changes
-
-9.6-ESV-R5
-
-     * Merged in the NetBSD ATF test framework (currently version 0.12)
-       for development of future unit tests. Use configure --with-atf to
-       build ATF internally or configure --with-atf=prefix to use an
-       external copy. [RT #23209]
-     * Added more verbose error reporting from DLZ LDAP. [RT #23402]
-     * Replaced compile time constant with STDTIME_ON_32BITS. [RT #23587]
-
-Bug Fixes
-
-9.6-ESV-R5
-
-     * During RFC5011 processing some journal write errors were not
-       detected. This could lead to managed-keys changes being committed
-       but not recorded in the journal files, causing potential
-       inconsistencies during later processing. [RT #20256]
-       A potential NULL pointer deference in the DNS64 code could cause
-       named to terminate unexpectedly. [RT #20256]
-       A state variable relating to DNSSEC could fail to be set during
-       some infrequently-executed code paths, allowing it to be used
-       whilst in an unitialized state during cache updates, with
-       unpredictable results. [RT #20256]
-       A potential NULL pointer deference in DNSSEC signing code could
-       cause named to terminate unexpectedly [RT #20256]
-       Several cosmetic code changes were made to silence warnings
-       generated by a static code analysis tool. [RT #20256]
-     * When using _builtin in named.conf, named.conf changes were not
-       found when reloading the config file. Now checks _builtin zone
-       arguments to see if the zone is re-usable or not. [RT #21914]
-     * After an external code review, a code cleanup was done. [RT #22521]
-     * When signing records, named didn't filter out any TTL changes to
-       DNSKEY records. This resulted in an incomplete key set. TTL changes
-       are now dealt with before signing. [RT #22590]
-     * The IN6_IS_ADDR_LINKLOCAL and IN6_IS_ADDR_SITELOCAL macros in win32
-       were updated/corrected per current Windows OS. [RT #22724]
-     * Cause named to terminate at startup or rndc reconfig reload to
-       fail, if a log file specified in the conf file isn't a plain file.
-       (RT #22771]
-     * named now forces the ADB cache time for glue related data to zero
-       instead of relying on TTL. This corrects problematic behavior in
-       cases where a server was authoritative for the A record of a
-       nameserver for a delegated zone and was queried to recursively
-       resolve records within that zone. [RT #22842]
-     * Fix the zonechecks system test to fail on error (warning in 9.6,
-       fatal in 9.7) to match behaviour for 9.4. [RT #22905]
-     * The "rndc" command usage statement was missing the "-b" option. [RT
-       #22937]
-     * Fixed a possible deadlock due to zone re-signing. [RT #22964]
-     * Fixed precedence order bug with NS and DNAME records if both are
-       present. (Also fixed timing of autosign test in 9.7+) [RT #23035]
-     * The secure zone update feature in named is based on the zone being
-       signed and configured for dynamic updates. A bug in the ACL
-       processing for "allow-update { none; };" resulted in a zone that is
-       supposed to be static being treated as a dynamic zone. Thus, named
-       would try to sign/re-sign that zone erroneously. [RT #23120]
-     * A new test has been added to check the apex NSEC3 records after
-       DNSKEY records have been added via dynamic update. [RT #23229]
-     * If a slave initiates a TSIG signed AXFR from the master and the
-       master fails to correctly TSIG sign the final message, the slave
-       would be left with the zone in an unclean state. named detected
-       this error too late and named would crash with an INSIST. The order
-       dependancy has been fixed. [RT #23254]
-     * If the server has an IPv6 address but does not have IPv6
-       connectivity to the internet, dig +trace could fail attempting to
-       use IPv6 addresses. [RT #23297]
-     * Changing TTL did not cause dnssec-signzone to generate new
-       signatures. [RT #23330]
-     * Have the validating resolver use RRSIG original TTL to compute
-       validated RRset and RRSIG TTL. [RT #23332]
-     * In "make test" bin/tests/resolver, hold the socket manager lock
-       while freeing the socket. [RT #23333]
-     * If named encountered a CNAME instead of a DS record when walking
-       the chain of trust down from the trust anchor, it incorrectly
-       stopped validating. [RT #23338]
-     * RRSIG records could have time stamps too far in the future. [RT
-       #23356]
-     * named stores cached data in an in-memory database and keeps track
-       of how recently the data is used with a heap. The heap is stored
-       within the cache's memory space. Under a sustained high query load
-       and with a small cache size, this could lead to the heap exhausting
-       the cache space. This would result in cache misses and SERVFAILs,
-       with named never releasing the cache memory the heap used up and
-       never recovering. This fix removes the heap into its own memory
-       space, preventing the heap from exhausting the cache space and
-       allowing named to recover gracefully when the high query load
-       abates. [RT #23371]
-     * If running on a powerpc CPU and with atomic operations enabled,
-       named could lock up. Added sync instructions to the end of atomic
-       operations. [RT #23469]
-     * If OpenSSL was built without engine support, named would have
-       compile errors and fail to build. [RT #23473]
-     * Handle isc_event_allocate failures in t_tasks test. [RT #23572]
-     * ixfr-from-differences {master|slave}; failed to select the
-       master/slave zones, resulting in on diff/journal file being
-       created. [RT #23580]
-     * If a DNAME substitution failed, named returned NOERROR. The correct
-       response should be YXDOMAIN. [RT #23591]
-     * Remove bin/tests/system/logfileconfig/ns1/named.conf and add
-       setup.sh in order to resolve changing named.conf issue. [RT #23687]
-     * NOTIFY messages were not being sent when generating a NSEC3 chain
-       incrementally. [RT #23702]
-     * Signatures for records at the zone apex could go stale due to an
-       incorrect timer setting. [RT #23769]
-     * The autosign tests attempted to open ports within reserved ranges.
-       Test now avoids those ports. [RT #23957]
-     * named, acting as authoritative server for DLZ zones, was not
-       correctly setting the authoritative (AA) bit. [RT #24146]
-     * Clean up some cross-compiling issues and added two undocumented
-       configure options, --with-gost and --with-rlimtype, to allow
-       over-riding default settings (gost=no and rlimtype="long int") when
-       cross-compiling. [RT #24367]
-     * When trying sign with NSEC3, if dnssec-signzone couldn't find the
-       KSK, it would give an incorrect error "NSEC3 iterations too big for
-       weakest DNSKEY strength" rather than the correct "failed to find
-       keys at the zone apex: not found" [RT #24369]
-     * nsupdate could dump core on shutdown when using SIG(0) keys. [RT
-       #24604]
-     * Named could fail to validate zones list in a DLV that validated
-       insecure without using DLV and had DS records in the parent zone.
-       [RT #24631]
-     * A bug in FreeBSD kernels causes IPv6 UDP responses greater than
-       1280 bytes to not fragment as they should. Until there is a kernel
-       fix, named will work around this by setting IPV6_USE_MIN_MTU on a
-       per packet basis. [RT #24950]
-     * To avoid excessive startup time for configurations with large
-       numbers of zones, an environment variable, BIND9_ZONE_TASKS_HINTS,
-       may now be set prior to starting named. Divide your number of zones
-       by 200 to find the recommended setting for this environment
-       variable (i.e., if you have 200000 zones, set
-       BIND9_ZONE_TASKS_HINTS to 1000 before starting named). [RT #25084]
-
-Known issues in this release
-
-     * "make test" will fail on OSX and possibly other operating systems.
-       The failure occurs in a new test to check for allow-query ACLs. The
-       failure is caused because the source address is not specified on
-       the dig commands issued in the test.
-       If running "make test" is part of your usual acceptance process,
-       please edit the file bin/tests/system/allow_query/test.sh and add
-       -b 10.53.0.2
-       to the DIGOPTS line.
-
-Thank You
-
-   Thank you to everyone who assisted us in making this release possible.
-   If you would like to contribute to ISC to assist us in continuing to
-   make quality open source software, please visit our donations page at
-   http://www.isc.org/supportisc.

acconfig.h

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acconfig.h,v 1.51.334.2 2009/02/16 23:47:15 tbox Exp $ */
+/* $Id: acconfig.h,v 1.44.18.5 2005/04/29 00:15:20 marka Exp $ */
 
 /*! \file */
 
@@ -25,6 +25,9 @@
  ***/
 @TOP@
 
+/** define to `int' if <sys/types.h> doesn't define.  */
+#undef ssize_t
+
 /** define on DEC OSF to enable 4.4BSD style sa_len support */
 #undef _SOCKADDR_LEN
 
@@ -58,6 +61,9 @@
 /** define if you have the NET_RT_IFLIST sysctl variable and sys/sysctl.h */
 #undef HAVE_IFLIST_SYSCTL
 
+/** define if chroot() is available */
+#undef HAVE_CHROOT
+
 /** define if tzset() is available */
 #undef HAVE_TZSET
 
@@ -109,7 +115,7 @@ int sigwait(const unsigned int *set, int *sig);
  * The silly continuation line is to keep configure from
  * commenting out the #undef.
  */
-
+ 
 #undef \
 	va_start
 #define	va_start(ap, last) \

bin/Makefile.in

@@ -1,7 +1,7 @@
-# Copyright (C) 2004, 2007  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2001  Internet Software Consortium.
 #
-# Permission to use, copy, modify, and/or distribute this software for any
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.25 2007/06/19 23:46:59 tbox Exp $
+# $Id: Makefile.in,v 1.23 2004/03/05 04:57:10 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/check/Makefile.in

@@ -1,7 +1,7 @@
-# Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000-2003  Internet Software Consortium.
 #
-# Permission to use, copy, modify, and/or distribute this software for any
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.32 2007/06/19 23:46:59 tbox Exp $
+# $Id: Makefile.in,v 1.24.18.6 2006/06/09 00:54:08 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/check/check-tool.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2002  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,30 +15,25 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.35.36.5 2010/09/07 23:46:05 tbox Exp $ */
+/* $Id: check-tool.c,v 1.10.18.14 2006/06/08 01:43:00 marka Exp $ */
 
 /*! \file */
 
 #include <config.h>
 
 #include <stdio.h>
-
-#ifdef _WIN32
-#include <Winsock2.h>
-#endif
+#include <string.h>
 
 #include "check-tool.h"
+#include <isc/util.h>
+
 #include <isc/buffer.h>
 #include <isc/log.h>
-#include <isc/mem.h>
-#include <isc/netdb.h>
 #include <isc/net.h>
+#include <isc/netdb.h>
 #include <isc/region.h>
 #include <isc/stdio.h>
-#include <isc/string.h>
-#include <isc/symtab.h>
 #include <isc/types.h>
-#include <isc/util.h>
 
 #include <dns/fixedname.h>
 #include <dns/log.h>
@@ -51,14 +46,6 @@
 
 #include <isccfg/log.h>
 
-#ifndef CHECK_SIBLING
-#define CHECK_SIBLING 1
-#endif
-
-#ifndef CHECK_LOCAL
-#define CHECK_LOCAL 1
-#endif
-
 #ifdef HAVE_ADDRINFO
 #ifdef HAVE_GETADDRINFO
 #ifdef HAVE_GAISTRERROR
@@ -72,38 +59,20 @@
 		result = (r); \
 		if (result != ISC_R_SUCCESS) \
 			goto cleanup; \
-	} while (0)
-
-#define ERR_IS_CNAME 1
-#define ERR_NO_ADDRESSES 2
-#define ERR_LOOKUP_FAILURE 3
-#define ERR_EXTRA_A 4
-#define ERR_EXTRA_AAAA 5
-#define ERR_MISSING_GLUE 5
-#define ERR_IS_MXCNAME 6
-#define ERR_IS_SRVCNAME 7
+	} while (0)   
 
 static const char *dbtype[] = { "rbt" };
 
 int debug = 0;
 isc_boolean_t nomerge = ISC_TRUE;
-#if CHECK_LOCAL
 isc_boolean_t docheckmx = ISC_TRUE;
 isc_boolean_t dochecksrv = ISC_TRUE;
 isc_boolean_t docheckns = ISC_TRUE;
-#else
-isc_boolean_t docheckmx = ISC_FALSE;
-isc_boolean_t dochecksrv = ISC_FALSE;
-isc_boolean_t docheckns = ISC_FALSE;
-#endif
-unsigned int zone_options = DNS_ZONEOPT_CHECKNS |
+unsigned int zone_options = DNS_ZONEOPT_CHECKNS | 
 			    DNS_ZONEOPT_CHECKMX |
 			    DNS_ZONEOPT_MANYERRORS |
 			    DNS_ZONEOPT_CHECKNAMES |
 			    DNS_ZONEOPT_CHECKINTEGRITY |
-#if CHECK_SIBLING
-			    DNS_ZONEOPT_CHECKSIBLING |
-#endif
 			    DNS_ZONEOPT_CHECKWILDCARD |
 			    DNS_ZONEOPT_WARNMXCNAME |
 			    DNS_ZONEOPT_WARNSRVCNAME;
@@ -119,62 +88,9 @@ static isc_logcategory_t categories[] = {
 	{ "queries",	     0 },
 	{ "unmatched", 	     0 },
 	{ "update-security", 0 },
-	{ "query-errors",    0 },
 	{ NULL,		     0 }
 };
 
-static isc_symtab_t *symtab = NULL;
-static isc_mem_t *sym_mctx;
-
-static void
-freekey(char *key, unsigned int type, isc_symvalue_t value, void *userarg) {
-	UNUSED(type);
-	UNUSED(value);
-	isc_mem_free(userarg, key);
-}
-
-static void
-add(char *key, int value) {
-	isc_result_t result;
-	isc_symvalue_t symvalue;
-
-	if (sym_mctx == NULL) {
-		result = isc_mem_create(0, 0, &sym_mctx);
-		if (result != ISC_R_SUCCESS)
-			return;
-	}
-
-	if (symtab == NULL) {
-		result = isc_symtab_create(sym_mctx, 100, freekey, sym_mctx,
-					   ISC_FALSE, &symtab);
-		if (result != ISC_R_SUCCESS)
-			return;
-	}
-
-	key = isc_mem_strdup(sym_mctx, key);
-	if (key == NULL)
-		return;
-
-	symvalue.as_pointer = NULL;
-	result = isc_symtab_define(symtab, key, value, symvalue,
-				   isc_symexists_reject);
-	if (result != ISC_R_SUCCESS)
-		isc_mem_free(sym_mctx, key);
-}
-
-static isc_boolean_t
-logged(char *key, int value) {
-	isc_result_t result;
-
-	if (symtab == NULL)
-		return (ISC_FALSE);
-
-	result = isc_symtab_lookup(symtab, key, value, NULL);
-	if (result == ISC_R_SUCCESS)
-		return (ISC_TRUE);
-	return (ISC_FALSE);
-}
-
 static isc_boolean_t
 checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	dns_rdataset_t *a, dns_rdataset_t *aaaa)
@@ -209,53 +125,34 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	if (dns_name_countlabels(name) > 1U)
 		strcat(namebuf, ".");
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
+	
 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
 	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
 	switch (result) {
 	case 0:
-		/*
-		 * Work around broken getaddrinfo() implementations that
-		 * fail to set ai_canonname on first entry.
-		 */
-		cur = ai;
-		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL)
-			cur = cur->ai_next;
-		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0 &&
-		    !logged(namebuf, ERR_IS_CNAME)) {
+		if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/NS '%s' (out of zone) "
-				     "is a CNAME '%s' (illegal)",
-				     ownerbuf, namebuf,
-				     cur->ai_canonname);
+				     "is a CNAME (illegal)",
+				     ownerbuf, namebuf);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = ISC_FALSE; */
-			add(namebuf, ERR_IS_CNAME);
 		}
 		break;
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
 #endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
 		/* XXX950 make fatal for 9.5.0 */
 		return (ISC_TRUE);
 
 	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s",
-				     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
+		dns_zone_log(zone, ISC_LOG_WARNING,
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
 		return (ISC_TRUE);
 	}
 	if (a == NULL || aaaa == NULL)
@@ -278,13 +175,12 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 				break;
 			}
 		}
-		if (!match && !logged(namebuf, ERR_EXTRA_A)) {
+		if (!match) {
 			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE A record (%s)",
 				     ownerbuf, namebuf,
 				     inet_ntop(AF_INET, rdata.data,
 					       addrbuf, sizeof(addrbuf)));
-			add(namebuf, ERR_EXTRA_A);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = ISC_FALSE; */
 		}
@@ -308,13 +204,12 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 				break;
 			}
 		}
-		if (!match && !logged(namebuf, ERR_EXTRA_AAAA)) {
+		if (!match) {
 			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE AAAA record (%s)",
 				     ownerbuf, namebuf,
 				     inet_ntop(AF_INET6, rdata.data,
 					       addrbuf, sizeof(addrbuf)));
-			add(namebuf, ERR_EXTRA_AAAA);
 			/* XXX950 make fatal for 9.5.0. */
 			/* answer = ISC_FALSE; */
 		}
@@ -326,48 +221,42 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	/*
 	 * Check that all addresses appear in the glue.
 	 */
-	if (!logged(namebuf, ERR_MISSING_GLUE)) {
-		isc_boolean_t missing_glue = ISC_FALSE;
-		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			switch (cur->ai_family) {
-			case AF_INET:
-				rdataset = a;
-				ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
-				type = "A";
-				break;
-			case AF_INET6:
-				rdataset = aaaa;
-				ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
-				type = "AAAA";
-				break;
-			default:
-				 continue;
-			}
-			match = ISC_FALSE;
-			if (dns_rdataset_isassociated(rdataset))
-				result = dns_rdataset_first(rdataset);
-			else
-				result = ISC_R_FAILURE;
-			while (result == ISC_R_SUCCESS && !match) {
-				dns_rdataset_current(rdataset, &rdata);
-				if (memcmp(ptr, rdata.data, rdata.length) == 0)
-					match = ISC_TRUE;
-				dns_rdata_reset(&rdata);
-				result = dns_rdataset_next(rdataset);
-			}
-			if (!match) {
-				dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
-					     "missing GLUE %s record (%s)",
-					     ownerbuf, namebuf, type,
-					     inet_ntop(cur->ai_family, ptr,
-						       addrbuf, sizeof(addrbuf)));
-				/* XXX950 make fatal for 9.5.0. */
-				/* answer = ISC_FALSE; */
-				missing_glue = ISC_TRUE;
-			}
+	for (cur = ai; cur != NULL; cur = cur->ai_next) {
+		switch (cur->ai_family) {
+		case AF_INET:
+			rdataset = a;
+			ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
+			type = "A";
+			break;
+		case AF_INET6:
+			rdataset = aaaa;
+			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
+			type = "AAAA";
+			break;
+		default:
+			 continue;
+		}
+		match = ISC_FALSE;
+		if (dns_rdataset_isassociated(rdataset))
+			result = dns_rdataset_first(rdataset);
+		else
+			result = ISC_R_FAILURE;
+		while (result == ISC_R_SUCCESS && !match) {
+			dns_rdataset_current(rdataset, &rdata);
+			if (memcmp(ptr, rdata.data, rdata.length) == 0)
+				match = ISC_TRUE;
+			dns_rdata_reset(&rdata);
+			result = dns_rdataset_next(rdataset);
+		}
+		if (!match) {
+			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
+				     "missing GLUE %s record (%s)",
+				     ownerbuf, namebuf, type,
+				     inet_ntop(cur->ai_family, ptr,
+					       addrbuf, sizeof(addrbuf)));
+			/* XXX950 make fatal for 9.5.0. */
+			/* answer = ISC_FALSE; */
 		}
-		if (missing_glue)
-			add(namebuf, ERR_MISSING_GLUE);
 	}
 	freeaddrinfo(ai);
 	return (answer);
@@ -379,7 +268,7 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 static isc_boolean_t
 checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #ifdef USE_GETADDRINFO
-	struct addrinfo hints, *ai, *cur;
+	struct addrinfo hints, *ai;
 	char namebuf[DNS_NAME_FORMATSIZE + 1];
 	char ownerbuf[DNS_NAME_FORMATSIZE];
 	int result;
@@ -399,33 +288,19 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	if (dns_name_countlabels(name) > 1U)
 		strcat(namebuf, ".");
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
+	
 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
 	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
 	switch (result) {
 	case 0:
-		/*
-		 * Work around broken getaddrinfo() implementations that
-		 * fail to set ai_canonname on first entry.
-		 */
-		cur = ai;
-		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL)
-			cur = cur->ai_next;
-		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
+		if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
 			if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0)
 				level = ISC_LOG_WARNING;
 			if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
-				if (!logged(namebuf, ERR_IS_MXCNAME)) {
-					dns_zone_log(zone, level,
-						     "%s/MX '%s' (out of zone)"
-						     " is a CNAME '%s' "
-						     "(illegal)",
-						     ownerbuf, namebuf,
-						     cur->ai_canonname);
-					add(namebuf, ERR_IS_MXCNAME);
-				}
+				dns_zone_log(zone, ISC_LOG_WARNING,
+					     "%s/MX '%s' (out of zone) "
+					     "is a CNAME (illegal)",
+					     ownerbuf, namebuf);
 				if (level == ISC_LOG_ERROR)
 					answer = ISC_FALSE;
 			}
@@ -437,23 +312,16 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
 #endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/MX '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/MX '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
 		/* XXX950 make fatal for 9.5.0. */
 		return (ISC_TRUE);
 
 	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
+		dns_zone_log(zone, ISC_LOG_WARNING,
 			     "getaddrinfo(%s) failed: %s",
 			     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
 		return (ISC_TRUE);
 	}
 #else
@@ -464,7 +332,7 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 static isc_boolean_t
 checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #ifdef USE_GETADDRINFO
-	struct addrinfo hints, *ai, *cur;
+	struct addrinfo hints, *ai;
 	char namebuf[DNS_NAME_FORMATSIZE + 1];
 	char ownerbuf[DNS_NAME_FORMATSIZE];
 	int result;
@@ -484,32 +352,19 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 	if (dns_name_countlabels(name) > 1U)
 		strcat(namebuf, ".");
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
+	
 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
 	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
 	switch (result) {
 	case 0:
-		/*
-		 * Work around broken getaddrinfo() implementations that
-		 * fail to set ai_canonname on first entry.
-		 */
-		cur = ai;
-		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL)
-			cur = cur->ai_next;
-		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
+		if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
 			if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0)
 				level = ISC_LOG_WARNING;
 			if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
-				if (!logged(namebuf, ERR_IS_SRVCNAME)) {
-					dns_zone_log(zone, level, "%s/SRV '%s'"
-						     " (out of zone) is a "
-						     "CNAME '%s' (illegal)",
-						     ownerbuf, namebuf,
-						     cur->ai_canonname);
-					add(namebuf, ERR_IS_SRVCNAME);
-				}
+				dns_zone_log(zone, level,
+					     "%s/SRV '%s' (out of zone) "
+					     "is a CNAME (illegal)",
+					     ownerbuf, namebuf);
 				if (level == ISC_LOG_ERROR)
 					answer = ISC_FALSE;
 			}
@@ -521,23 +376,16 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
 #endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/SRV '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/SRV '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
 		/* XXX950 make fatal for 9.5.0. */
 		return (ISC_TRUE);
 
 	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s",
-				     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
+		dns_zone_log(zone, ISC_LOG_WARNING,
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
 		return (ISC_TRUE);
 	}
 #else
@@ -546,7 +394,7 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 }
 
 isc_result_t
-setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
+setup_logging(isc_mem_t *mctx, isc_log_t **logp) {
 	isc_logdestination_t destination;
 	isc_logconfig_t *logconfig = NULL;
 	isc_log_t *log = NULL;
@@ -558,7 +406,7 @@ setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
 	dns_log_setcontext(log);
 	cfg_log_init(log);
 
-	destination.file.stream = errout;
+	destination.file.stream = stdout;
 	destination.file.name = NULL;
 	destination.file.versions = ISC_LOG_ROLLNEVER;
 	destination.file.maximum_size = 0;
@@ -642,14 +490,14 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	FILE *output = stdout;
 
 	if (debug) {
-		if (filename != NULL && strcmp(filename, "-") != 0)
+		if (filename != NULL)
 			fprintf(stderr, "dumping \"%s\" to \"%s\"\n",
 				zonename, filename);
 		else
 			fprintf(stderr, "dumping \"%s\"\n", zonename);
 	}
 
-	if (filename != NULL && strcmp(filename, "-") != 0) {
+	if (filename != NULL) {
 		result = isc_stdio_open(filename, "w+", &output);
 
 		if (result != ISC_R_SUCCESS) {
@@ -661,31 +509,8 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 
 	result = dns_zone_dumptostream2(zone, output, fileformat, style);
 
-	if (output != stdout)
+	if (filename != NULL)
 		(void)isc_stdio_close(output);
 
 	return (result);
 }
-
-#ifdef _WIN32
-void
-InitSockets(void) {
-	WORD wVersionRequested;
-	WSADATA wsaData;
-	int err;
-
-	wVersionRequested = MAKEWORD(2, 0);
-
-	err = WSAStartup( wVersionRequested, &wsaData );
-	if (err != 0) {
-		fprintf(stderr, "WSAStartup() failed: %d\n", err);
-		exit(1);
-	}
-}
-
-void
-DestroySockets(void) {
-	WSACleanup();
-}
-#endif
-

bin/check/check-tool.h

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2002  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.h,v 1.14.334.2 2010/09/07 23:46:05 tbox Exp $ */
+/* $Id: check-tool.h,v 1.7.18.4 2005/06/20 01:19:25 marka Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H
@@ -23,7 +23,6 @@
 /*! \file */
 
 #include <isc/lang.h>
-#include <isc/stdio.h>
 #include <isc/types.h>
 
 #include <dns/masterdump.h>
@@ -32,7 +31,7 @@
 ISC_LANG_BEGINDECLS
 
 isc_result_t
-setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp);
+setup_logging(isc_mem_t *mctx, isc_log_t **logp);
 
 isc_result_t
 load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
@@ -43,11 +42,6 @@ isc_result_t
 dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 	  dns_masterformat_t fileformat, const dns_master_style_t *style);
 
-#ifdef _WIN32
-void InitSockets(void);
-void DestroySockets(void);
-#endif
-
 extern int debug;
 extern isc_boolean_t nomerge;
 extern isc_boolean_t docheckmx;

bin/check/named-checkconf.8

@@ -1,7 +1,7 @@
-.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -13,13 +13,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkconf.8,v 1.30.334.1 2009/07/11 01:55:20 tbox Exp $
+.\" $Id: named-checkconf.8,v 1.16.18.9 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: named\-checkconf
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: June 14, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -33,48 +33,33 @@
 named\-checkconf \- named configuration file syntax checking tool
 .SH "SYNOPSIS"
 .HP 16
-\fBnamed\-checkconf\fR [\fB\-h\fR] [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-z\fR]
+\fBnamed\-checkconf\fR [\fB\-v\fR] [\fB\-j\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename} [\fB\-z\fR]
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkconf\fR
 checks the syntax, but not the semantics, of a named configuration file.
 .SH "OPTIONS"
-.PP
-\-h
-.RS 4
-Print the usage summary and exit.
-.RE
-.PP
+.TP 3n
 \-t \fIdirectory\fR
-.RS 4
-Chroot to
+chroot to
 \fIdirectory\fR
 so that include directives in the configuration file are processed as if run by a similarly chrooted named.
-.RE
-.PP
+.TP 3n
 \-v
-.RS 4
 Print the version of the
 \fBnamed\-checkconf\fR
 program and exit.
-.RE
-.PP
+.TP 3n
 \-z
-.RS 4
-Perform a test load of all master zones found in
+Perform a check load the master zonefiles found in
 \fInamed.conf\fR.
-.RE
-.PP
+.TP 3n
 \-j
-.RS 4
 When loading a zonefile read the journal if it exists.
-.RE
-.PP
+.TP 3n
 filename
-.RS 4
 The name of the configuration file to be checked. If not specified, it defaults to
 \fI/etc/named.conf\fR.
-.RE
 .SH "RETURN VALUES"
 .PP
 \fBnamed\-checkconf\fR
@@ -82,13 +67,9 @@ returns an exit status of 1 if errors were detected and 0 otherwise.
 .SH "SEE ALSO"
 .PP
 \fBnamed\fR(8),
-\fBnamed\-checkzone\fR(8),
 BIND 9 Administrator Reference Manual.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
-.br
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")

bin/check/named-checkconf.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2007, 2009-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.46.222.6 2011/03/12 04:57:22 tbox Exp $ */
+/* $Id: named-checkconf.c,v 1.28.18.14 2006/02/28 03:10:47 marka Exp $ */
 
 /*! \file */
 
@@ -47,8 +47,6 @@
 
 #include "check-tool.h"
 
-static const char *program = "named-checkconf";
-
 isc_log_t *logc = NULL;
 
 #define CHECK(r)\
@@ -61,9 +59,9 @@ isc_log_t *logc = NULL;
 /*% usage */
 static void
 usage(void) {
-	fprintf(stderr, "usage: %s [-h] [-j] [-v] [-z] [-t directory] "
-		"[named.conf]\n", program);
-	exit(1);
+        fprintf(stderr, "usage: named-checkconf [-j] [-v] [-z] [-t directory] "
+		"[named.conf]\n");
+        exit(1);
 }
 
 /*% directory callback */
@@ -173,9 +171,9 @@ configure_zone(const char *vclass, const char *view,
 
 	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
 	classobj = cfg_tuple_get(zconfig, "class");
-	if (!cfg_obj_isstring(classobj))
-		zclass = vclass;
-	else
+        if (!cfg_obj_isstring(classobj))
+                zclass = vclass;
+        else
 		zclass = cfg_obj_asstring(classobj);
 
 	zoptions = cfg_tuple_get(zconfig, "options");
@@ -187,16 +185,16 @@ configure_zone(const char *vclass, const char *view,
 		if (obj != NULL)
 			maps[i++] = obj;
 	}
-	maps[i] = NULL;
+	maps[i++] = NULL;
 
 	cfg_map_get(zoptions, "type", &typeobj);
 	if (typeobj == NULL)
 		return (ISC_R_FAILURE);
 	if (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0)
 		return (ISC_R_SUCCESS);
-	cfg_map_get(zoptions, "database", &dbobj);
-	if (dbobj != NULL)
-		return (ISC_R_SUCCESS);
+        cfg_map_get(zoptions, "database", &dbobj);
+        if (dbobj != NULL)
+                return (ISC_R_SUCCESS);
 	cfg_map_get(zoptions, "file", &fileobj);
 	if (fileobj == NULL)
 		return (ISC_R_FAILURE);
@@ -226,8 +224,7 @@ configure_zone(const char *vclass, const char *view,
 			zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
 		else
 			zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
-	} else
-		zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
+	}
 
 	obj = NULL;
 	if (get_maps(maps, "check-mx-cname", &obj)) {
@@ -287,8 +284,8 @@ configure_zone(const char *vclass, const char *view,
 		} else
 			INSIST(0);
 	} else {
-	       zone_options |= DNS_ZONEOPT_CHECKNAMES;
-	       zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
+               zone_options |= DNS_ZONEOPT_CHECKNAMES;
+               zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
 	}
 
 	masterformat = dns_masterformat_text;
@@ -399,10 +396,8 @@ main(int argc, char **argv) {
 	int exit_status = 0;
 	isc_entropy_t *ectx = NULL;
 	isc_boolean_t load_zones = ISC_FALSE;
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((c = isc_commandline_parse(argc, argv, "dhjt:vz")) != EOF) {
+	
+	while ((c = isc_commandline_parse(argc, argv, "djt:vz")) != EOF) {
 		switch (c) {
 		case 'd':
 			debug++;
@@ -419,6 +414,12 @@ main(int argc, char **argv) {
 					isc_result_totext(result));
 				exit(1);
 			}
+			result = isc_dir_chdir("/");
+			if (result != ISC_R_SUCCESS) {
+				fprintf(stderr, "isc_dir_chdir: %s\n",
+					isc_result_totext(result));
+				exit(1);
+			}
 			break;
 
 		case 'v':
@@ -432,34 +433,19 @@ main(int argc, char **argv) {
 			dochecksrv = ISC_FALSE;
 			break;
 
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-		case 'h':
-			usage();
-
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
+			usage();
 		}
 	}
 
-	if (isc_commandline_index + 1 < argc)
-		usage();
 	if (argv[isc_commandline_index] != NULL)
 		conffile = argv[isc_commandline_index];
 	if (conffile == NULL || conffile[0] == '\0')
 		conffile = NAMED_CONFFILE;
 
-#ifdef _WIN32
-	InitSockets();
-#endif
-
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
-	RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
+	RUNTIME_CHECK(setup_logging(mctx, &logc) == ISC_R_SUCCESS);
 
 	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
@@ -498,9 +484,5 @@ main(int argc, char **argv) {
 
 	isc_mem_destroy(&mctx);
 
-#ifdef _WIN32
-	DestroySockets();
-#endif
-
 	return (exit_status);
 }

bin/check/named-checkconf.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkconf.docbook,v 1.19 2007/06/19 06:58:03 marka Exp $ -->
+<!-- $Id: named-checkconf.docbook,v 1.8.18.5 2005/07/19 05:55:41 marka Exp $ -->
 <refentry id="man.named-checkconf">
   <refentryinfo>
     <date>June 14, 2000</date>
@@ -34,7 +34,6 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
-      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -53,7 +52,6 @@
   <refsynopsisdiv>
     <cmdsynopsis>
       <command>named-checkconf</command>
-      <arg><option>-h</option></arg>
       <arg><option>-v</option></arg>
       <arg><option>-j</option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
@@ -74,20 +72,11 @@
     <title>OPTIONS</title>
 
     <variablelist>
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Print the usage summary and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-t <replaceable class="parameter">directory</replaceable></term>
         <listitem>
           <para>
-            Chroot to <filename>directory</filename> so that
+            chroot to <filename>directory</filename> so that
             include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
@@ -109,8 +98,8 @@
         <term>-z</term>
         <listitem>
           <para>
-	    Perform a test load of all master zones found in
-	    <filename>named.conf</filename>.
+            Perform a check load the master zonefiles found in
+            <filename>named.conf</filename>.
           </para>
         </listitem>
       </varlistentry>
@@ -151,9 +140,6 @@
     <para><citerefentry>
         <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
-      <citerefentry>
-        <refentrytitle>named-checkzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
     </para>
   </refsect1>

bin/check/named-checkconf.html

@@ -1,8 +1,8 @@
 <!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  - 
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: named-checkconf.html,v 1.30.334.1 2009/07/11 01:55:20 tbox Exp $ -->
+<!-- $Id: named-checkconf.html,v 1.9.18.15 2006/06/29 13:03:01 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>named-checkconf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.named-checkconf"></a><div class="titlepage"></div>
@@ -29,25 +29,21 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-h</code>] [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543387"></a><h2>DESCRIPTION</h2>
+<a name="id2549441"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkconf</strong></span>
       checks the syntax, but not the semantics, of a named
       configuration file.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543399"></a><h2>OPTIONS</h2>
+<a name="id2549452"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Print the usage summary and exit.
-          </p></dd>
 <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
-            Chroot to <code class="filename">directory</code> so that
+            chroot to <code class="filename">directory</code> so that
             include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
@@ -59,8 +55,8 @@
           </p></dd>
 <dt><span class="term">-z</span></dt>
 <dd><p>
-	    Perform a test load of all master zones found in
-	    <code class="filename">named.conf</code>.
+            Perform a check load the master zonefiles found in
+            <code class="filename">named.conf</code>.
           </p></dd>
 <dt><span class="term">-j</span></dt>
 <dd><p>
@@ -74,21 +70,20 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543507"></a><h2>RETURN VALUES</h2>
+<a name="id2549613"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkconf</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543518"></a><h2>SEE ALSO</h2>
+<a name="id2549693"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named-checkzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543548"></a><h2>AUTHOR</h2>
+<a name="id2549715"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/check/named-checkzone.8

@@ -1,7 +1,7 @@
-.\" Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -13,13 +13,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkzone.8,v 1.42.334.3 2009/11/11 01:56:22 tbox Exp $
+.\" $Id: named-checkzone.8,v 1.18.18.17 2006/08/31 00:19:32 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: named\-checkzone
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: June 13, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -33,9 +33,9 @@
 named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
 .SH "SYNOPSIS"
 .HP 16
-\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
 .HP 18
-\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
+\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkzone\fR
@@ -48,46 +48,30 @@ useful for checking zone files before configuring them into a name server.
 \fBnamed\-compilezone\fR
 is similar to
 \fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by
-\fBnamed\fR. When manually specified otherwise, the check levels must at least be as strict as those specified in the
+\fBnamed\fR. When manaully specified otherwise, the check levels must at least be as strict as those specified in the
 \fBnamed\fR
 configuration file.
 .SH "OPTIONS"
-.PP
+.TP 3n
 \-d
-.RS 4
 Enable debugging.
-.RE
-.PP
-\-h
-.RS 4
-Print the usage summary and exit.
-.RE
-.PP
+.TP 3n
 \-q
-.RS 4
 Quiet mode \- exit code only.
-.RE
-.PP
+.TP 3n
 \-v
-.RS 4
 Print the version of the
 \fBnamed\-checkzone\fR
 program and exit.
-.RE
-.PP
+.TP 3n
 \-j
-.RS 4
 When loading the zone file read the journal if it exists.
-.RE
-.PP
+.TP 3n
 \-c \fIclass\fR
-.RS 4
-Specify the class of the zone. If not specified, "IN" is assumed.
-.RE
-.PP
+Specify the class of the zone. If not specified "IN" is assumed.
+.TP 3n
 \-i \fImode\fR
-.RS 4
-Perform post\-load zone integrity checks. Possible modes are
+Perform post load zone integrity checks. Possible modes are
 \fB"full"\fR
 (default),
 \fB"full\-sibling"\fR,
@@ -110,7 +94,7 @@ only checks SRV records which refer to in\-zone hostnames.
 .sp
 Mode
 \fB"full"\fR
-checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). It also checks that glue address records in the zone match those advertised by the child. Mode
+checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). It also checks that glue addresses records in the zone match those advertised by the child. Mode
 \fB"local"\fR
 only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone.
 .sp
@@ -127,29 +111,23 @@ respectively.
 Mode
 \fB"none"\fR
 disables the checks.
-.RE
-.PP
+.TP 3n
 \-f \fIformat\fR
-.RS 4
 Specify the format of the zone file. Possible formats are
 \fB"text"\fR
 (default) and
 \fB"raw"\fR.
-.RE
-.PP
+.TP 3n
 \-F \fIformat\fR
-.RS 4
 Specify the format of the output file specified. Possible formats are
 \fB"text"\fR
 (default) and
 \fB"raw"\fR. For
 \fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
-.RE
-.PP
+.TP 3n
 \-k \fImode\fR
-.RS 4
 Perform
-\fB"check\-names"\fR
+\fB"check\-name"\fR
 checks with the specified failure mode. Possible modes are
 \fB"fail"\fR
 (default for
@@ -158,28 +136,22 @@ checks with the specified failure mode. Possible modes are
 (default for
 \fBnamed\-checkzone\fR) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP 3n
 \-m \fImode\fR
-.RS 4
 Specify whether MX records should be checked to see if they are addresses. Possible modes are
 \fB"fail"\fR,
 \fB"warn"\fR
 (default) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP 3n
 \-M \fImode\fR
-.RS 4
 Check if a MX record refers to a CNAME. Possible modes are
 \fB"fail"\fR,
 \fB"warn"\fR
 (default) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP 3n
 \-n \fImode\fR
-.RS 4
 Specify whether NS records should be checked to see if they are addresses. Possible modes are
 \fB"fail"\fR
 (default for
@@ -188,76 +160,53 @@ Specify whether NS records should be checked to see if they are addresses. Possi
 (default for
 \fBnamed\-checkzone\fR) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP 3n
 \-o \fIfilename\fR
-.RS 4
 Write zone output to
-\fIfilename\fR. If
-\fIfilename\fR
-is
-\fI\-\fR
-then write to standard out. This is mandatory for
+\fIfilename\fR. This is mandatory for
 \fBnamed\-compilezone\fR.
-.RE
-.PP
+.TP 3n
 \-s \fIstyle\fR
-.RS 4
 Specify the style of the dumped zone file. Possible styles are
 \fB"full"\fR
 (default) and
 \fB"relative"\fR. The full format is most suitable for processing automatically by a separate script. On the other hand, the relative format is more human\-readable and is thus suitable for editing by hand. For
 \fBnamed\-checkzone\fR
 this does not cause any effects unless it dumps the zone contents. It also does not have any meaning if the output format is not text.
-.RE
-.PP
+.TP 3n
 \-S \fImode\fR
-.RS 4
 Check if a SRV record refers to a CNAME. Possible modes are
 \fB"fail"\fR,
 \fB"warn"\fR
 (default) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP 3n
 \-t \fIdirectory\fR
-.RS 4
-Chroot to
+chroot to
 \fIdirectory\fR
 so that include directives in the configuration file are processed as if run by a similarly chrooted named.
-.RE
-.PP
+.TP 3n
 \-w \fIdirectory\fR
-.RS 4
 chdir to
 \fIdirectory\fR
 so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in
 \fInamed.conf\fR.
-.RE
-.PP
+.TP 3n
 \-D
-.RS 4
 Dump zone file in canonical format. This is always enabled for
 \fBnamed\-compilezone\fR.
-.RE
-.PP
+.TP 3n
 \-W \fImode\fR
-.RS 4
 Specify whether to check for non\-terminal wildcards. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034). Possible modes are
 \fB"warn"\fR
 (default) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP 3n
 zonename
-.RS 4
 The domain name of the zone being checked.
-.RE
-.PP
+.TP 3n
 filename
-.RS 4
 The name of the zone file.
-.RE
 .SH "RETURN VALUES"
 .PP
 \fBnamed\-checkzone\fR
@@ -265,14 +214,10 @@ returns an exit status of 1 if errors were detected and 0 otherwise.
 .SH "SEE ALSO"
 .PP
 \fBnamed\fR(8),
-\fBnamed\-checkconf\fR(8),
 RFC 1035,
 BIND 9 Administrator Reference Manual.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
-.br
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")

bin/check/named-checkzone.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.51.34.6 2010/09/07 23:46:06 tbox Exp $ */
+/* $Id: named-checkzone.c,v 1.29.18.15 2006/08/30 23:01:54 marka Exp $ */
 
 /*! \file */
 
@@ -73,16 +73,13 @@ static enum { progmode_check, progmode_compile } progmode;
 static void
 usage(void) {
 	fprintf(stderr,
-		"usage: %s [-djqvD] [-c class] "
+		"usage: %s [-djqvD] [-c class] [-o output] "
 		"[-f inputformat] [-F outputformat] "
 		"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
 		"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
-		"[-i (full|full-sibling|local|local-sibling|none)] "
-		"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
-		"[-W (ignore|warn)] "
-		"%s zonename filename\n",
-		prog_name,
-		progmode == progmode_check ? "[-o filename]" : "{-o filename}");
+		"[-i (full|local|none)] [-M (ignore|warn|fail)] "
+		"[-S (ignore|warn|fail)] [-W (ignore|warn)] "
+		"zonename filename\n", prog_name);
 	exit(1);
 }
 
@@ -108,13 +105,10 @@ main(int argc, char **argv) {
 	const char *outputformatstr = NULL;
 	dns_masterformat_t inputformat = dns_masterformat_text;
 	dns_masterformat_t outputformat = dns_masterformat_text;
-	FILE *errout = stdout;
 
 	outputstyle = &dns_master_style_full;
 
 	prog_name = strrchr(argv[0], '/');
-	if (prog_name == NULL)
-		prog_name = strrchr(argv[0], '\\');
 	if (prog_name != NULL)
 		prog_name++;
 	else
@@ -125,13 +119,9 @@ main(int argc, char **argv) {
 	 */
 	if (strncmp(prog_name, "lt-", 3) == 0)
 		prog_name += 3;
-
-#define PROGCMP(X) \
-	(strcasecmp(prog_name, X) == 0 || strcasecmp(prog_name, X ".exe") == 0)
-
-	if (PROGCMP("named-checkzone"))
+	if (strcmp(prog_name, "named-checkzone") == 0)
 		progmode = progmode_check;
-	else if (PROGCMP("named-compilezone"))
+	else if (strcmp(prog_name, "named-compilezone") == 0)
 		progmode = progmode_compile;
 	else
 		INSIST(0);
@@ -147,10 +137,8 @@ main(int argc, char **argv) {
 
 #define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
 
-	isc_commandline_errprint = ISC_FALSE;
-
 	while ((c = isc_commandline_parse(argc, argv,
-					 "c:df:hi:jk:m:n:qs:t:o:vw:DF:M:S:W:"))
+					  "c:df:i:jk:m:n:qst:o:vw:DF:M:S:W:"))
 	       != EOF) {
 		switch (c) {
 		case 'c':
@@ -237,7 +225,7 @@ main(int argc, char **argv) {
 				zone_options &= ~DNS_ZONEOPT_FATALNS;
 			} else if (ARGCMP("fail")) {
 				zone_options |= DNS_ZONEOPT_CHECKNS|
-						DNS_ZONEOPT_FATALNS;
+					        DNS_ZONEOPT_FATALNS;
 			} else {
 				fprintf(stderr, "invalid argument to -n: %s\n",
 					isc_commandline_argument);
@@ -274,6 +262,12 @@ main(int argc, char **argv) {
 					isc_result_totext(result));
 				exit(1);
 			}
+			result = isc_dir_chdir("/");
+			if (result != ISC_R_SUCCESS) {
+				fprintf(stderr, "isc_dir_chdir: %s\n",
+					isc_result_totext(result));
+				exit(1);
+			}
 			break;
 
 		case 's':
@@ -346,17 +340,17 @@ main(int argc, char **argv) {
 				zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD;
 			break;
 
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					prog_name, isc_commandline_option);
-		case 'h':
-			usage();
-
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				prog_name, isc_commandline_option);
-			exit(1);
+			usage();
+		}
+	}
+
+	if (progmode == progmode_compile) {
+		dumpzone = 1;	/* always dump */
+		if (output_filename == NULL) {
+			fprintf(stderr,
+				"output file required, but not specified\n");
+			usage();
 		}
 	}
 
@@ -393,40 +387,12 @@ main(int argc, char **argv) {
 		}
 	}
 
-	if (progmode == progmode_compile) {
-		dumpzone = 1;	/* always dump */
-		if (output_filename == NULL) {
-			fprintf(stderr,
-				"output file required, but not specified\n");
-			usage();
-		}
-	}
-
-	if (output_filename != NULL)
-		dumpzone = 1;
-
-	/*
-	 * If we are outputing to stdout then send the informational
-	 * output to stderr.
-	 */
-	if (dumpzone &&
-	    (output_filename == NULL ||
-	     strcmp(output_filename, "-") == 0 ||
-	     strcmp(output_filename, "/dev/fd/1") == 0 ||
-	     strcmp(output_filename, "/dev/stdout") == 0))
-		errout = stderr;
-
-	if (isc_commandline_index + 2 != argc)
+	if (isc_commandline_index + 2 > argc)
 		usage();
 
-#ifdef _WIN32
-	InitSockets();
-#endif
-
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 	if (!quiet)
-		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
-			      == ISC_R_SUCCESS);
+		RUNTIME_CHECK(setup_logging(mctx, &lctx) == ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_entropy_create(mctx, &ectx) == ISC_R_SUCCESS);
 	RUNTIME_CHECK(isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE)
 		      == ISC_R_SUCCESS);
@@ -440,25 +406,22 @@ main(int argc, char **argv) {
 
 	if (result == ISC_R_SUCCESS && dumpzone) {
 		if (!quiet && progmode == progmode_compile) {
-			fprintf(errout, "dump zone to %s...", output_filename);
-			fflush(errout);
+			fprintf(stdout, "dump zone to %s...", output_filename);
+			fflush(stdout);
 		}
 		result = dump_zone(origin, zone, output_filename,
 				   outputformat, outputstyle);
 		if (!quiet && progmode == progmode_compile)
-			fprintf(errout, "done\n");
+			fprintf(stdout, "done\n");
 	}
 
 	if (!quiet && result == ISC_R_SUCCESS)
-		fprintf(errout, "OK\n");
+		fprintf(stdout, "OK\n");
 	destroy();
 	if (lctx != NULL)
 		isc_log_destroy(&lctx);
 	isc_hash_destroy();
 	isc_entropy_detach(&ectx);
 	isc_mem_destroy(&mctx);
-#ifdef _WIN32
-	DestroySockets();
-#endif
 	return ((result == ISC_R_SUCCESS) ? 0 : 1);
 }

bin/check/named-checkzone.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkzone.docbook,v 1.34.334.3 2009/11/10 20:01:41 each Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.11.18.14 2006/08/30 23:01:54 marka Exp $ -->
 <refentry id="man.named-checkzone">
   <refentryinfo>
     <date>June 13, 2000</date>
@@ -35,8 +35,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
-      <year>2007</year>
-      <year>2009</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -57,7 +55,6 @@
     <cmdsynopsis>
       <command>named-checkzone</command>
       <arg><option>-d</option></arg>
-      <arg><option>-h</option></arg>
       <arg><option>-j</option></arg>
       <arg><option>-q</option></arg>
       <arg><option>-v</option></arg>
@@ -69,6 +66,7 @@
       <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
+      <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
       <arg><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
@@ -98,7 +96,6 @@
       <arg><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-D</option></arg>
       <arg><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="req"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
       <arg choice="req">zonename</arg>
       <arg choice="req">filename</arg>
     </cmdsynopsis>
@@ -119,7 +116,7 @@
 	Additionally, it applies stricter check levels by default,
         since the dump output will be used as an actual zone file
 	loaded by <command>named</command>.
-	When manually specified otherwise, the check levels must at
+	When manaully specified otherwise, the check levels must at
         least be as strict as those specified in the
 	<command>named</command> configuration file.
      </para>
@@ -138,15 +135,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Print the usage summary and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-q</term>
         <listitem>
@@ -179,7 +167,7 @@
         <term>-c <replaceable class="parameter">class</replaceable></term>
         <listitem>
           <para>
-            Specify the class of the zone.  If not specified, "IN" is assumed.
+            Specify the class of the zone.  If not specified "IN" is assumed.
           </para>
         </listitem>
       </varlistentry>
@@ -188,7 +176,7 @@
         <term>-i <replaceable class="parameter">mode</replaceable></term>
 	<listitem>
 	  <para>
-	      Perform post-load zone integrity checks.  Possible modes are
+	      Perform post load zone integrity checks.  Possible modes are
 	      <command>"full"</command> (default),
 	      <command>"full-sibling"</command>,
 	      <command>"local"</command>,
@@ -210,7 +198,7 @@
 	  <para>
 	      Mode <command>"full"</command> checks that delegation NS
 	      records refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  It also checks that glue address records
+	      hostnames).  It also checks that glue addresses records
 	      in the zone match those advertised by the child.
 	      Mode <command>"local"</command> only checks NS records which
 	      refer to in-zone hostnames or that some required glue exists,
@@ -257,7 +245,7 @@
         <term>-k <replaceable class="parameter">mode</replaceable></term>
         <listitem>
           <para>
-            Perform <command>"check-names"</command> checks with the
+            Perform <command>"check-name"</command> checks with the
 	    specified failure mode.
             Possible modes are <command>"fail"</command>
 	    (default for <command>named-compilezone</command>),
@@ -312,8 +300,6 @@
         <listitem>
           <para>
             Write zone output to <filename>filename</filename>.
-	    If <filename>filename</filename> is <filename>-</filename> then
-	    write to standard out.
 	    This is mandatory for <command>named-compilezone</command>.
           </para>
         </listitem>
@@ -355,7 +341,7 @@
         <term>-t <replaceable class="parameter">directory</replaceable></term>
         <listitem>
           <para>
-            Chroot to <filename>directory</filename> so that
+            chroot to <filename>directory</filename> so that
             include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
@@ -435,9 +421,6 @@
     <para><citerefentry>
         <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
-      <citerefentry>
-        <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>  
-      </citerefentry>,
       <citetitle>RFC 1035</citetitle>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
     </para>

bin/check/named-checkzone.html

@@ -1,8 +1,8 @@
 <!--
- - Copyright (C) 2004-2007, 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  - 
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: named-checkzone.html,v 1.42.334.3 2009/11/11 01:56:22 tbox Exp $ -->
+<!-- $Id: named-checkzone.html,v 1.11.18.23 2006/08/31 00:19:32 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>named-checkzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.named-checkzone"></a><div class="titlepage"></div>
@@ -29,11 +29,11 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
-<div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543674"></a><h2>DESCRIPTION</h2>
+<a name="id2549722"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       checks the syntax and integrity of a zone file.  It performs the
       same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -47,22 +47,18 @@
 	Additionally, it applies stricter check levels by default,
         since the dump output will be used as an actual zone file
 	loaded by <span><strong class="command">named</strong></span>.
-	When manually specified otherwise, the check levels must at
+	When manaully specified otherwise, the check levels must at
         least be as strict as those specified in the
 	<span><strong class="command">named</strong></span> configuration file.
      </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543709"></a><h2>OPTIONS</h2>
+<a name="id2549757"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-d</span></dt>
 <dd><p>
             Enable debugging.
           </p></dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Print the usage summary and exit.
-          </p></dd>
 <dt><span class="term">-q</span></dt>
 <dd><p>
             Quiet mode - exit code only.
@@ -78,12 +74,12 @@
           </p></dd>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
 <dd><p>
-            Specify the class of the zone.  If not specified, "IN" is assumed.
+            Specify the class of the zone.  If not specified "IN" is assumed.
           </p></dd>
 <dt><span class="term">-i <em class="replaceable"><code>mode</code></em></span></dt>
 <dd>
 <p>
-	      Perform post-load zone integrity checks.  Possible modes are
+	      Perform post load zone integrity checks.  Possible modes are
 	      <span><strong class="command">"full"</strong></span> (default),
 	      <span><strong class="command">"full-sibling"</strong></span>,
 	      <span><strong class="command">"local"</strong></span>,
@@ -105,7 +101,7 @@
 <p>
 	      Mode <span><strong class="command">"full"</strong></span> checks that delegation NS
 	      records refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  It also checks that glue address records
+	      hostnames).  It also checks that glue addresses records
 	      in the zone match those advertised by the child.
 	      Mode <span><strong class="command">"local"</strong></span> only checks NS records which
 	      refer to in-zone hostnames or that some required glue exists,
@@ -138,7 +134,7 @@
 	  </p></dd>
 <dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
 <dd><p>
-            Perform <span><strong class="command">"check-names"</strong></span> checks with the
+            Perform <span><strong class="command">"check-name"</strong></span> checks with the
 	    specified failure mode.
             Possible modes are <span><strong class="command">"fail"</strong></span>
 	    (default for <span><strong class="command">named-compilezone</strong></span>),
@@ -173,8 +169,6 @@
 <dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt>
 <dd><p>
             Write zone output to <code class="filename">filename</code>.
-	    If <code class="filename">filename</code> is <code class="filename">-</code> then
-	    write to standard out.
 	    This is mandatory for <span><strong class="command">named-compilezone</strong></span>.
           </p></dd>
 <dt><span class="term">-s <em class="replaceable"><code>style</code></em></span></dt>
@@ -201,7 +195,7 @@
 	  </p></dd>
 <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
-            Chroot to <code class="filename">directory</code> so that
+            chroot to <code class="filename">directory</code> so that
             include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
@@ -239,22 +233,21 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544330"></a><h2>RETURN VALUES</h2>
+<a name="id2550425"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544342"></a><h2>SEE ALSO</h2>
+<a name="id2550437"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
       <em class="citetitle">RFC 1035</em>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544375"></a><h2>AUTHOR</h2>
+<a name="id2550461"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/check/win32/checktool.dsp

@@ -1,113 +0,0 @@
-# Microsoft Developer Studio Project File - Name="checktool" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
-
-CFG=checktool - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "checktool.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "checktool.mak" CFG="checktool - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "checktool - Win32 Release" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE "checktool - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "checktool - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fdchecktool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /out:"Release/checktool.lib"
-
-!ELSEIF  "$(CFG)" == "checktool - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isccfg/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fdchecktool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /debug out:"Debug/checktool.lib"
-
-!ENDIF 
-
-# Begin Target
-
-# Name "checktool - Win32 Release"
-# Name "checktool - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# Begin Group "Main Dns Lib"
-
-# PROP Default_Filter "c"
-# Begin Source File
-
-SOURCE=..\check-tool.c
-# End Source File
-# End Group
-# End Target
-# End Project

bin/check/win32/checktool.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "checktool"=".\checktool.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/check/win32/namedcheckconf.dsp

@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/checktool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkconf.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/bind9/win32/Release/libbind9.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkconf.exe"
 
 !ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
 
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/checktool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/bind9/win32/Debug/libbind9.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkconf.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -88,6 +88,10 @@ LINK32=link.exe
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
 # Begin Source File
 
+SOURCE="..\check-tool.c"
+# End Source File
+# Begin Source File
+
 SOURCE="..\named-checkconf.c"
 # End Source File
 # End Group

bin/check/win32/namedcheckconf.mak

@@ -28,81 +28,6 @@ NULL=nul
 CPP=cl.exe
 RSC=rc.exe
 
-!IF  "$(CFG)" == "namedcheckconf - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
 !IF  "$(CFG)" == "namedcheckconf - Win32 Release"
 
 OUTDIR=.\Release
@@ -133,7 +58,6 @@ CLEAN :
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "$(OUTDIR)\namedcheckconf.bsc"
 	-@erase "..\..\..\Build\Release\named-checkconf.exe"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -163,7 +87,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "namedcheckconf - Win32 Debug"
 
@@ -198,7 +121,6 @@ CLEAN :
 	-@erase "$(OUTDIR)\namedcheckconf.bsc"
 	-@erase "..\..\..\Build\Debug\named-checkconf.exe"
 	-@erase "..\..\..\Build\Debug\named-checkconf.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -228,7 +150,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -366,39 +287,3 @@ SOURCE="..\named-checkconf.c"
 
 !ENDIF 
 
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/check/win32/namedcheckzone.dsp

@@ -51,7 +51,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/checktool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkzone.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/isccfg/win32/Release/libisccfg.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/named-checkzone.exe"
 
 !ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
 
@@ -76,7 +76,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/checktool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/isccfg/win32/Debug/libisccfg.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/named-checkzone.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -89,6 +89,10 @@ LINK32=link.exe
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
 # Begin Source File
 
+SOURCE="..\check-tool.c"
+# End Source File
+# Begin Source File
+
 SOURCE="..\named-checkzone.c"
 # End Source File
 # End Group

bin/check/win32/namedcheckzone.mak

@@ -25,81 +25,6 @@ NULL=
 NULL=nul
 !ENDIF 
 
-!IF  "$(CFG)" == "namedcheckzone - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
 !IF  "$(CFG)" == "namedcheckzone - Win32 Release"
 
 OUTDIR=.\Release
@@ -124,7 +49,6 @@ CLEAN :
 	-@erase "$(INTDIR)\named-checkzone.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\named-checkzone.exe"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -180,7 +104,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "namedcheckzone - Win32 Debug"
 
@@ -215,7 +138,6 @@ CLEAN :
 	-@erase "$(OUTDIR)\namedcheckzone.bsc"
 	-@erase "..\..\..\Build\Debug\named-checkzone.exe"
 	-@erase "..\..\..\Build\Debug\named-checkzone.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -278,7 +200,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -384,21 +305,3 @@ SOURCE="..\named-checkzone.c"
 
 !ENDIF 
 
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dig/Makefile.in

@@ -1,7 +1,7 @@
-# Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000-2002  Internet Software Consortium.
 #
-# Permission to use, copy, modify, and/or distribute this software for any
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.41 2007/06/19 23:46:59 tbox Exp $
+# $Id: Makefile.in,v 1.33.18.6 2005/09/09 14:11:04 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/dig/dig.1

@@ -1,7 +1,7 @@
-.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -13,13 +13,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dig.1,v 1.50.44.3 2009/07/11 01:55:20 tbox Exp $
+.\" $Id: dig.1,v 1.23.18.16 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: dig
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: Jun 30, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -33,7 +33,7 @@
 dig \- DNS lookup utility
 .SH "SYNOPSIS"
 .HP 4
-\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
+\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [\fB\-4\fR] [\fB\-6\fR] [name] [type] [class] [queryopt...]
 .HP 4
 \fBdig\fR [\fB\-h\fR]
 .HP 4
@@ -50,7 +50,7 @@ Although
 \fBdig\fR
 is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the
 \fB\-h\fR
-option is given. Unlike earlier versions, the BIND 9 implementation of
+option is given. Unlike earlier versions, the BIND9 implementation of
 \fBdig\fR
 allows multiple lookups to be issued from the command line.
 .PP
@@ -59,38 +59,27 @@ Unless it is told to query a specific name server,
 will try each of the servers listed in
 \fI/etc/resolv.conf\fR.
 .PP
-When no command line arguments or options are given,
-\fBdig\fR
-will perform an NS query for "." (the root).
+When no command line arguments or options are given, will perform an NS query for "." (the root).
 .PP
 It is possible to set per\-user defaults for
 \fBdig\fR
 via
 \fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments.
-.PP
-The IN and CH class names overlap with the IN and CH top level domains names. Either use the
-\fB\-t\fR
-and
-\fB\-c\fR
-options to specify the type and class, use the
-\fB\-q\fR
-the specify the domain name, or use "IN." and "CH." when looking up these top level domains.
 .SH "SIMPLE USAGE"
 .PP
 A typical invocation of
 \fBdig\fR
 looks like:
 .sp
-.RS 4
+.RS 3n
 .nf
  dig @server name type 
 .fi
 .RE
 .sp
 where:
-.PP
+.TP 3n
 \fBserver\fR
-.RS 4
 is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied
 \fIserver\fR
 argument is a hostname,
@@ -102,15 +91,11 @@ argument is provided,
 consults
 \fI/etc/resolv.conf\fR
 and queries the name servers listed there. The reply from the name server that responds is displayed.
-.RE
-.PP
+.TP 3n
 \fBname\fR
-.RS 4
 is the name of the resource record that is to be looked up.
-.RE
-.PP
+.TP 3n
 \fBtype\fR
-.RS 4
 indicates what type of query is required \(em ANY, A, MX, SIG, etc.
 \fItype\fR
 can be any valid query type. If no
@@ -118,7 +103,6 @@ can be any valid query type. If no
 argument is supplied,
 \fBdig\fR
 will perform a lookup for an A record.
-.RE
 .SH "OPTIONS"
 .PP
 The
@@ -130,21 +114,17 @@ The default query class (IN for internet) is overridden by the
 \fB\-c\fR
 option.
 \fIclass\fR
-is any valid class, such as HS for Hesiod records or CH for Chaosnet records.
+is any valid class, such as HS for Hesiod records or CH for CHAOSNET records.
 .PP
 The
 \fB\-f\fR
 option makes
 \fBdig \fR
 operate in batch mode by reading a list of lookup requests to process from the file
-\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to
+\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to
 \fBdig\fR
 using the command\-line interface.
 .PP
-The
-\fB\-m\fR
-option enables memory usage debugging.
-.PP
 If a non\-standard port number is to be queried, the
 \fB\-p\fR
 option is used.
@@ -166,7 +146,7 @@ to only use IPv6 query transport.
 The
 \fB\-t\fR
 option sets the query type to
-\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the
+\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the
 \fB\-x\fR
 option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required,
 \fItype\fR
@@ -177,11 +157,11 @@ ixfr=N. The incremental zone transfer will contain the changes made to the zone
 The
 \fB\-q\fR
 option sets the query name to
-\fIname\fR. This useful do distinguish the
+\fIname\fR. This useful do distingish the
 \fIname\fR
 from other arguments.
 .PP
-Reverse lookups \(em mapping addresses to names \(em are simplified by the
+Reverse lookups \- mapping addresses to names \- are simplified by the
 \fB\-x\fR
 option.
 \fIaddr\fR
@@ -231,26 +211,19 @@ Each query option is identified by a keyword preceded by a plus sign (+). Some k
 no
 to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
 \fB+keyword=value\fR. The query options are:
-.PP
+.TP 3n
 \fB+[no]tcp\fR
-.RS 4
-Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
-.RE
-.PP
+Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
+.TP 3n
 \fB+[no]vc\fR
-.RS 4
 Use [do not use] TCP when querying name servers. This alternate syntax to
 \fI+[no]tcp\fR
 is provided for backwards compatibility. The "vc" stands for "virtual circuit".
-.RE
-.PP
+.TP 3n
 \fB+[no]ignore\fR
-.RS 4
 Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
-.RE
-.PP
+.TP 3n
 \fB+domain=somename\fR
-.RS 4
 Set the search list to contain the single domain
 \fIsomename\fR, as if specified in a
 \fBdomain\fR
@@ -258,59 +231,39 @@ directive in
 \fI/etc/resolv.conf\fR, and enable search list processing as if the
 \fI+search\fR
 option were given.
-.RE
-.PP
+.TP 3n
 \fB+[no]search\fR
-.RS 4
 Use [do not use] the search list defined by the searchlist or domain directive in
 \fIresolv.conf\fR
 (if any). The search list is not used by default.
-.RE
-.PP
+.TP 3n
 \fB+[no]showsearch\fR
-.RS 4
 Perform [do not perform] a search showing intermediate results.
-.RE
-.PP
+.TP 3n
 \fB+[no]defname\fR
-.RS 4
 Deprecated, treated as a synonym for
 \fI+[no]search\fR
-.RE
-.PP
+.TP 3n
 \fB+[no]aaonly\fR
-.RS 4
 Sets the "aa" flag in the query.
-.RE
-.PP
+.TP 3n
 \fB+[no]aaflag\fR
-.RS 4
 A synonym for
 \fI+[no]aaonly\fR.
-.RE
-.PP
+.TP 3n
 \fB+[no]adflag\fR
-.RS 4
-Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated.
-.RE
-.PP
+Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness.
+.TP 3n
 \fB+[no]cdflag\fR
-.RS 4
 Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
-.RE
-.PP
+.TP 3n
 \fB+[no]cl\fR
-.RS 4
 Display [do not display] the CLASS when printing the record.
-.RE
-.PP
+.TP 3n
 \fB+[no]ttlid\fR
-.RS 4
 Display [do not display] the TTL when printing the record.
-.RE
-.PP
+.TP 3n
 \fB+[no]recurse\fR
-.RS 4
 Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
 \fBdig\fR
 normally sends recursive queries. Recursion is automatically disabled when the
@@ -318,109 +271,75 @@ normally sends recursive queries. Recursion is automatically disabled when the
 or
 \fI+trace\fR
 query options are used.
-.RE
-.PP
+.TP 3n
 \fB+[no]nssearch\fR
-.RS 4
 When this option is set,
 \fBdig\fR
 attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
-.RE
-.PP
+.TP 3n
 \fB+[no]trace\fR
-.RS 4
 Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
 \fBdig\fR
 makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
-.RE
-.PP
+.TP 3n
 \fB+[no]cmd\fR
-.RS 4
-Toggles the printing of the initial comment in the output identifying the version of
+toggles the printing of the initial comment in the output identifying the version of
 \fBdig\fR
 and the query options that have been applied. This comment is printed by default.
-.RE
-.PP
+.TP 3n
 \fB+[no]short\fR
-.RS 4
 Provide a terse answer. The default is to print the answer in a verbose form.
-.RE
-.PP
+.TP 3n
 \fB+[no]identify\fR
-.RS 4
 Show [or do not show] the IP address and port number that supplied the answer when the
 \fI+short\fR
 option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
-.RE
-.PP
+.TP 3n
 \fB+[no]comments\fR
-.RS 4
 Toggle the display of comment lines in the output. The default is to print comments.
-.RE
-.PP
+.TP 3n
 \fB+[no]stats\fR
-.RS 4
-This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
-.RE
-.PP
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics.
+.TP 3n
 \fB+[no]qr\fR
-.RS 4
 Print [do not print] the query as it is sent. By default, the query is not printed.
-.RE
-.PP
+.TP 3n
 \fB+[no]question\fR
-.RS 4
 Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
-.RE
-.PP
+.TP 3n
 \fB+[no]answer\fR
-.RS 4
 Display [do not display] the answer section of a reply. The default is to display it.
-.RE
-.PP
+.TP 3n
 \fB+[no]authority\fR
-.RS 4
 Display [do not display] the authority section of a reply. The default is to display it.
-.RE
-.PP
+.TP 3n
 \fB+[no]additional\fR
-.RS 4
 Display [do not display] the additional section of a reply. The default is to display it.
-.RE
-.PP
+.TP 3n
 \fB+[no]all\fR
-.RS 4
 Set or clear all display flags.
-.RE
-.PP
+.TP 3n
 \fB+time=T\fR
-.RS 4
 Sets the timeout for a query to
 \fIT\fR
-seconds. The default timeout is 5 seconds. An attempt to set
+seconds. The default time out is 5 seconds. An attempt to set
 \fIT\fR
 to less than 1 will result in a query timeout of 1 second being applied.
-.RE
-.PP
+.TP 3n
 \fB+tries=T\fR
-.RS 4
 Sets the number of times to try UDP queries to server to
 \fIT\fR
 instead of the default, 3. If
 \fIT\fR
 is less than or equal to zero, the number of tries is silently rounded up to 1.
-.RE
-.PP
+.TP 3n
 \fB+retry=T\fR
-.RS 4
 Sets the number of times to retry UDP queries to server to
 \fIT\fR
 instead of the default, 2. Unlike
 \fI+tries\fR, this does not include the initial query.
-.RE
-.PP
+.TP 3n
 \fB+ndots=D\fR
-.RS 4
 Set the number of dots that have to appear in
 \fIname\fR
 to
@@ -432,55 +351,39 @@ or
 \fBdomain\fR
 directive in
 \fI/etc/resolv.conf\fR.
-.RE
-.PP
+.TP 3n
 \fB+bufsize=B\fR
-.RS 4
 Set the UDP message buffer size advertised using EDNS0 to
 \fIB\fR
 bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent.
-.RE
-.PP
+.TP 3n
 \fB+edns=#\fR
-.RS 4
 Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
 \fB+noedns\fR
 clears the remembered EDNS version.
-.RE
-.PP
+.TP 3n
 \fB+[no]multiline\fR
-.RS 4
 Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
 \fBdig\fR
 output.
-.RE
-.PP
+.TP 3n
 \fB+[no]fail\fR
-.RS 4
-Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
-.RE
-.PP
+Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour.
+.TP 3n
 \fB+[no]besteffort\fR
-.RS 4
 Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
-.RE
-.PP
+.TP 3n
 \fB+[no]dnssec\fR
-.RS 4
 Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
-.RE
-.PP
+.TP 3n
 \fB+[no]sigchase\fR
-.RS 4
 Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
-.RE
-.PP
+.TP 3n
 \fB+trusted\-key=####\fR
-.RS 4
 Specifies a file containing trusted keys to be used with
 \fB+sigchase\fR. Each DNSKEY record must be on its own line.
 .sp
-If not specified,
+If not specified
 \fBdig\fR
 will look for
 \fI/etc/trusted\-key.key\fR
@@ -489,17 +392,9 @@ then
 in the current directory.
 .sp
 Requires dig be compiled with \-DDIG_SIGCHASE.
-.RE
-.PP
+.TP 3n
 \fB+[no]topdown\fR
-.RS 4
-When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
-.RE
-.PP
-\fB+[no]nsid\fR
-.RS 4
-Include an EDNS name server ID request when sending a query.
-.RE
+When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
 .SH "MULTIPLE QUERIES"
 .PP
 The BIND 9 implementation of
@@ -516,7 +411,7 @@ A global set of query options, which should be applied to all queries, can also
 \fB+[no]cmd\fR
 option) can be overridden by a query\-specific set of query options. For example:
 .sp
-.RS 4
+.RS 3n
 .nf
 dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
 .fi
@@ -562,7 +457,4 @@ RFC1035.
 .PP
 There are probably too many query options.
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
-.br
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")

bin/dig/dig.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.c,v 1.225.26.10 2011/03/11 10:49:49 marka Exp $ */
+/* $Id: dig.c,v 1.186.18.26 2006/07/21 23:52:21 marka Exp $ */
 
 /*! \file */
 
@@ -44,11 +44,13 @@
 #include <dns/result.h>
 #include <dns/tsig.h>
 
+#include <bind9/getaddresses.h>
+
 #include <dig/dig.h>
 
 #define ADD_STRING(b, s) { 				\
 	if (strlen(s) >= isc_buffer_availablelength(b)) \
-		return (ISC_R_NOSPACE); 		\
+ 		return (ISC_R_NOSPACE); 		\
 	else 						\
 		isc_buffer_putstr(b, s); 		\
 }
@@ -69,7 +71,7 @@ static isc_boolean_t short_form = ISC_FALSE, printcmd = ISC_TRUE,
 	multiline = ISC_FALSE, nottl = ISC_FALSE, noclass = ISC_FALSE;
 
 /*% opcode text */
-static const char * const opcodetext[] = {
+static const char *opcodetext[] = {
 	"QUERY",
 	"IQUERY",
 	"STATUS",
@@ -89,7 +91,7 @@ static const char * const opcodetext[] = {
 };
 
 /*% return code text */
-static const char * const rcodetext[] = {
+static const char *rcodetext[] = {
 	"NOERROR",
 	"FORMERR",
 	"SERVFAIL",
@@ -109,24 +111,6 @@ static const char * const rcodetext[] = {
 	"BADVERS"
 };
 
-/*% safe rcodetext[] */
-static char *
-rcode_totext(dns_rcode_t rcode)
-{
-	static char buf[sizeof("?65535")];
-	union {
-		const char *consttext;
-		char *deconsttext;
-	} totext;
-
-	if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
-		snprintf(buf, sizeof(buf), "?%u", rcode);
-		totext.deconsttext = buf;
-	} else
-		totext.consttext = rcodetext[rcode];
-	return totext.deconsttext;
-}
-
 /*% print usage */
 static void
 print_usage(FILE *fp) {
@@ -160,8 +144,8 @@ help(void) {
 "        q-type   is one of (a,any,mx,ns,soa,hinfo,axfr,txt,...) [default:a]\n"
 "                 (Use ixfr=version for type ixfr)\n"
 "        q-opt    is one of:\n"
-"                 -x dot-notation     (shortcut for reverse lookups)\n"
-"                 -i                  (use IP6.INT for IPv6 reverse lookups)\n"
+"                 -x dot-notation     (shortcut for in-addr lookups)\n"
+"                 -i                  (IP6.INT reverse IPv6 lookups)\n"
 "                 -f filename         (batch mode)\n"
 "                 -b address[#port]   (bind to source address/port)\n"
 "                 -p port             (specify port number)\n"
@@ -172,7 +156,6 @@ help(void) {
 "                 -y [hmac:]name:key  (specify named base64 tsig key)\n"
 "                 -4                  (use IPv4 query transport only)\n"
 "                 -6                  (use IPv6 query transport only)\n"
-"                 -m                  (enable memory usage debugging)\n"
 "        d-opt    is of the form +keyword[=value], where keyword is:\n"
 "                 +[no]vc             (TCP mode)\n"
 "                 +[no]tcp            (TCP mode, alternate syntax)\n"
@@ -211,7 +194,6 @@ help(void) {
 "                 +[no]identify       (ID responders in short answers)\n"
 "                 +[no]trace          (Trace delegation down from root)\n"
 "                 +[no]dnssec         (Request DNSSEC records)\n"
-"                 +[no]nsid           (Request Name Server ID)\n"
 #ifdef DIG_SIGCHASE
 "                 +[no]sigchase       (Chase DNSSEC signatures)\n"
 "                 +trusted-key=####   (Trusted Key when chasing DNSSEC sigs)\n"
@@ -304,8 +286,6 @@ say_message(dns_rdata_t *rdata, dig_query_t *query, isc_buffer_t *buf) {
 		ADD_STRING(buf, " ");
 	}
 	result = dns_rdata_totext(rdata, NULL, buf);
-	if (result == ISC_R_NOSPACE)
-		return (result);
 	check_result(result, "dns_rdata_totext");
 	if (query->lookup->identify) {
 		TIME_NOW(&now);
@@ -328,8 +308,10 @@ short_answer(dns_message_t *msg, dns_messagetextflag_t flags,
 {
 	dns_name_t *name;
 	dns_rdataset_t *rdataset;
+	isc_buffer_t target;
 	isc_result_t result, loopresult;
 	dns_name_t empty_name;
+	char t[4096];
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 
 	UNUSED(flags);
@@ -345,6 +327,8 @@ short_answer(dns_message_t *msg, dns_messagetextflag_t flags,
 		name = NULL;
 		dns_message_currentname(msg, DNS_SECTION_ANSWER, &name);
 
+		isc_buffer_init(&target, t, sizeof(t));
+
 		for (rdataset = ISC_LIST_HEAD(name->list);
 		     rdataset != NULL;
 		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
@@ -353,8 +337,6 @@ short_answer(dns_message_t *msg, dns_messagetextflag_t flags,
 				dns_rdataset_current(rdataset, &rdata);
 				result = say_message(&rdata, query,
 						     buf);
-				if (result == ISC_R_NOSPACE)
-					return (result);
 				check_result(result, "say_message");
 				loopresult = dns_rdataset_next(rdataset);
 				dns_rdata_reset(&rdata);
@@ -401,7 +383,7 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
 	else if (nottl || noclass)
 		result = dns_master_stylecreate(&style, styleflags,
 						24, 24, 32, 40, 80, 8, mctx);
-	else
+	else 
 		result = dns_master_stylecreate(&style, styleflags,
 						24, 32, 40, 48, 80, 8, mctx);
 	check_result(result, "dns_master_stylecreate");
@@ -410,7 +392,7 @@ printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
 
 	if (style != NULL)
 		dns_master_styledestroy(&style, mctx);
-
+  
 	return(result);
 }
 #endif
@@ -447,7 +429,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	else if (nottl || noclass)
 		result = dns_master_stylecreate(&style, styleflags,
 						24, 24, 32, 40, 80, 8, mctx);
-	else
+	else 
 		result = dns_master_stylecreate(&style, styleflags,
 						24, 32, 40, 48, 80, 8, mctx);
 	check_result(result, "dns_master_stylecreate");
@@ -469,6 +451,8 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	if (!query->lookup->comments)
 		flags |= DNS_MESSAGETEXTFLAG_NOCOMMENTS;
 
+	result = ISC_R_SUCCESS;
+
 	result = isc_buffer_allocate(mctx, &buf, len);
 	check_result(result, "isc_buffer_allocate");
 
@@ -483,8 +467,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 		if (headers) {
 			printf(";; ->>HEADER<<- opcode: %s, status: %s, "
 			       "id: %u\n",
-			       opcodetext[msg->opcode],
-			       rcode_totext(msg->rcode),
+			       opcodetext[msg->opcode], rcodetext[msg->rcode],
 			       msg->id);
 			printf(";; flags:");
 			if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0)
@@ -501,8 +484,6 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 				printf(" ad");
 			if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0)
 				printf(" cd");
-			if ((msg->flags & 0x0040U) != 0)
-				printf("; MBZ: 0x4");
 
 			printf("; QUERY: %u, ANSWER: %u, "
 			       "AUTHORITY: %u, ADDITIONAL: %u\n",
@@ -657,10 +638,10 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) {
 			strncat(lookup->cmdline, append, remaining);
 		}
 		if (first) {
-			snprintf(append, sizeof(append),
-				 ";; global options:%s%s\n",
-				 short_form ? " +short" : "",
-				 printcmd ? " +cmd" : "");
+			snprintf(append, sizeof(append), 
+				 ";; global options: %s %s\n",
+			       short_form ? "short_form" : "",
+			       printcmd ? "printcmd" : "");
 			first = ISC_FALSE;
 			remaining = sizeof(lookup->cmdline) -
 				    strlen(lookup->cmdline) - 1;
@@ -669,6 +650,42 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) {
 	}
 }
 
+/*%
+ * Reorder an argument list so that server names all come at the end.
+ * This is a bit of a hack, to allow batch-mode processing to properly
+ * handle the server options.
+ */
+static void
+reorder_args(int argc, char *argv[]) {
+	int i, j;
+	char *ptr;
+	int end;
+
+	debug("reorder_args()");
+	end = argc - 1;
+	while (argv[end][0] == '@') {
+		end--;
+		if (end == 0)
+			return;
+	}
+	debug("arg[end]=%s", argv[end]);
+	for (i = 1; i < end - 1; i++) {
+		if (argv[i][0] == '@') {
+			debug("arg[%d]=%s", i, argv[i]);
+			ptr = argv[i];
+			for (j = i + 1; j < end; j++) {
+				debug("Moving %s to %d", argv[j], j - 1);
+				argv[j - 1] = argv[j];
+			}
+			debug("moving %s to end, %d", ptr, end - 1);
+			argv[end - 1] = ptr;
+			end--;
+			if (end < 1)
+				return;
+		}
+	}
+}
+
 static isc_uint32_t
 parse_uint(char *arg, const char *desc, isc_uint32_t max) {
 	isc_result_t result;
@@ -735,7 +752,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 			FULLCHECK2("aaonly", "aaflag");
 			lookup->aaonly = state;
 			break;
-		case 'd':
+		case 'd': 
 			switch (cmd[2]) {
 			case 'd': /* additional */
 				FULLCHECK("additional");
@@ -818,17 +835,15 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 		switch (cmd[1]) {
 		case 'e': /* defname */
 			FULLCHECK("defname");
-			if (!lookup->trace) {
-				usesearch = state;
-			}
+			usesearch = state;
 			break;
-		case 'n': /* dnssec */
+		case 'n': /* dnssec */	
 			FULLCHECK("dnssec");
 			if (state && lookup->edns == -1)
 				lookup->edns = 0;
 			lookup->dnssec = state;
 			break;
-		case 'o': /* domain */
+		case 'o': /* domain */	
 			FULLCHECK("domain");
 			if (value == NULL)
 				goto need_value;
@@ -862,7 +877,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 			lookup->identify = state;
 			break;
 		case 'g': /* ignore */
-		default: /* Inherits default for compatibility */
+		default: /* Inherets default for compatibility */
 			FULLCHECK("ignore");
 			lookup->ignore = ISC_TRUE;
 		}
@@ -881,40 +896,28 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 				goto invalid_option;
 			ndots = parse_uint(value, "ndots", MAXNDOTS);
 			break;
-		case 's':
-			switch (cmd[2]) {
-			case 'i': /* nsid */
-				FULLCHECK("nsid");
-				if (state && lookup->edns == -1)
-					lookup->edns = 0;
-				lookup->nsid = state;
-				break;
-			case 's': /* nssearch */
-				FULLCHECK("nssearch");
-				lookup->ns_search_only = state;
-				if (state) {
-					lookup->trace_root = ISC_TRUE;
-					lookup->recurse = ISC_TRUE;
-					lookup->identify = ISC_TRUE;
-					lookup->stats = ISC_FALSE;
-					lookup->comments = ISC_FALSE;
-					lookup->section_additional = ISC_FALSE;
-					lookup->section_authority = ISC_FALSE;
-					lookup->section_question = ISC_FALSE;
-					lookup->rdtype = dns_rdatatype_ns;
-					lookup->rdtypeset = ISC_TRUE;
-					short_form = ISC_TRUE;
-				}
-				break;
-			default:
-				goto invalid_option;
+		case 's': /* nssearch */
+			FULLCHECK("nssearch");
+			lookup->ns_search_only = state;
+			if (state) {
+				lookup->trace_root = ISC_TRUE;
+				lookup->recurse = ISC_TRUE;
+				lookup->identify = ISC_TRUE;
+				lookup->stats = ISC_FALSE;
+				lookup->comments = ISC_FALSE;
+				lookup->section_additional = ISC_FALSE;
+				lookup->section_authority = ISC_FALSE;
+				lookup->section_question = ISC_FALSE;
+				lookup->rdtype = dns_rdatatype_ns;
+				lookup->rdtypeset = ISC_TRUE;
+				short_form = ISC_TRUE;
 			}
 			break;
 		default:
 			goto invalid_option;
 		}
 		break;
-	case 'q':
+	case 'q': 
 		switch (cmd[1]) {
 		case 'r': /* qr */
 			FULLCHECK("qr");
@@ -960,9 +963,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 		switch (cmd[1]) {
 		case 'e': /* search */
 			FULLCHECK("search");
-			if (!lookup->trace) {
-				usesearch = state;
-			}
+			usesearch = state;
 			break;
 		case 'h':
 			if (cmd[2] != 'o')
@@ -983,10 +984,8 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 				break;
 			case 'w': /* showsearch */
 				FULLCHECK("showsearch");
-				if (!lookup->trace) {
-					showsearch = state;
-					usesearch = state;
-				}
+				showsearch = state;
+				usesearch = state;
 				break;
 			default:
 				goto invalid_option;
@@ -994,11 +993,11 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 			break;
 #ifdef DIG_SIGCHASE
 		case 'i': /* sigchase */
-			FULLCHECK("sigchase");
+		        FULLCHECK("sigchase");
 			lookup->sigchase = state;
 			if (lookup->sigchase)
 				lookup->dnssec = ISC_TRUE;
-			break;
+			break;	
 #endif
 		case 't': /* stats */
 			FULLCHECK("stats");
@@ -1026,7 +1025,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 				timeout = 1;
 			break;
 #if DIG_SIGCHASE_TD
-		case 'o': /* topdown */
+		case 'o': /* topdown */	
 			FULLCHECK("topdown");
 			lookup->do_topdown = state;
 			break;
@@ -1045,7 +1044,6 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 					lookup->section_additional = ISC_FALSE;
 					lookup->section_authority = ISC_TRUE;
 					lookup->section_question = ISC_FALSE;
-					usesearch = ISC_FALSE;
 				}
 				break;
 			case 'i': /* tries */
@@ -1062,7 +1060,7 @@ plus_option(char *option, isc_boolean_t is_batchfile,
 #ifdef DIG_SIGCHASE
 			case 'u': /* trusted-key */
 				FULLCHECK("trusted-key");
-				if (value == NULL)
+			  	if (value == NULL) 
 					goto need_value;
 				if (!state)
 					goto invalid_option;
@@ -1106,9 +1104,7 @@ static const char *single_dash_opts = "46dhimnv";
 static const char *dash_opts = "46bcdfhikmnptvyx";
 static isc_boolean_t
 dash_option(char *option, char *next, dig_lookup_t **lookup,
-	    isc_boolean_t *open_type_class, isc_boolean_t *need_clone,
-	    isc_boolean_t config_only, int argc, char **argv,
-	    isc_boolean_t *firstarg)
+	    isc_boolean_t *open_type_class, isc_boolean_t config_only)
 {
 	char opt, *value, *ptr, *ptr2, *ptr3;
 	isc_result_t result;
@@ -1196,7 +1192,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 		hash = strchr(value, '#');
 		if (hash != NULL) {
 			srcport = (in_port_t)
-				parse_uint(hash + 1,
+			  	parse_uint(hash + 1,
 					   "port number", MAXPORT);
 			*hash = '\0';
 		} else
@@ -1245,20 +1241,14 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 		return (value_from_next);
 	case 'q':
 		if (!config_only) {
-			if (*need_clone)
-				(*lookup) = clone_lookup(default_lookup,
-							 ISC_TRUE);
-			*need_clone = ISC_TRUE;
-			strncpy((*lookup)->textname, value,
+			(*lookup) = clone_lookup(default_lookup,
+					         ISC_TRUE);
+			strncpy((*lookup)->textname, value, 
 				sizeof((*lookup)->textname));
 			(*lookup)->textname[sizeof((*lookup)->textname)-1]=0;
 			(*lookup)->trace_root = ISC_TF((*lookup)->trace  ||
 						     (*lookup)->ns_search_only);
 			(*lookup)->new_search = ISC_TRUE;
-			if (*firstarg) {
-				printgreeting(argc, argv, *lookup);
-				*firstarg = ISC_FALSE;
-			}
 			ISC_LIST_APPEND(lookup_list, (*lookup), link);
 			debug("looking up %s", (*lookup)->textname);
 		}
@@ -1288,10 +1278,9 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 				(*lookup)->rdtypeset = ISC_TRUE;
 				(*lookup)->ixfr_serial =
 					parse_uint(&value[5], "serial number",
-						MAXSERIAL);
+					  	MAXSERIAL);
 				(*lookup)->section_question = plusquest;
 				(*lookup)->comments = pluscomm;
-				(*lookup)->tcp_mode = ISC_TRUE;
 			} else {
 				(*lookup)->rdtype = rdtype;
 				(*lookup)->rdtypeset = ISC_TRUE;
@@ -1315,7 +1304,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 		if (ptr2 == NULL)
 			usage();
 		ptr3 = next_token(&value,":"); /* secret or NULL */
-		if (ptr3 != NULL) {
+		if (ptr3 != NULL) {	
 			if (strcasecmp(ptr, "hmac-md5") == 0) {
 				hmacname = DNS_TSIG_HMACMD5_NAME;
 				digestbits = 0;
@@ -1387,9 +1376,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 		keysecret[sizeof(keysecret)-1]=0;
 		return (value_from_next);
 	case 'x':
-		if (*need_clone)
-			*lookup = clone_lookup(default_lookup, ISC_TRUE);
-		*need_clone = ISC_TRUE;
+		*lookup = clone_lookup(default_lookup, ISC_TRUE);
 		if (get_reverse(textname, sizeof(textname), value,
 				ip6_int, ISC_FALSE) == ISC_R_SUCCESS) {
 			strncpy((*lookup)->textname, textname,
@@ -1403,10 +1390,6 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 			if (!(*lookup)->rdclassset)
 				(*lookup)->rdclass = dns_rdataclass_in;
 			(*lookup)->new_search = ISC_TRUE;
-			if (*firstarg) {
-				printgreeting(argc, argv, *lookup);
-				*firstarg = ISC_FALSE;
-			}
 			ISC_LIST_APPEND(lookup_list, *lookup, link);
 		} else {
 			fprintf(stderr, "Invalid IP address %s\n", value);
@@ -1454,6 +1437,30 @@ preparse_args(int argc, char **argv) {
 	}
 }
 
+static void
+getaddresses(dig_lookup_t *lookup, const char *host) {
+	isc_result_t result;
+	isc_sockaddr_t sockaddrs[DIG_MAX_ADDRESSES];
+	isc_netaddr_t netaddr;
+	int count, i;
+	dig_server_t *srv;
+	char tmp[ISC_NETADDR_FORMATSIZE];
+
+	result = bind9_getaddresses(host, 0, sockaddrs,
+				    DIG_MAX_ADDRESSES, &count);   
+	if (result != ISC_R_SUCCESS)
+	fatal("couldn't get address for '%s': %s",
+	      host, isc_result_totext(result));
+
+	for (i = 0; i < count; i++) {
+		isc_netaddr_fromsockaddr(&netaddr, &sockaddrs[i]);
+		isc_netaddr_format(&netaddr, tmp, sizeof(tmp));
+		srv = make_server(tmp, host);
+		ISC_LIST_APPEND(lookup->my_server_list, srv, link);
+	}
+	addresscount = count;
+}
+
 static void
 parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 	   int argc, char **argv) {
@@ -1474,8 +1481,6 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 	char rcfile[256];
 #endif
 	char *input;
-	int i;
-	isc_boolean_t need_clone = ISC_TRUE;
 
 	/*
 	 * The semantics for parsing the args is a bit complex; if
@@ -1502,7 +1507,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 		if (homedir != NULL) {
 			unsigned int n;
 			n = snprintf(rcfile, sizeof(rcfile), "%s/.digrc",
-				     homedir);
+			             homedir);
 			if (n < sizeof(rcfile))
 				batchfp = fopen(rcfile, "r");
 		}
@@ -1523,9 +1528,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 				bargv[0] = argv[0];
 				argv0 = argv[0];
 
-				for(i = 0; i < bargc; i++)
-					debug(".digrc argv %d: %s",
-					      i, bargv[i]);
+				reorder_args(bargc, (char **)bargv);
 				parse_args(ISC_TRUE, ISC_TRUE, bargc,
 					   (char **)bargv);
 			}
@@ -1534,12 +1537,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 #endif
 	}
 
-	if (is_batchfile && !config_only) {
-		/* Processing '-f batchfile'. */
-		lookup = clone_lookup(default_lookup, ISC_TRUE);
-		need_clone = ISC_FALSE;
-	} else
-		lookup = default_lookup;
+	lookup = default_lookup;
 
 	rc = argc;
 	rv = argv;
@@ -1548,7 +1546,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 		if (strncmp(rv[0], "%", 1) == 0)
 			break;
 		if (strncmp(rv[0], "@", 1) == 0) {
-			addresscount = getaddresses(lookup, &rv[0][1]);
+			getaddresses(lookup, &rv[0][1]);
 		} else if (rv[0][0] == '+') {
 			plus_option(&rv[0][1], is_batchfile,
 				    lookup);
@@ -1556,16 +1554,14 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 			if (rc <= 1) {
 				if (dash_option(&rv[0][1], NULL,
 						&lookup, &open_type_class,
-						&need_clone, config_only,
-						argc, argv, &firstarg)) {
+						config_only)) {
 					rc--;
 					rv++;
 				}
 			} else {
 				if (dash_option(&rv[0][1], rv[1],
 						&lookup, &open_type_class,
-						&need_clone, config_only,
-						argc, argv, &firstarg)) {
+						config_only)) {
 					rc--;
 					rv++;
 				}
@@ -1582,9 +1578,10 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 					tr.base = rv[0];
 					tr.length = strlen(rv[0]);
 					result = dns_rdatatype_fromtext(&rdtype,
-						(isc_textregion_t *)&tr);
+					     	(isc_textregion_t *)&tr);
 					if (result == ISC_R_SUCCESS &&
 					    rdtype == dns_rdatatype_ixfr) {
+						result = DNS_R_UNKNOWN;
 						fprintf(stderr, ";; Warning, "
 							"ixfr requires a "
 							"serial number\n");
@@ -1602,12 +1599,11 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 						lookup->rdtypeset = ISC_TRUE;
 						lookup->ixfr_serial =
 							parse_uint(&rv[0][5],
-								"serial number",
-								MAXSERIAL);
+							  	"serial number",
+							  	MAXSERIAL);
 						lookup->section_question =
 							plusquest;
 						lookup->comments = pluscomm;
-						lookup->tcp_mode = ISC_TRUE;
 					} else {
 						lookup->rdtype = rdtype;
 						lookup->rdtypeset = ISC_TRUE;
@@ -1633,29 +1629,21 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 					continue;
 				}
 			}
-
 			if (!config_only) {
-				if (need_clone)
-					lookup = clone_lookup(default_lookup,
-								      ISC_TRUE);
-				need_clone = ISC_TRUE;
-				strncpy(lookup->textname, rv[0],
+				lookup = clone_lookup(default_lookup,
+						      ISC_TRUE);
+				strncpy(lookup->textname, rv[0], 
 					sizeof(lookup->textname));
 				lookup->textname[sizeof(lookup->textname)-1]=0;
 				lookup->trace_root = ISC_TF(lookup->trace  ||
 						     lookup->ns_search_only);
 				lookup->new_search = ISC_TRUE;
-				if (firstarg) {
-					printgreeting(argc, argv, lookup);
-					firstarg = ISC_FALSE;
-				}
 				ISC_LIST_APPEND(lookup_list, lookup, link);
 				debug("looking up %s", lookup->textname);
 			}
 			/* XXX Error message */
 		}
 	}
-
 	/*
 	 * If we have a batchfile, seed the lookup list with the
 	 * first entry, then trust the callback in dighost_shutdown
@@ -1690,20 +1678,15 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 			bargv[0] = argv[0];
 			argv0 = argv[0];
 
-			for(i = 0; i < bargc; i++)
-				debug("batch argv %d: %s", i, bargv[i]);
+			reorder_args(bargc, (char **)bargv);
 			parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv);
-			return;
 		}
-		return;
 	}
 	/*
 	 * If no lookup specified, search for root
 	 */
 	if ((lookup_list.head == NULL) && !config_only) {
-		if (need_clone)
-			lookup = clone_lookup(default_lookup, ISC_TRUE);
-		need_clone = ISC_TRUE;
+		lookup = clone_lookup(default_lookup, ISC_TRUE);
 		lookup->trace_root = ISC_TF(lookup->trace ||
 					    lookup->ns_search_only);
 		lookup->new_search = ISC_TRUE;
@@ -1715,9 +1698,10 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 			firstarg = ISC_FALSE;
 		}
 		ISC_LIST_APPEND(lookup_list, lookup, link);
+	} else if (!config_only && firstarg) {
+			printgreeting(argc, argv, lookup);
+			firstarg = ISC_FALSE;
 	}
-	if (!need_clone)
-		destroy_lookup(lookup);
 }
 
 /*
@@ -1731,7 +1715,7 @@ dighost_shutdown(void) {
 	int bargc;
 	char *bargv[16];
 	char *input;
-	int i;
+
 
 	if (batchname == NULL) {
 		isc_app_shutdown();
@@ -1759,8 +1743,7 @@ dighost_shutdown(void) {
 
 		bargv[0] = argv0;
 
-		for(i = 0; i < bargc; i++)
-			debug("batch argv %d: %s", i, bargv[i]);
+		reorder_args(bargc, (char **)bargv);
 		parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv);
 		start_lookup();
 	} else {
@@ -1776,6 +1759,7 @@ dighost_shutdown(void) {
 int
 main(int argc, char **argv) {
 	isc_result_t result;
+	dig_server_t *s, *s2;
 
 	ISC_LIST_INIT(lookup_list);
 	ISC_LIST_INIT(server_list);
@@ -1796,7 +1780,16 @@ main(int argc, char **argv) {
 	result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
 	check_result(result, "isc_app_onrun");
 	isc_app_run();
-	destroy_lookup(default_lookup);
+	s = ISC_LIST_HEAD(default_lookup->my_server_list);
+	while (s != NULL) {
+		debug("freeing server %p belonging to %p",
+		      s, default_lookup);
+		s2 = s;
+		s = ISC_LIST_NEXT(s, link);
+		ISC_LIST_DEQUEUE(default_lookup->my_server_list, s2, link);
+		isc_mem_free(mctx, s2);
+	}
+	isc_mem_free(mctx, default_lookup);
 	if (batchname != NULL) {
 		if (batchfp != stdin)
 			fclose(batchfp);

bin/dig/dig.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dig.docbook,v 1.42.44.3 2009/02/02 04:42:48 marka Exp $ -->
+<!-- $Id: dig.docbook,v 1.17.18.13 2006/01/27 23:57:44 marka Exp $ -->
 <refentry id="man.dig">
 
   <refentryinfo>
@@ -41,9 +41,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
-      <year>2007</year>
-      <year>2008</year>
-      <year>2009</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -63,7 +60,6 @@
       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
       <arg><option>-f <replaceable class="parameter">filename</replaceable></option></arg>
       <arg><option>-k <replaceable class="parameter">filename</replaceable></option></arg>
-      <arg><option>-m</option></arg>
       <arg><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
       <arg><option>-q <replaceable class="parameter">name</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
@@ -107,7 +103,7 @@
       arguments, it also has a batch mode of operation for reading lookup
       requests from a file.  A brief summary of its command-line arguments
       and options is printed when the <option>-h</option> option is given.
-      Unlike earlier versions, the BIND 9 implementation of
+      Unlike earlier versions, the BIND9 implementation of
       <command>dig</command> allows multiple lookups to be issued
       from the
       command line.
@@ -121,8 +117,8 @@
     </para>
 
     <para>
-      When no command line arguments or options are given,
-      <command>dig</command> will perform an NS query for "." (the root).
+      When no command line arguments or options are given, will perform an
+      NS query for "." (the root).
     </para>
 
     <para>
@@ -132,14 +128,6 @@
       are applied before the command line arguments.
     </para>
 
-    <para>
-      The IN and CH class names overlap with the IN and CH top level
-      domains names.  Either use the <option>-t</option> and
-      <option>-c</option> options to specify the type and class, 
-      use the <option>-q</option> the specify the domain name, or
-      use "IN." and "CH." when looking up these top level domains.
-    </para>
-
   </refsect1>
 
   <refsect1>
@@ -219,7 +207,7 @@
       The default query class (IN for internet) is overridden by the
       <option>-c</option> option.  <parameter>class</parameter> is
       any valid
-      class, such as HS for Hesiod records or CH for Chaosnet records.
+      class, such as HS for Hesiod records or CH for CHAOSNET records.
     </para>
 
     <para>
@@ -228,17 +216,11 @@
       in batch mode by reading a list of lookup requests to process from the
       file <parameter>filename</parameter>.  The file contains a
       number of
-      queries, one per line.  Each entry in the file should be organized in
+      queries, one per line.  Each entry in the file should be organised in
       the same way they would be presented as queries to
       <command>dig</command> using the command-line interface.
     </para>
 
-    <para>
-      The <option>-m</option> option enables memory usage debugging.
-      <!-- It enables ISC_MEM_DEBUGTRACE and ISC_MEM_DEBUGRECORD
-           documented in include/isc/mem.h -->
-    </para>
-
     <para>
       If a non-standard port number is to be queried, the
       <option>-p</option> option is used.  <parameter>port#</parameter> is
@@ -260,7 +242,7 @@
       The <option>-t</option> option sets the query type to
       <parameter>type</parameter>.  It can be any valid query type
       which is
-      supported in BIND 9.  The default query type is "A", unless the
+      supported in BIND9.  The default query type "A", unless the
       <option>-x</option> option is supplied to indicate a reverse lookup.
       A zone transfer can be requested by specifying a type of AXFR.  When
       an incremental zone transfer (IXFR) is required,
@@ -272,12 +254,12 @@
 
     <para>
       The <option>-q</option> option sets the query name to 
-      <parameter>name</parameter>.  This useful do distinguish the
+      <parameter>name</parameter>.  This useful do distingish the
       <parameter>name</parameter> from other arguments.
     </para>
 
     <para>
-      Reverse lookups &mdash; mapping addresses to names &mdash; are simplified by the
+      Reverse lookups - mapping addresses to names - are simplified by the
       <option>-x</option> option.  <parameter>addr</parameter> is
       an IPv4
       address in dotted-decimal notation, or a colon-delimited IPv6 address.
@@ -352,7 +334,7 @@
           <listitem>
             <para>
               Use [do not use] TCP when querying name servers.  The default
-              behavior is to use UDP unless an AXFR or IXFR query is
+              behaviour is to use UDP unless an AXFR or IXFR query is
               requested, in
               which case a TCP connection is used.
             </para>
@@ -450,19 +432,17 @@
 
         <varlistentry>
           <term><option>+[no]adflag</option></term>
-	  <listitem>
-	    <para>
-	      Set [do not set] the AD (authentic data) bit in the
-	      query.  This requests the server to return whether
-	      all of the answer and authority sections have all
-	      been validated as secure according to the security
-	      policy of the server.  AD=1 indicates that all records
-	      have been validated as secure and the answer is not
-	      from a OPT-OUT range.  AD=0 indicate that some part
-	      of the answer was insecure or not validated.
-	    </para>
-	  </listitem>
-	</varlistentry>
+          <listitem>
+            <para>
+              Set [do not set] the AD (authentic data) bit in the query.  The
+              AD bit
+              currently has a standard meaning only in responses, not in
+              queries,
+              but the ability to set the bit in the query is provided for
+              completeness.
+            </para>
+          </listitem>
+        </varlistentry>
 
         <varlistentry>
           <term><option>+[no]cdflag</option></term>
@@ -547,7 +527,7 @@
           <term><option>+[no]cmd</option></term>
           <listitem>
             <para>
-              Toggles the printing of the initial comment in the output
+              toggles the printing of the initial comment in the output
               identifying
               the version of <command>dig</command> and the query
               options that have
@@ -599,7 +579,7 @@
               This query option toggles the printing of statistics: when the
               query
               was made, the size of the reply and so on.  The default
-              behavior is
+              behaviour is
               to print the query statistics.
             </para>
           </listitem>
@@ -673,8 +653,8 @@
             <para>
 
               Sets the timeout for a query to
-              <parameter>T</parameter> seconds.  The default
-	      timeout is 5 seconds.
+              <parameter>T</parameter> seconds.  The default time
+              out is 5 seconds.
               An attempt to set <parameter>T</parameter> to less
               than 1 will result
               in a query timeout of 1 second being applied.
@@ -774,7 +754,7 @@
               default is
               to not try the next server which is the reverse of normal stub
               resolver
-              behavior.
+              behaviour.
             </para>
           </listitem>
         </varlistentry>
@@ -819,7 +799,7 @@
 	      on its own line.
             </para>
 	    <para>
-	      If not specified, <command>dig</command> will look for
+	      If not specified <command>dig</command> will look for
 	      <filename>/etc/trusted-key.key</filename> then
 	      <filename>trusted-key.key</filename> in the current directory.
 	    </para>
@@ -833,21 +813,13 @@
           <term><option>+[no]topdown</option></term>
           <listitem>
             <para>
-              When chasing DNSSEC signature chains perform a top-down
+              When chasing DNSSEC signature chains perform a top down
               validation.
               Requires dig be compiled with -DDIG_SIGCHASE.
             </para>
           </listitem>
         </varlistentry>
 
-        <varlistentry>
-          <term><option>+[no]nsid</option></term>
-          <listitem>
-            <para>
-              Include an EDNS name server ID request when sending a query.
-            </para>
-          </listitem>
-        </varlistentry>
 
 
       </variablelist>

bin/dig/dig.html

@@ -1,8 +1,8 @@
 <!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  - 
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dig.html,v 1.45.44.3 2009/07/11 01:55:20 tbox Exp $ -->
+<!-- $Id: dig.html,v 1.13.18.21 2006/06/29 13:03:01 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dig</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.dig"></a><div class="titlepage"></div>
@@ -29,12 +29,12 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dig</code>  [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-m</code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dig</code>  [@server] [<code class="option">-b <em class="replaceable"><code>address</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-k <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>] [<code class="option">-q <em class="replaceable"><code>name</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>] [<code class="option">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]name:key</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] [name] [type] [class] [queryopt...]</p></div>
 <div class="cmdsynopsis"><p><code class="command">dig</code>  [<code class="option">-h</code>]</p></div>
 <div class="cmdsynopsis"><p><code class="command">dig</code>  [global-queryopt...] [query...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543518"></a><h2>DESCRIPTION</h2>
+<a name="id2549565"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dig</strong></span>
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -50,7 +50,7 @@
       arguments, it also has a batch mode of operation for reading lookup
       requests from a file.  A brief summary of its command-line arguments
       and options is printed when the <code class="option">-h</code> option is given.
-      Unlike earlier versions, the BIND 9 implementation of
+      Unlike earlier versions, the BIND9 implementation of
       <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
       from the
       command line.
@@ -62,8 +62,8 @@
       <code class="filename">/etc/resolv.conf</code>.
     </p>
 <p>
-      When no command line arguments or options are given,
-      <span><strong class="command">dig</strong></span> will perform an NS query for "." (the root).
+      When no command line arguments or options are given, will perform an
+      NS query for "." (the root).
     </p>
 <p>
       It is possible to set per-user defaults for <span><strong class="command">dig</strong></span> via
@@ -71,16 +71,9 @@
       any options in it
       are applied before the command line arguments.
     </p>
-<p>
-      The IN and CH class names overlap with the IN and CH top level
-      domains names.  Either use the <code class="option">-t</code> and
-      <code class="option">-c</code> options to specify the type and class, 
-      use the <code class="option">-q</code> the specify the domain name, or
-      use "IN." and "CH." when looking up these top level domains.
-    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543592"></a><h2>SIMPLE USAGE</h2>
+<a name="id2549621"></a><h2>SIMPLE USAGE</h2>
 <p>
       A typical invocation of <span><strong class="command">dig</strong></span> looks like:
       </p>
@@ -126,7 +119,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543683"></a><h2>OPTIONS</h2>
+<a name="id2549848"></a><h2>OPTIONS</h2>
 <p>
       The <code class="option">-b</code> option sets the source IP address of the query
       to <em class="parameter"><code>address</code></em>.  This must be a valid
@@ -139,7 +132,7 @@
       The default query class (IN for internet) is overridden by the
       <code class="option">-c</code> option.  <em class="parameter"><code>class</code></em> is
       any valid
-      class, such as HS for Hesiod records or CH for Chaosnet records.
+      class, such as HS for Hesiod records or CH for CHAOSNET records.
     </p>
 <p>
       The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span>
@@ -147,14 +140,10 @@
       in batch mode by reading a list of lookup requests to process from the
       file <em class="parameter"><code>filename</code></em>.  The file contains a
       number of
-      queries, one per line.  Each entry in the file should be organized in
+      queries, one per line.  Each entry in the file should be organised in
       the same way they would be presented as queries to
       <span><strong class="command">dig</strong></span> using the command-line interface.
     </p>
-<p>
-      The <code class="option">-m</code> option enables memory usage debugging.
-      
-    </p>
 <p>
       If a non-standard port number is to be queried, the
       <code class="option">-p</code> option is used.  <em class="parameter"><code>port#</code></em> is
@@ -174,7 +163,7 @@
       The <code class="option">-t</code> option sets the query type to
       <em class="parameter"><code>type</code></em>.  It can be any valid query type
       which is
-      supported in BIND 9.  The default query type is "A", unless the
+      supported in BIND9.  The default query type "A", unless the
       <code class="option">-x</code> option is supplied to indicate a reverse lookup.
       A zone transfer can be requested by specifying a type of AXFR.  When
       an incremental zone transfer (IXFR) is required,
@@ -185,11 +174,11 @@
     </p>
 <p>
       The <code class="option">-q</code> option sets the query name to 
-      <em class="parameter"><code>name</code></em>.  This useful do distinguish the
+      <em class="parameter"><code>name</code></em>.  This useful do distingish the
       <em class="parameter"><code>name</code></em> from other arguments.
     </p>
 <p>
-      Reverse lookups &#8212; mapping addresses to names &#8212; are simplified by the
+      Reverse lookups - mapping addresses to names - are simplified by the
       <code class="option">-x</code> option.  <em class="parameter"><code>addr</code></em> is
       an IPv4
       address in dotted-decimal notation, or a colon-delimited IPv6 address.
@@ -230,7 +219,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544032"></a><h2>QUERY OPTIONS</h2>
+<a name="id2550051"></a><h2>QUERY OPTIONS</h2>
 <p><span><strong class="command">dig</strong></span>
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -253,7 +242,7 @@
 <dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
 <dd><p>
               Use [do not use] TCP when querying name servers.  The default
-              behavior is to use UDP unless an AXFR or IXFR query is
+              behaviour is to use UDP unless an AXFR or IXFR query is
               requested, in
               which case a TCP connection is used.
             </p></dd>
@@ -308,15 +297,13 @@
             </p></dd>
 <dt><span class="term"><code class="option">+[no]adflag</code></span></dt>
 <dd><p>
-	      Set [do not set] the AD (authentic data) bit in the
-	      query.  This requests the server to return whether
-	      all of the answer and authority sections have all
-	      been validated as secure according to the security
-	      policy of the server.  AD=1 indicates that all records
-	      have been validated as secure and the answer is not
-	      from a OPT-OUT range.  AD=0 indicate that some part
-	      of the answer was insecure or not validated.
-	    </p></dd>
+              Set [do not set] the AD (authentic data) bit in the query.  The
+              AD bit
+              currently has a standard meaning only in responses, not in
+              queries,
+              but the ability to set the bit in the query is provided for
+              completeness.
+            </p></dd>
 <dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
 <dd><p>
               Set [do not set] the CD (checking disabled) bit in the query.
@@ -368,7 +355,7 @@
             </p></dd>
 <dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
 <dd><p>
-              Toggles the printing of the initial comment in the output
+              toggles the printing of the initial comment in the output
               identifying
               the version of <span><strong class="command">dig</strong></span> and the query
               options that have
@@ -400,7 +387,7 @@
               This query option toggles the printing of statistics: when the
               query
               was made, the size of the reply and so on.  The default
-              behavior is
+              behaviour is
               to print the query statistics.
             </p></dd>
 <dt><span class="term"><code class="option">+[no]qr</code></span></dt>
@@ -439,8 +426,8 @@
 <dd><p>
 
               Sets the timeout for a query to
-              <em class="parameter"><code>T</code></em> seconds.  The default
-	      timeout is 5 seconds.
+              <em class="parameter"><code>T</code></em> seconds.  The default time
+              out is 5 seconds.
               An attempt to set <em class="parameter"><code>T</code></em> to less
               than 1 will result
               in a query timeout of 1 second being applied.
@@ -505,7 +492,7 @@
               default is
               to not try the next server which is the reverse of normal stub
               resolver
-              behavior.
+              behaviour.
             </p></dd>
 <dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
 <dd><p>
@@ -531,7 +518,7 @@
 	      on its own line.
             </p>
 <p>
-	      If not specified, <span><strong class="command">dig</strong></span> will look for
+	      If not specified <span><strong class="command">dig</strong></span> will look for
 	      <code class="filename">/etc/trusted-key.key</code> then
 	      <code class="filename">trusted-key.key</code> in the current directory.
 	    </p>
@@ -541,21 +528,17 @@
 </dd>
 <dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
 <dd><p>
-              When chasing DNSSEC signature chains perform a top-down
+              When chasing DNSSEC signature chains perform a top down
               validation.
               Requires dig be compiled with -DDIG_SIGCHASE.
             </p></dd>
-<dt><span class="term"><code class="option">+[no]nsid</code></span></dt>
-<dd><p>
-              Include an EDNS name server ID request when sending a query.
-            </p></dd>
 </dl></div>
 <p>
 
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545166"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2551240"></a><h2>MULTIPLE QUERIES</h2>
 <p>
       The BIND 9 implementation of <span><strong class="command">dig </strong></span>
       supports
@@ -601,7 +584,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545228"></a><h2>IDN SUPPORT</h2>
+<a name="id2551302"></a><h2>IDN SUPPORT</h2>
 <p>
       If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -615,14 +598,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545251"></a><h2>FILES</h2>
+<a name="id2551324"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 <p><code class="filename">${HOME}/.digrc</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545336"></a><h2>SEE ALSO</h2>
+<a name="id2551341"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@@ -630,7 +613,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545373"></a><h2>BUGS</h2>
+<a name="id2551379"></a><h2>BUGS</h2>
 <p>
       There are probably too many query options.
     </p>

bin/dig/host.1

@@ -1,7 +1,7 @@
-.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -13,13 +13,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: host.1,v 1.29.114.2 2009/07/11 01:55:20 tbox Exp $
+.\" $Id: host.1,v 1.14.18.11 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: host
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: Jun 30, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -130,9 +130,9 @@ makes. This should mean that the name server receiving the query will not attemp
 \fB\-r\fR
 option enables
 \fBhost\fR
-to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
+to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
 .PP
-By default,
+By default
 \fBhost\fR
 uses UDP when making queries. The
 \fB\-T\fR
@@ -152,9 +152,9 @@ The
 \fB\-t\fR
 option is used to select the query type.
 \fItype\fR
-can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
+can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
 \fBhost\fR
-automatically selects an appropriate query type. By default, it looks for A, AAAA, and MX records, but if the
+automatically selects an appropriate query type. By default it looks for A records, but if the
 \fB\-C\fR
 option was given, queries will be made for SOA records, and if
 \fIname\fR
@@ -185,7 +185,7 @@ The
 option tells
 \fBhost\fR
 \fInot\fR
-to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior.
+to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behaviour.
 .PP
 The
 \fB\-m\fR
@@ -213,7 +213,4 @@ runs.
 \fBdig\fR(1),
 \fBnamed\fR(8).
 .SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2009 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
-.br
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")

bin/dig/host.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2007, 2009-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,25 +15,13 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: host.c,v 1.116.216.8 2011/03/11 10:49:49 marka Exp $ */
+/* $Id: host.c,v 1.94.18.14 2006/05/23 04:40:42 marka Exp $ */
 
 /*! \file */
 
 #include <config.h>
-#include <stdlib.h>
 #include <limits.h>
 
-#ifdef HAVE_LOCALE_H
-#include <locale.h>
-#endif
-
-#ifdef WITH_IDN
-#include <idn/result.h>
-#include <idn/log.h>
-#include <idn/resconf.h>
-#include <idn/api.h>
-#endif
-
 #include <isc/app.h>
 #include <isc/commandline.h>
 #include <isc/netaddr.h>
@@ -124,23 +112,6 @@ struct rtype rtypes[] = {
 	{ 0, NULL }
 };
 
-static char *
-rcode_totext(dns_rcode_t rcode)
-{
-	static char buf[sizeof("?65535")];
-	union {
-		const char *consttext;
-		char *deconsttext;
-	} totext;
-
-	if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
-		snprintf(buf, sizeof(buf), "?%u", rcode);
-		totext.deconsttext = buf;
-	} else
-		totext.consttext = rcodetext[rcode];
-	return totext.deconsttext;
-}
-
 static void
 show_usage(void) {
 	fputs(
@@ -287,10 +258,10 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 			if (query->lookup->rdtype == dns_rdatatype_axfr &&
 			    !((!list_addresses &&
 			       (list_type == dns_rdatatype_any ||
-				rdataset->type == list_type)) ||
+			        rdataset->type == list_type)) ||
 			      (list_addresses &&
 			       (rdataset->type == dns_rdatatype_a ||
-				rdataset->type == dns_rdatatype_aaaa ||
+			        rdataset->type == dns_rdatatype_aaaa ||
 				rdataset->type == dns_rdatatype_ns ||
 				rdataset->type == dns_rdatatype_ptr))))
 				continue;
@@ -394,7 +365,7 @@ chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
 	dns_rdata_t rdata = DNS_RDATA_INIT;
 	unsigned int i = msg->counts[DNS_SECTION_ANSWER];
 
-	while (i-- > 0) {
+ 	while (i-- > 0) {
 		rdataset = NULL;
 		result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
 					      dns_rdatatype_cname, 0, NULL,
@@ -443,10 +414,8 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	if (msg->rcode != 0) {
 		char namestr[DNS_NAME_FORMATSIZE];
 		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
-		printf("Host %s not found: %d(%s)\n",
-		       (msg->rcode != dns_rcode_nxdomain) ? namestr :
-		       query->lookup->textname, msg->rcode,
-		       rcode_totext(msg->rcode));
+		printf("Host %s not found: %d(%s)\n", namestr,
+		       msg->rcode, rcodetext[msg->rcode]);
 		return (ISC_R_SUCCESS);
 	}
 
@@ -468,7 +437,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 				sizeof(lookup->textname));
 			lookup->textname[sizeof(lookup->textname)-1] = 0;
 			lookup->rdtype = dns_rdatatype_aaaa;
-			lookup->rdtypeset = ISC_TRUE;
+                        lookup->rdtypeset = ISC_TRUE;
 			lookup->origin = NULL;
 			lookup->retries = tries;
 			ISC_LIST_APPEND(lookup_list, lookup, link);
@@ -479,7 +448,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 				sizeof(lookup->textname));
 			lookup->textname[sizeof(lookup->textname)-1] = 0;
 			lookup->rdtype = dns_rdatatype_mx;
-			lookup->rdtypeset = ISC_TRUE;
+                        lookup->rdtypeset = ISC_TRUE;
 			lookup->origin = NULL;
 			lookup->retries = tries;
 			ISC_LIST_APPEND(lookup_list, lookup, link);
@@ -488,7 +457,7 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 
 	if (!short_form) {
 		printf(";; ->>HEADER<<- opcode: %s, status: %s, id: %u\n",
-		       opcodetext[msg->opcode], rcode_totext(msg->rcode),
+		       opcodetext[msg->opcode], rcodetext[msg->rcode],
 		       msg->id);
 		printf(";; flags: ");
 		if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) {
@@ -518,7 +487,6 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 		if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0) {
 			printf("%scd", did_flag ? " " : "");
 			did_flag = ISC_TRUE;
-			POST(did_flag);
 		}
 		printf("; QUERY: %u, ANSWER: %u, "
 		       "AUTHORITY: %u, ADDITIONAL: %u\n",
@@ -601,7 +569,6 @@ pre_parse_args(int argc, char **argv) {
 	while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
 		switch (c) {
 		case 'm':
-			memdebugging = ISC_TRUE;
 			if (strcasecmp("trace", isc_commandline_argument) == 0)
 				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
 			else if (!strcasecmp("record",
@@ -626,9 +593,7 @@ pre_parse_args(int argc, char **argv) {
 		case 'v': break;
 		case 'w': break;
 		case 'C': break;
-		case 'D':
-			debugging = ISC_TRUE;
-			break;
+		case 'D': break;
 		case 'N': break;
 		case 'R': break;
 		case 'T': break;
@@ -699,9 +664,6 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = rdtype;
 			lookup->rdtypeset = ISC_TRUE;
-#ifdef WITH_IDN
-			idnoptions = 0;
-#endif
 			if (rdtype == dns_rdatatype_axfr) {
 				/* -l -t any -v */
 				list_type = dns_rdatatype_any;
@@ -709,15 +671,7 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 				lookup->tcp_mode = ISC_TRUE;
 			} else if (rdtype == dns_rdatatype_ixfr) {
 				lookup->ixfr_serial = serial;
-				lookup->tcp_mode = ISC_TRUE;
 				list_type = rdtype;
-#ifdef WITH_IDN
-			} else if (rdtype == dns_rdatatype_a ||
-				   rdtype == dns_rdatatype_aaaa ||
-				   rdtype == dns_rdatatype_mx) {
-				idnoptions = IDN_ASCCHECK;
-				list_type = rdtype;
-#endif
 			} else
 				list_type = rdtype;
 			list_addresses = ISC_FALSE;
@@ -795,7 +749,7 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			ndots = atoi(isc_commandline_argument);
 			break;
 		case 'D':
-			/* Handled by pre_parse_args(). */
+			debugging = ISC_TRUE;
 			break;
 		case '4':
 			if (have_ipv4) {
@@ -822,8 +776,8 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 	if (isc_commandline_index >= argc)
 		show_usage();
 
-	strlcpy(hostname, argv[isc_commandline_index], sizeof(hostname));
-
+	strncpy(hostname, argv[isc_commandline_index], sizeof(hostname));
+	hostname[sizeof(hostname)-1]=0;
 	if (argc > isc_commandline_index + 1) {
 		set_nameserver(argv[isc_commandline_index+1]);
 		debug("server is %s", argv[isc_commandline_index+1]);
@@ -842,10 +796,11 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 	} else {
 		strncpy(lookup->textname, hostname, sizeof(lookup->textname));
 		lookup->textname[sizeof(lookup->textname)-1]=0;
-		usesearch = ISC_TRUE;
 	}
 	lookup->new_search = ISC_TRUE;
 	ISC_LIST_APPEND(lookup_list, lookup, link);
+
+	usesearch = ISC_TRUE;
 }
 
 int
@@ -857,11 +812,8 @@ main(int argc, char **argv) {
 	ISC_LIST_INIT(lookup_list);
 	ISC_LIST_INIT(server_list);
 	ISC_LIST_INIT(search_list);
-
+	
 	fatalexit = 1;
-#ifdef WITH_IDN
-	idnoptions = IDN_ASCCHECK;
-#endif
 
 	debug("main()");
 	progname = argv[0];

bin/dig/host.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007-2009  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: host.docbook,v 1.18.114.2 2009/01/22 23:47:05 tbox Exp $ -->
+<!-- $Id: host.docbook,v 1.5.18.7 2005/09/09 06:22:06 marka Exp $ -->
 <refentry id="man.host">
 
   <refentryinfo>
@@ -40,9 +40,6 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
-      <year>2007</year>
-      <year>2008</year>
-      <year>2009</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -175,13 +172,13 @@
       attempt to resolve <parameter>name</parameter>.  The
       <option>-r</option> option enables <command>host</command>
       to mimic
-      the behavior of a name server by making non-recursive queries and
+      the behaviour of a name server by making non-recursive queries and
       expecting to receive answers to those queries that are usually
       referrals to other name servers.
     </para>
 
     <para>
-      By default, <command>host</command> uses UDP when making
+      By default <command>host</command> uses UDP when making
       queries.  The
       <option>-T</option> option makes it use a TCP connection when querying
       the name server.  TCP will be automatically selected for queries that
@@ -196,12 +193,12 @@
 
     <para>
       The <option>-t</option> option is used to select the query type.
-      <parameter>type</parameter> can be any recognized query
+      <parameter>type</parameter> can be any recognised query
       type: CNAME,
       NS, SOA, SIG, KEY, AXFR, etc.  When no query type is specified,
       <command>host</command> automatically selects an appropriate
       query
-      type.  By default, it looks for A, AAAA, and MX records, but if the
+      type.  By default it looks for A records, but if the
       <option>-C</option> option was given, queries will be made for SOA
       records, and if <parameter>name</parameter> is a
       dotted-decimal IPv4
@@ -229,7 +226,7 @@
       The <option>-s</option> option tells <command>host</command> 
       <emphasis>not</emphasis> to send the query to the next nameserver
       if any server responds with a SERVFAIL response, which is the
-      reverse of normal stub resolver behavior.
+      reverse of normal stub resolver behaviour.
     </para>
 
     <para>

bin/dig/host.html

@@ -1,8 +1,8 @@
 <!--
- - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  - 
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: host.html,v 1.28.114.2 2009/07/11 01:55:20 tbox Exp $ -->
+<!-- $Id: host.html,v 1.7.18.16 2006/06/29 13:03:01 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>host</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.host"></a><div class="titlepage"></div>
@@ -32,7 +32,7 @@
 <div class="cmdsynopsis"><p><code class="command">host</code>  [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543434"></a><h2>DESCRIPTION</h2>
+<a name="id2549485"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">host</strong></span>
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
@@ -125,12 +125,12 @@
       attempt to resolve <em class="parameter"><code>name</code></em>.  The
       <code class="option">-r</code> option enables <span><strong class="command">host</strong></span>
       to mimic
-      the behavior of a name server by making non-recursive queries and
+      the behaviour of a name server by making non-recursive queries and
       expecting to receive answers to those queries that are usually
       referrals to other name servers.
     </p>
 <p>
-      By default, <span><strong class="command">host</strong></span> uses UDP when making
+      By default <span><strong class="command">host</strong></span> uses UDP when making
       queries.  The
       <code class="option">-T</code> option makes it use a TCP connection when querying
       the name server.  TCP will be automatically selected for queries that
@@ -143,12 +143,12 @@
     </p>
 <p>
       The <code class="option">-t</code> option is used to select the query type.
-      <em class="parameter"><code>type</code></em> can be any recognized query
+      <em class="parameter"><code>type</code></em> can be any recognised query
       type: CNAME,
       NS, SOA, SIG, KEY, AXFR, etc.  When no query type is specified,
       <span><strong class="command">host</strong></span> automatically selects an appropriate
       query
-      type.  By default, it looks for A, AAAA, and MX records, but if the
+      type.  By default it looks for A records, but if the
       <code class="option">-C</code> option was given, queries will be made for SOA
       records, and if <em class="parameter"><code>name</code></em> is a
       dotted-decimal IPv4
@@ -174,7 +174,7 @@
       The <code class="option">-s</code> option tells <span><strong class="command">host</strong></span> 
       <span class="emphasis"><em>not</em></span> to send the query to the next nameserver
       if any server responds with a SERVFAIL response, which is the
-      reverse of normal stub resolver behavior.
+      reverse of normal stub resolver behaviour.
     </p>
 <p>
       The <code class="option">-m</code> can be used to set the memory usage debugging
@@ -184,7 +184,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543800"></a><h2>IDN SUPPORT</h2>
+<a name="id2549920"></a><h2>IDN SUPPORT</h2>
 <p>
       If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names. 
@@ -198,12 +198,12 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543822"></a><h2>FILES</h2>
+<a name="id2549942"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543834"></a><h2>SEE ALSO</h2>
+<a name="id2549954"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
     </p>

bin/dig/include/dig/dig.h

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2009, 2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.h,v 1.107.120.4 2011/02/28 01:18:40 tbox Exp $ */
+/* $Id: dig.h,v 1.82.18.16 2006/01/27 23:57:44 marka Exp $ */
 
 #ifndef DIG_H
 #define DIG_H
@@ -102,7 +102,7 @@ typedef struct dig_searchlist dig_searchlist_t;
 /*% The dig_lookup structure */
 struct dig_lookup {
 	isc_boolean_t
-		pending, /*%< Pending a successful answer */
+	        pending, /*%< Pending a successful answer */
 		waiting_connect,
 		doing_xfr,
 		ns_search_only, /*%< dig +nssearch, host -C */
@@ -126,31 +126,28 @@ struct dig_lookup {
 		section_additional,
 		servfail_stops,
 		new_search,
-		need_search,
-		done_as_is,
 		besteffort,
-		dnssec,
-		nsid;   /*% Name Server ID (RFC 5001) */
+		dnssec;
 #ifdef DIG_SIGCHASE
 isc_boolean_t	sigchase;
 #if DIG_SIGCHASE_TD
-	isc_boolean_t do_topdown,
-		trace_root_sigchase,
-		rdtype_sigchaseset,
-		rdclass_sigchaseset;
+ 	isc_boolean_t do_topdown,
+	        trace_root_sigchase,
+	        rdtype_sigchaseset,
+	        rdclass_sigchaseset;
 	/* Name we are going to validate RRset */
-	char textnamesigchase[MXNAME];
+  	char textnamesigchase[MXNAME];
 #endif
 #endif
-
+	
 	char textname[MXNAME]; /*% Name we're going to be looking up */
 	char cmdline[MXNAME];
 	dns_rdatatype_t rdtype;
 	dns_rdatatype_t qrdtype;
 #if DIG_SIGCHASE_TD
-	dns_rdatatype_t rdtype_sigchase;
-	dns_rdatatype_t qrdtype_sigchase;
-	dns_rdataclass_t rdclass_sigchase;
+        dns_rdatatype_t rdtype_sigchase;
+        dns_rdatatype_t qrdtype_sigchase;
+        dns_rdataclass_t rdclass_sigchase;
 #endif
 	dns_rdataclass_t rdclass;
 	isc_boolean_t rdtypeset;
@@ -159,7 +156,7 @@ isc_boolean_t	sigchase;
 	char onamespace[BUFSIZE];
 	isc_buffer_t namebuf;
 	isc_buffer_t onamebuf;
-	isc_buffer_t renderbuf;
+	isc_buffer_t sendbuf;
 	char *sendspace;
 	dns_name_t *name;
 	isc_timer_t *timer;
@@ -189,8 +186,6 @@ isc_boolean_t	sigchase;
 struct dig_query {
 	dig_lookup_t *lookup;
 	isc_boolean_t waiting_connect,
-		pending_free,
-		waiting_senddone,
 		first_pass,
 		first_soa_rcvd,
 		second_rr_rcvd,
@@ -217,7 +212,6 @@ struct dig_query {
 	isc_sockaddr_t sockaddr;
 	isc_time_t time_sent;
 	isc_uint64_t byte_count;
-	isc_buffer_t sendbuf;
 };
 
 struct dig_server {
@@ -232,7 +226,7 @@ struct dig_searchlist {
 };
 #ifdef DIG_SIGCHASE
 struct dig_message {
-		dns_message_t *msg;
+	        dns_message_t *msg;
 		ISC_LINK(dig_message_t) link;
 };
 #endif
@@ -250,7 +244,7 @@ extern dig_searchlistlist_t search_list;
 extern unsigned int extrabytes;
 
 extern isc_boolean_t check_ra, have_ipv4, have_ipv6, specified_source,
-	usesearch, showsearch, qr;
+        usesearch, showsearch, qr;
 extern in_port_t port;
 extern unsigned int timeout;
 extern isc_mem_t *mctx;
@@ -278,19 +272,13 @@ extern isc_boolean_t debugging, memdebugging;
 extern char *progname;
 extern int tries;
 extern int fatalexit;
-#ifdef WITH_IDN
-extern int idnoptions;
-#endif
 
 /*
  * Routines in dighost.c.
  */
-isc_result_t
+void
 get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr);
 
-int
-getaddresses(dig_lookup_t *lookup, const char *host);
-
 isc_result_t
 get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
 	    isc_boolean_t strict);
@@ -307,9 +295,6 @@ check_result(isc_result_t result, const char *msg);
 void
 setup_lookup(dig_lookup_t *lookup);
 
-void
-destroy_lookup(dig_lookup_t *lookup);
-
 void
 do_lookup(dig_lookup_t *lookup);
 

bin/dig/nslookup.1

@@ -1,6 +1,6 @@
-.\" Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -12,13 +12,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: nslookup.1,v 1.14.354.2 2010/02/23 01:56:02 tbox Exp $
+.\" $Id: nslookup.1,v 1.1.10.9 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: nslookup
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: Jun 30, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -42,10 +42,10 @@ has two modes: interactive and non\-interactive. Interactive mode allows the use
 .SH "ARGUMENTS"
 .PP
 Interactive mode is entered in the following cases:
-.TP 4
+.TP 3n
 1.
 when no arguments are given (the default name server will be used)
-.TP 4
+.TP 3n
 2.
 when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server.
 .sp
@@ -54,28 +54,17 @@ when the first argument is a hyphen (\-) and the second argument is the host nam
 Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
 .PP
 Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
-.sp
-.RS 4
-.nf
-nslookup \-query=hinfo  \-timeout=10
-.fi
-.RE
-.sp
+.sp .RS 3n .nf nslookup \-query=hinfo \-timeout=10 .fi .RE
 .SH "INTERACTIVE COMMANDS"
-.PP
-\fBhost\fR [server]
-.RS 4
+.TP 3n
+host [server]
 Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name.
 .sp
 To look up a host not in the current domain, append a period to the name.
-.RE
-.PP
+.TP 3n
 \fBserver\fR \fIdomain\fR
-.RS 4
-.RE
-.PP
+.TP 3n
 \fBlserver\fR \fIdomain\fR
-.RS 4
 Change the default server to
 \fIdomain\fR;
 \fBlserver\fR
@@ -83,165 +72,112 @@ uses the initial server to look up information about
 \fIdomain\fR, while
 \fBserver\fR
 uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned.
-.RE
-.PP
+.TP 3n
 \fBroot\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP 3n
 \fBfinger\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP 3n
 \fBls\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP 3n
 \fBview\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP 3n
 \fBhelp\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP 3n
 \fB?\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP 3n
 \fBexit\fR
-.RS 4
 Exits the program.
-.RE
-.PP
+.TP 3n
 \fBset\fR \fIkeyword\fR\fI[=value]\fR
-.RS 4
 This command is used to change state information that affects the lookups. Valid keywords are:
-.RS 4
-.PP
+.RS 3n
+.TP 3n
 \fBall\fR
-.RS 4
 Prints the current values of the frequently used options to
 \fBset\fR. Information about the current default server and host is also printed.
-.RE
-.PP
+.TP 3n
 \fBclass=\fR\fIvalue\fR
-.RS 4
 Change the query class to one of:
-.RS 4
-.PP
+.RS 3n
+.TP 3n
 \fBIN\fR
-.RS 4
 the Internet class
-.RE
-.PP
+.TP 3n
 \fBCH\fR
-.RS 4
 the Chaos class
-.RE
-.PP
+.TP 3n
 \fBHS\fR
-.RS 4
 the Hesiod class
-.RE
-.PP
+.TP 3n
 \fBANY\fR
-.RS 4
 wildcard
 .RE
-.RE
-.IP "" 4
+.IP "" 3n
 The class specifies the protocol group of the information.
 .sp
 (Default = IN; abbreviation = cl)
-.RE
-.PP
+.TP 3n
 \fB \fR\fB\fI[no]\fR\fR\fBdebug\fR
-.RS 4
-Turn on or off the display of the full response packet and any intermediate response packets when searching.
+Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
 .sp
 (Default = nodebug; abbreviation =
 [no]deb)
-.RE
-.PP
+.TP 3n
 \fB \fR\fB\fI[no]\fR\fR\fBd2\fR
-.RS 4
-Turn debugging mode on or off. This displays more about what nslookup is doing.
+Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
 .sp
 (Default = nod2)
-.RE
-.PP
+.TP 3n
 \fBdomain=\fR\fIname\fR
-.RS 4
 Sets the search list to
 \fIname\fR.
-.RE
-.PP
+.TP 3n
 \fB \fR\fB\fI[no]\fR\fR\fBsearch\fR
-.RS 4
 If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received.
 .sp
 (Default = search)
-.RE
-.PP
+.TP 3n
 \fBport=\fR\fIvalue\fR
-.RS 4
 Change the default TCP/UDP name server port to
 \fIvalue\fR.
 .sp
 (Default = 53; abbreviation = po)
-.RE
-.PP
+.TP 3n
 \fBquerytype=\fR\fIvalue\fR
-.RS 4
-.RE
-.PP
+.TP 3n
 \fBtype=\fR\fIvalue\fR
-.RS 4
 Change the type of the information query.
 .sp
 (Default = A; abbreviations = q, ty)
-.RE
-.PP
+.TP 3n
 \fB \fR\fB\fI[no]\fR\fR\fBrecurse\fR
-.RS 4
 Tell the name server to query other servers if it does not have the information.
 .sp
 (Default = recurse; abbreviation = [no]rec)
-.RE
-.PP
+.TP 3n
 \fBretry=\fR\fInumber\fR
-.RS 4
 Set the number of retries to number.
-.RE
-.PP
+.TP 3n
 \fBtimeout=\fR\fInumber\fR
-.RS 4
 Change the initial timeout interval for waiting for a reply to number seconds.
-.RE
-.PP
+.TP 3n
 \fB \fR\fB\fI[no]\fR\fR\fBvc\fR
-.RS 4
 Always use a virtual circuit when sending requests to the server.
 .sp
 (Default = novc)
-.RE
-.PP
+.TP 3n
 \fB \fR\fB\fI[no]\fR\fR\fBfail\fR
-.RS 4
 Try the next nameserver if a nameserver responds with SERVFAIL or a referral (nofail) or terminate query (fail) on such a response.
 .sp
 (Default = nofail)
 .RE
-.RE
-.IP "" 4
-.RE
+.IP "" 3n
 .SH "FILES"
 .PP
 \fI/etc/resolv.conf\fR
@@ -254,5 +190,4 @@ Try the next nameserver if a nameserver responds with SERVFAIL or a referral (no
 .PP
 Andrew Cherenson
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
-.br
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")

bin/dig/nslookup.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2007, 2009, 2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: nslookup.c,v 1.117.334.7 2011/02/21 23:45:48 tbox Exp $ */
+/* $Id: nslookup.c,v 1.101.18.11 2006/06/09 23:50:54 marka Exp $ */
 
 #include <config.h>
 
@@ -26,7 +26,6 @@
 #include <isc/commandline.h>
 #include <isc/event.h>
 #include <isc/parseint.h>
-#include <isc/print.h>
 #include <isc/string.h>
 #include <isc/timer.h>
 #include <isc/util.h>
@@ -130,23 +129,6 @@ static const char *rtypetext[] = {
 static void flush_lookup_list(void);
 static void getinput(isc_task_t *task, isc_event_t *event);
 
-static char *
-rcode_totext(dns_rcode_t rcode)
-{
-	static char buf[sizeof("?65535")];
-	union {
-		const char *consttext;
-		char *deconsttext;
-	} totext;
-
-	if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
-		snprintf(buf, sizeof(buf), "?%u", rcode);
-		totext.deconsttext = buf;
-	} else
-		totext.consttext = rcodetext[rcode];
-	return totext.deconsttext;
-}
-
 void
 dighost_shutdown(void) {
 	isc_event_t *event = global_event;
@@ -373,7 +355,6 @@ detailsection(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers,
 					printrdata(&rdata);
 				}
 				dns_rdata_reset(&rdata);
-				printf("\tttl = %u\n", rdataset->ttl);
 				loopresult = dns_rdataset_next(rdataset);
 			}
 		}
@@ -404,14 +385,14 @@ trying(char *frm, dig_lookup_t *lookup) {
 
 isc_result_t
 printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
-	char servtext[ISC_SOCKADDR_FORMATSIZE];
+	char servtext[ISC_SOCKADDR_FORMATSIZE];	
 
 	debug("printmessage()");
 
 	isc_sockaddr_format(&query->sockaddr, servtext, sizeof(servtext));
 	printf("Server:\t\t%s\n", query->userarg);
 	printf("Address:\t%s\n", servtext);
-
+	
 	puts("");
 
 	if (!short_form) {
@@ -429,9 +410,8 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 		char nametext[DNS_NAME_FORMATSIZE];
 		dns_name_format(query->lookup->name,
 				nametext, sizeof(nametext));
-		printf("** server can't find %s: %s\n",
-		       (msg->rcode != dns_rcode_nxdomain) ? nametext :
-		       query->lookup->textname, rcode_totext(msg->rcode));
+		printf("** server can't find %s: %s\n", nametext,
+		       rcodetext[msg->rcode]);
 		debug("returning with rcode == 0");
 		return (ISC_R_SUCCESS);
 	}
@@ -460,16 +440,13 @@ show_settings(isc_boolean_t full, isc_boolean_t serv_only) {
 	dig_server_t *srv;
 	isc_sockaddr_t sockaddr;
 	dig_searchlist_t *listent;
-	isc_result_t result;
 
 	srv = ISC_LIST_HEAD(server_list);
 
 	while (srv != NULL) {
 		char sockstr[ISC_SOCKADDR_FORMATSIZE];
 
-		result = get_address(srv->servername, port, &sockaddr);
-		check_result(result, "get_address");
-
+		get_address(srv->servername, port, &sockaddr);
 		isc_sockaddr_format(&sockaddr, sockstr, sizeof(sockstr));
 		printf("Default server: %s\nAddress: %s\n",
 			srv->userarg, sockstr);
@@ -527,7 +504,7 @@ testclass(char *typetext) {
 	tr.base = typetext;
 	tr.length = strlen(typetext);
 	result = dns_rdataclass_fromtext(&rdclass, &tr);
-	if (result == ISC_R_SUCCESS)
+	if (result == ISC_R_SUCCESS) 
 		return (ISC_TRUE);
 	else {
 		printf("unknown query class: %s\n", typetext);
@@ -535,6 +512,12 @@ testclass(char *typetext) {
 	}
 }
 
+static void
+safecpy(char *dest, char *src, int size) {
+	strncpy(dest, src, size);
+	dest[size-1] = 0;
+}
+
 static isc_result_t
 parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
 	   const char *desc) {
@@ -581,34 +564,34 @@ setoption(char *opt) {
 		show_settings(ISC_TRUE, ISC_FALSE);
 	} else if (strncasecmp(opt, "class=", 6) == 0) {
 		if (testclass(&opt[6]))
-			strlcpy(defclass, &opt[6], sizeof(defclass));
+			safecpy(defclass, &opt[6], sizeof(defclass));
 	} else if (strncasecmp(opt, "cl=", 3) == 0) {
 		if (testclass(&opt[3]))
-			strlcpy(defclass, &opt[3], sizeof(defclass));
+			safecpy(defclass, &opt[3], sizeof(defclass));
 	} else if (strncasecmp(opt, "type=", 5) == 0) {
 		if (testtype(&opt[5]))
-			strlcpy(deftype, &opt[5], sizeof(deftype));
+			safecpy(deftype, &opt[5], sizeof(deftype));
 	} else if (strncasecmp(opt, "ty=", 3) == 0) {
 		if (testtype(&opt[3]))
-			strlcpy(deftype, &opt[3], sizeof(deftype));
+			safecpy(deftype, &opt[3], sizeof(deftype));
 	} else if (strncasecmp(opt, "querytype=", 10) == 0) {
 		if (testtype(&opt[10]))
-			strlcpy(deftype, &opt[10], sizeof(deftype));
+			safecpy(deftype, &opt[10], sizeof(deftype));
 	} else if (strncasecmp(opt, "query=", 6) == 0) {
 		if (testtype(&opt[6]))
-			strlcpy(deftype, &opt[6], sizeof(deftype));
+			safecpy(deftype, &opt[6], sizeof(deftype));
 	} else if (strncasecmp(opt, "qu=", 3) == 0) {
 		if (testtype(&opt[3]))
-			strlcpy(deftype, &opt[3], sizeof(deftype));
+			safecpy(deftype, &opt[3], sizeof(deftype));
 	} else if (strncasecmp(opt, "q=", 2) == 0) {
 		if (testtype(&opt[2]))
-			strlcpy(deftype, &opt[2], sizeof(deftype));
+			safecpy(deftype, &opt[2], sizeof(deftype));
 	} else if (strncasecmp(opt, "domain=", 7) == 0) {
-		strlcpy(domainopt, &opt[7], sizeof(domainopt));
+		safecpy(domainopt, &opt[7], sizeof(domainopt));
 		set_search_domain(domainopt);
 		usesearch = ISC_TRUE;
 	} else if (strncasecmp(opt, "do=", 3) == 0) {
-		strlcpy(domainopt, &opt[3], sizeof(domainopt));
+		safecpy(domainopt, &opt[3], sizeof(domainopt));
 		set_search_domain(domainopt);
 		usesearch = ISC_TRUE;
 	} else if (strncasecmp(opt, "port=", 5) == 0) {
@@ -619,7 +602,7 @@ setoption(char *opt) {
 		set_timeout(&opt[8]);
 	} else if (strncasecmp(opt, "t=", 2) == 0) {
 		set_timeout(&opt[2]);
-	} else if (strncasecmp(opt, "rec", 3) == 0) {
+ 	} else if (strncasecmp(opt, "rec", 3) == 0) {
 		recurse = ISC_TRUE;
 	} else if (strncasecmp(opt, "norec", 5) == 0) {
 		recurse = ISC_FALSE;
@@ -627,21 +610,19 @@ setoption(char *opt) {
 		set_tries(&opt[6]);
 	} else if (strncasecmp(opt, "ret=", 4) == 0) {
 		set_tries(&opt[4]);
-	} else if (strncasecmp(opt, "def", 3) == 0) {
+ 	} else if (strncasecmp(opt, "def", 3) == 0) {
 		usesearch = ISC_TRUE;
 	} else if (strncasecmp(opt, "nodef", 5) == 0) {
 		usesearch = ISC_FALSE;
-	} else if (strncasecmp(opt, "vc", 3) == 0) {
+ 	} else if (strncasecmp(opt, "vc", 3) == 0) {
 		tcpmode = ISC_TRUE;
 	} else if (strncasecmp(opt, "novc", 5) == 0) {
 		tcpmode = ISC_FALSE;
-	} else if (strncasecmp(opt, "deb", 3) == 0) {
+ 	} else if (strncasecmp(opt, "deb", 3) == 0) {
 		short_form = ISC_FALSE;
-		showsearch = ISC_TRUE;
 	} else if (strncasecmp(opt, "nodeb", 5) == 0) {
 		short_form = ISC_TRUE;
-		showsearch = ISC_FALSE;
-	} else if (strncasecmp(opt, "d2", 2) == 0) {
+ 	} else if (strncasecmp(opt, "d2", 2) == 0) {
 		debugging = ISC_TRUE;
 	} else if (strncasecmp(opt, "nod2", 4) == 0) {
 		debugging = ISC_FALSE;
@@ -656,7 +637,7 @@ setoption(char *opt) {
 	} else if (strncasecmp(opt, "nofail", 3) == 0) {
 		nofail=ISC_TRUE;
 	} else {
-		printf("*** Invalid option: %s\n", opt);
+		printf("*** Invalid option: %s\n", opt);	
 	}
 }
 
@@ -687,11 +668,11 @@ addlookup(char *opt) {
 	lookup = make_empty_lookup();
 	if (get_reverse(store, sizeof(store), opt, lookup->ip6_int, ISC_TRUE)
 	    == ISC_R_SUCCESS) {
-		strlcpy(lookup->textname, store, sizeof(lookup->textname));
+		safecpy(lookup->textname, store, sizeof(lookup->textname));
 		lookup->rdtype = dns_rdatatype_ptr;
 		lookup->rdtypeset = ISC_TRUE;
 	} else {
-		strlcpy(lookup->textname, opt, sizeof(lookup->textname));
+		safecpy(lookup->textname, opt, sizeof(lookup->textname));
 		lookup->rdtype = rdtype;
 		lookup->rdtypeset = ISC_TRUE;
 	}

bin/dig/nslookup.docbook

@@ -1,10 +1,10 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007, 2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  -
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: nslookup.docbook,v 1.16.334.2 2010/02/22 23:47:53 tbox Exp $ -->
+<!-- $Id: nslookup.docbook,v 1.4.2.7 2006/01/06 00:01:43 marka Exp $ -->
 <!--
  - Copyright (c) 1985, 1989
  -    The Regents of the University of California.  All rights reserved.
@@ -72,8 +72,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
-      <year>2007</year>
-      <year>2010</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -130,11 +128,11 @@
       arguments and are prefixed with a hyphen.  For example, to
       change the default query type to host information, and the initial
       timeout to 10 seconds, type:
-      <!-- <informalexample> produces bad nroff. -->
+      <informalexample>
         <programlisting>
 nslookup -query=hinfo  -timeout=10
 </programlisting>
-      <!-- </informalexample> -->
+      </informalexample>
     </para>
 
   </refsect1>
@@ -143,7 +141,7 @@ nslookup -query=hinfo  -timeout=10
     <title>INTERACTIVE COMMANDS</title>
     <variablelist>
       <varlistentry>
-        <term><constant>host</constant> <optional>server</optional></term>
+        <term>host <optional>server</optional></term>
         <listitem>
           <para>
             Look up information for host using the current default server or
@@ -315,8 +313,9 @@ nslookup -query=hinfo  -timeout=10
                     <replaceable><optional>no</optional></replaceable>debug</constant></term>
                 <listitem>
                   <para>
-		    Turn on or off the display of the full response packet and
-		    any intermediate response packets when searching.
+                    Turn debugging mode on.  A lot more information is
+                    printed about the packet sent to the server and the
+                    resulting answer.
                   </para>
 		  <para>
                     (Default = nodebug; abbreviation = <optional>no</optional>deb)
@@ -329,8 +328,9 @@ nslookup -query=hinfo  -timeout=10
                     <replaceable><optional>no</optional></replaceable>d2</constant></term>
                 <listitem>
                   <para>
-                    Turn debugging mode on or off.  This displays more about
-	            what nslookup is doing.
+                    Turn debugging mode on.  A lot more information is
+                    printed about the packet sent to the server and the
+                    resulting answer.
                   </para>
 		  <para>
                     (Default = nod2)

bin/dig/nslookup.html

@@ -1,7 +1,7 @@
 <!--
- - Copyright (C) 2004-2007, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  - 
@@ -13,15 +13,15 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: nslookup.html,v 1.21.354.2 2010/02/23 01:56:02 tbox Exp $ -->
+<!-- $Id: nslookup.html,v 1.1.10.15 2006/06/29 13:03:01 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>nslookup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476276"></a><div class="titlepage"></div>
+<a name="id2482694"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
 <p>nslookup &#8212; query Internet name servers interactively</p>
@@ -31,7 +31,7 @@
 <div class="cmdsynopsis"><p><code class="command">nslookup</code>  [<code class="option">-option</code>] [name | -] [server]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543358"></a><h2>DESCRIPTION</h2>
+<a name="id2549413"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">Nslookup</strong></span>
       is a program to query Internet domain name servers.  <span><strong class="command">Nslookup</strong></span>
       has two modes: interactive and non-interactive.  Interactive mode allows
@@ -43,7 +43,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543374"></a><h2>ARGUMENTS</h2>
+<a name="id2549429"></a><h2>ARGUMENTS</h2>
 <p>
       Interactive mode is entered in the following cases:
       </p>
@@ -68,19 +68,17 @@
       arguments and are prefixed with a hyphen.  For example, to
       change the default query type to host information, and the initial
       timeout to 10 seconds, type:
-      
-        </p>
-<pre class="programlisting">
+      </p>
+<div class="informalexample"><pre class="programlisting">
 nslookup -query=hinfo  -timeout=10
-</pre>
+</pre></div>
 <p>
-      
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543418"></a><h2>INTERACTIVE COMMANDS</h2>
+<a name="id2549470"></a><h2>INTERACTIVE COMMANDS</h2>
 <div class="variablelist"><dl>
-<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
+<dt><span class="term">host [<span class="optional">server</span>]</span></dt>
 <dd>
 <p>
             Look up information for host using the current default server or
@@ -182,8 +180,9 @@ nslookup -query=hinfo  -timeout=10
                     <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
 <dd>
 <p>
-		    Turn on or off the display of the full response packet and
-		    any intermediate response packets when searching.
+                    Turn debugging mode on.  A lot more information is
+                    printed about the packet sent to the server and the
+                    resulting answer.
                   </p>
 <p>
                     (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
@@ -193,8 +192,9 @@ nslookup -query=hinfo  -timeout=10
                     <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
 <dd>
 <p>
-                    Turn debugging mode on or off.  This displays more about
-	            what nslookup is doing.
+                    Turn debugging mode on.  A lot more information is
+                    printed about the packet sent to the server and the
+                    resulting answer.
                   </p>
 <p>
                     (Default = nod2)
@@ -288,19 +288,19 @@ nslookup -query=hinfo  -timeout=10
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2546284"></a><h2>FILES</h2>
+<a name="id2550082"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2546296"></a><h2>SEE ALSO</h2>
+<a name="id2550093"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2546330"></a><h2>Author</h2>
+<a name="id2552380"></a><h2>Author</h2>
 <p>
       Andrew Cherenson
     </p>

bin/dig/win32/dig.dsp

@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dig.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dig.exe"
 
 !ELSEIF  "$(CFG)" == "dig - Win32 Debug"
 
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -90,6 +90,10 @@ LINK32=link.exe
 
 SOURCE=..\dig.c
 # End Source File
+# Begin Source File
+
+SOURCE=..\dighost.c
+# End Source File
 # End Group
 # Begin Group "Header Files"
 

bin/dig/win32/dig.mak

@@ -28,81 +28,6 @@ NULL=nul
 CPP=cl.exe
 RSC=rc.exe
 
-!IF  "$(CFG)" == "dig - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
 !IF  "$(CFG)" == "dig - Win32 Release"
 
 OUTDIR=.\Release
@@ -127,7 +52,6 @@ CLEAN :
 	-@erase "$(INTDIR)\dighost.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\dig.exe"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -151,7 +75,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "dig - Win32 Debug"
 
@@ -186,7 +109,6 @@ CLEAN :
 	-@erase "$(OUTDIR)\dig.pdb"
 	-@erase "..\..\..\Build\Debug\dig.exe"
 	-@erase "..\..\..\Build\Debug\dig.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -217,7 +139,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -405,21 +326,3 @@ SOURCE=..\dighost.c
 
 !ENDIF 
 
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dig/win32/dighost.dsp

@@ -1,113 +0,0 @@
-# Microsoft Developer Studio Project File - Name="dighost" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
-
-CFG=dighost - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "dighost.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dighost.mak" CFG="dighost - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dighost - Win32 Release" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE "dighost - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "dighost - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddighost
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /out:"Release/dighost.lib"
-
-!ELSEIF  "$(CFG)" == "dighost - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddighost
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /debug out:"Debug/dighost.lib"
-
-!ENDIF 
-
-# Begin Target
-
-# Name "dighost - Win32 Release"
-# Name "dighost - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# Begin Group "Main Dns Lib"
-
-# PROP Default_Filter "c"
-# Begin Source File
-
-SOURCE=..\dighost.c
-# End Source File
-# End Group
-# End Target
-# End Project

bin/dig/win32/dighost.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "dighost"=".\dighost.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dig/win32/host.dsp

@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/host.exe"
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/host.exe"
 
 !ELSEIF  "$(CFG)" == "host - Win32 Debug"
 
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -88,6 +88,10 @@ LINK32=link.exe
 # PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
 # Begin Source File
 
+SOURCE=..\dighost.c
+# End Source File
+# Begin Source File
+
 SOURCE=..\host.c
 # End Source File
 # End Group

bin/dig/win32/host.mak

@@ -28,81 +28,6 @@ NULL=nul
 CPP=cl.exe
 RSC=rc.exe
 
-!IF  "$(CFG)" == "host - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
 !IF  "$(CFG)" == "host - Win32 Release"
 
 OUTDIR=.\Release
@@ -127,7 +52,6 @@ CLEAN :
 	-@erase "$(INTDIR)\host.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\host.exe"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -151,7 +75,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "host - Win32 Debug"
 
@@ -186,7 +109,6 @@ CLEAN :
 	-@erase "$(OUTDIR)\host.pdb"
 	-@erase "..\..\..\Build\Debug\host.exe"
 	-@erase "..\..\..\Build\Debug\host.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -217,7 +139,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -405,21 +326,3 @@ SOURCE=..\host.c
 
 !ENDIF 
 
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dig/win32/nslookup.mak

@@ -28,81 +28,6 @@ NULL=nul
 CPP=cl.exe
 RSC=rc.exe
 
-!IF  "$(CFG)" == "nslookup - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
 !IF  "$(CFG)" == "nslookup - Win32 Release"
 
 OUTDIR=.\Release
@@ -127,7 +52,6 @@ CLEAN :
 	-@erase "$(INTDIR)\nslookup.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\nslookup.exe"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -151,7 +75,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "nslookup - Win32 Debug"
 
@@ -186,7 +109,6 @@ CLEAN :
 	-@erase "$(OUTDIR)\nslookup.pdb"
 	-@erase "..\..\..\Build\Debug\nslookup.exe"
 	-@erase "..\..\..\Build\Debug\nslookup.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -217,7 +139,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -405,21 +326,3 @@ SOURCE=..\nslookup.c
 
 !ENDIF 
 
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dnssec/.cvsignore

@@ -1,6 +1,4 @@
 Makefile
-dnssec-dsfromkey
-dnssec-keyfromlabel
 dnssec-keygen
 dnssec-makekeyset
 dnssec-signkey

bin/dnssec/Makefile.in

@@ -1,7 +1,7 @@
-# Copyright (C) 2004, 2005, 2007, 2008  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 2000-2002  Internet Software Consortium.
 #
-# Permission to use, copy, modify, and/or distribute this software for any
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.35 2008/11/07 02:28:49 marka Exp $
+# $Id: Makefile.in,v 1.26.18.4 2005/05/02 00:26:11 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -39,32 +39,20 @@ DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
 LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
 
 # Alphabetically
-TARGETS =	dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@ \
-		dnssec-keyfromlabel@EXEEXT@ dnssec-dsfromkey@EXEEXT@
+TARGETS =	dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@
 
 OBJS =		dnssectool.@O@
 
-SRCS =		dnssec-dsfromkey.c dnssec-keyfromlabel.c dnssec-keygen.c \
-		dnssec-signzone.c dnssectool.c
+SRCS =		dnssec-keygen.c dnssec-signzone.c dnssectool.c
 
-MANPAGES =	dnssec-dsfromkey.8 dnssec-keyfromlabel.8 dnssec-keygen.8 \
-		dnssec-signzone.8
+MANPAGES =	dnssec-keygen.8 dnssec-signzone.8
 
-HTMLPAGES =	dnssec-dsfromkey.html dnssec-keyfromlabel.html \
-		dnssec-keygen.html dnssec-signzone.html 
+HTMLPAGES =	dnssec-keygen.html dnssec-signzone.html
 
 MANOBJS =	${MANPAGES} ${HTMLPAGES}
 
 @BIND9_MAKE_RULES@
 
-dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dnssec-dsfromkey.@O@ ${OBJS} ${LIBS}
-
-dnssec-keyfromlabel@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dnssec-keyfromlabel.@O@ ${OBJS} ${LIBS}
-
 dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
 	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
 	dnssec-keygen.@O@ ${OBJS} ${LIBS}

bin/dnssec/dnssec-dsfromkey.8

@@ -1,124 +0,0 @@
-.\" Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-dsfromkey.8,v 1.5.14.1 2010/05/19 02:06:11 tbox Exp $
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-dsfromkey
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: November 29, 2008
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-DSFROMKEY" "8" "November 29, 2008" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-dsfromkey \- DNSSEC DS RR generation tool
-.SH "SYNOPSIS"
-.HP 17
-\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] {keyfile}
-.HP 17
-\fBdnssec\-dsfromkey\fR {\-s} [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdir\fR\fR] {dnsname}
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-dsfromkey\fR
-outputs the Delegation Signer (DS) resource record (RR), as defined in RFC 3658 and RFC 4509, for the given key(s).
-.SH "OPTIONS"
-.PP
-\-1
-.RS 4
-Use SHA\-1 as the digest algorithm (the default is to use both SHA\-1 and SHA\-256).
-.RE
-.PP
-\-2
-.RS 4
-Use SHA\-256 as the digest algorithm.
-.RE
-.PP
-\-a \fIalgorithm\fR
-.RS 4
-Select the digest algorithm. The value of
-\fBalgorithm\fR
-must be one of SHA\-1 (SHA1) or SHA\-256 (SHA256). These values are case insensitive.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.PP
-\-s
-.RS 4
-Keyset mode: in place of the keyfile name, the argument is the DNS domain name of a keyset file. Following options make sense only in this mode.
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Specifies the DNS class (default is IN), useful only in the keyset mode.
-.RE
-.PP
-\-d \fIdirectory\fR
-.RS 4
-Look for
-\fIkeyset\fR
-files in
-\fBdirectory\fR
-as the directory, ignored when not in the keyset mode.
-.RE
-.SH "EXAMPLE"
-.PP
-To build the SHA\-256 DS RR from the
-\fBKexample.com.+003+26160\fR
-keyfile name, the following command would be issued:
-.PP
-\fBdnssec\-dsfromkey \-2 Kexample.com.+003+26160\fR
-.PP
-The command would print something like:
-.PP
-\fBexample.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94\fR
-.SH "FILES"
-.PP
-The keyfile can be designed by the key identification
-\fIKnnnn.+aaa+iiiii\fR
-or the full file name
-\fIKnnnn.+aaa+iiiii.key\fR
-as generated by
-dnssec\-keygen(8).
-.PP
-The keyset file name is built from the
-\fBdirectory\fR, the string
-\fIkeyset\-\fR
-and the
-\fBdnsname\fR.
-.SH "CAVEAT"
-.PP
-A keyfile error can give a "file not found" even if the file exists.
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 3658,
-RFC 4509.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2008 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dnssec/dnssec-dsfromkey.c

@@ -1,404 +0,0 @@
-/*
- * Copyright (C) 2008-2010  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: dnssec-dsfromkey.c,v 1.2.14.6 2010/01/11 23:47:22 tbox Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdlib.h>
-
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/hash.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/db.h>
-#include <dns/dbiterator.h>
-#include <dns/ds.h>
-#include <dns/fixedname.h>
-#include <dns/log.h>
-#include <dns/name.h>
-#include <dns/rdata.h>
-#include <dns/rdataclass.h>
-#include <dns/rdataset.h>
-#include <dns/rdatasetiter.h>
-#include <dns/rdatatype.h>
-#include <dns/result.h>
-
-#include <dst/dst.h>
-
-#include "dnssectool.h"
-
-const char *program = "dnssec-dsfromkey";
-int verbose;
-
-static dns_rdataclass_t rdclass;
-static dns_fixedname_t  fixed;
-static dns_name_t       *name = NULL;
-static dns_db_t         *db = NULL;
-static dns_dbnode_t     *node = NULL;
-static dns_rdataset_t   keyset;
-static isc_mem_t        *mctx = NULL;
-
-static void
-loadkeys(char *dirname, char *setname)
-{
-	isc_result_t     result;
-	char             filename[1024];
-	isc_buffer_t     buf;
-
-	dns_rdataset_init(&keyset);
-	dns_fixedname_init(&fixed);
-	name = dns_fixedname_name(&fixed);
-
-	isc_buffer_init(&buf, setname, strlen(setname));
-	isc_buffer_add(&buf, strlen(setname));
-	result = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't convert DNS name %s", setname);
-
-	isc_buffer_init(&buf, filename, sizeof(filename));
-	if (dirname != NULL) {
-		if (isc_buffer_availablelength(&buf) < strlen(dirname))
-			fatal("directory name '%s' too long", dirname);
-		isc_buffer_putstr(&buf, dirname);
-		if (dirname[strlen(dirname) - 1] != '/') {
-			if (isc_buffer_availablelength(&buf) < 1)
-				fatal("directory name '%s' too long", dirname);
-			isc_buffer_putstr(&buf, "/");
-		}
-	}
-
-	if (isc_buffer_availablelength(&buf) < strlen("keyset-"))
-		fatal("directory name '%s' too long", dirname);
-	isc_buffer_putstr(&buf, "keyset-");
-	result = dns_name_tofilenametext(name, ISC_FALSE, &buf);
-	check_result(result, "dns_name_tofilenametext()");
-	if (isc_buffer_availablelength(&buf) == 0)
-		fatal("name %s too long", setname);
-	isc_buffer_putuint8(&buf, 0);
-
-	result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
-			       rdclass, 0, NULL, &db);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't create database");
-
-	result = dns_db_load(db, filename);
-	if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
-		fatal("can't load %s: %s", filename, isc_result_totext(result));
-
-	result = dns_db_findnode(db, name, ISC_FALSE, &node);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't find %s node in %s", setname, filename);
-
-	result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey,
-				     0, 0, &keyset, NULL);
-	if (result == ISC_R_NOTFOUND)
-		fatal("no DNSKEY RR for %s in %s", setname, filename);
-	else if (result != ISC_R_SUCCESS)
-		fatal("dns_db_findrdataset");
-}
-
-static void
-loadkey(char *filename, unsigned char *key_buf, unsigned int key_buf_size,
-	dns_rdata_t *rdata)
-{
-	isc_result_t  result;
-	dst_key_t     *key = NULL;
-	isc_buffer_t  keyb;
-	isc_region_t  r;
-
-	dns_rdataset_init(&keyset);
-	dns_rdata_init(rdata);
-
-	isc_buffer_init(&keyb, key_buf, key_buf_size);
-
-	result = dst_key_fromnamedfile(filename, DST_TYPE_PUBLIC, mctx, &key);
-	if (result != ISC_R_SUCCESS)
-		fatal("invalid keyfile name %s: %s",
-		      filename, isc_result_totext(result));
-
-	if (verbose > 2) {
-		char keystr[KEY_FORMATSIZE];
-
-		key_format(key, keystr, sizeof(keystr));
-		fprintf(stderr, "%s: %s\n", program, keystr);
-	}
-
-	result = dst_key_todns(key, &keyb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't decode key");
-
-	isc_buffer_usedregion(&keyb, &r);
-	dns_rdata_fromregion(rdata, dst_key_class(key),
-			     dns_rdatatype_dnskey, &r);
-
-	rdclass = dst_key_class(key);
-
-	dns_fixedname_init(&fixed);
-	name = dns_fixedname_name(&fixed);
-	result = dns_name_copy(dst_key_name(key), name, NULL);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't copy name");
-
-	dst_key_free(&key);
-}
-
-static void
-logkey(dns_rdata_t *rdata)
-{
-	isc_result_t result;
-	dst_key_t    *key = NULL;
-	isc_buffer_t buf;
-	char         keystr[KEY_FORMATSIZE];
-
-	isc_buffer_init(&buf, rdata->data, rdata->length);
-	isc_buffer_add(&buf, rdata->length);
-	result = dst_key_fromdns(name, rdclass, &buf, mctx, &key);
-	if (result != ISC_R_SUCCESS)
-		return;
-
-	key_format(key, keystr, sizeof(keystr));
-	fprintf(stderr, "%s: %s\n", program, keystr);
-
-	dst_key_free(&key);
-}
-
-static void
-emitds(unsigned int dtype, dns_rdata_t *rdata)
-{
-	isc_result_t   result;
-	unsigned char  buf[DNS_DS_BUFFERSIZE];
-	char           text_buf[DST_KEY_MAXTEXTSIZE];
-	char           class_buf[10];
-	isc_buffer_t   textb, classb;
-	isc_region_t   r;
-	dns_rdata_t    ds;
-
-	isc_buffer_init(&textb, text_buf, sizeof(text_buf));
-	isc_buffer_init(&classb, class_buf, sizeof(class_buf));
-
-	dns_rdata_init(&ds);
-
-	result = dns_ds_buildrdata(name, rdata, dtype, buf, &ds);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't build DS");
-
-	result = dns_rdata_totext(&ds, (dns_name_t *) NULL, &textb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't print DS rdata");
-
-	result = dns_rdataclass_totext(rdclass, &classb);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't print DS class");
-
-	result = dns_name_print(name, stdout);
-	if (result != ISC_R_SUCCESS)
-		fatal("can't print DS name");
-
-	putchar(' ');
-
-	isc_buffer_usedregion(&classb, &r);
-	isc_util_fwrite(r.base, 1, r.length, stdout);
-
-	printf(" DS ");
-
-	isc_buffer_usedregion(&textb, &r);
-	isc_util_fwrite(r.base, 1, r.length, stdout);
-	putchar('\n');
-}
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr,	"    %s options keyfile\n\n", program);
-	fprintf(stderr, "    %s options [-c class] [-d dir] -s dnsname\n\n",
-		program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-	fprintf(stderr, "Options:\n");
-	fprintf(stderr, "    -v <verbose level>\n");
-	fprintf(stderr, "    -1: use SHA-1\n");
-	fprintf(stderr, "    -2: use SHA-256\n");
-	fprintf(stderr, "    -a algorithm: use algorithm\n");
-	fprintf(stderr, "Keyset options:\n");
-	fprintf(stderr, "    -s: keyset mode\n");
-	fprintf(stderr, "    -c class\n");
-	fprintf(stderr, "    -d directory\n");
-	fprintf(stderr, "Output: DS RRs\n");
-
-	exit (-1);
-}
-
-int
-main(int argc, char **argv) {
-	char           *algname = NULL, *classname = NULL, *dirname = NULL;
-	char           *endp;
-	int            ch;
-	unsigned int   dtype = DNS_DSDIGEST_SHA1;
-	isc_boolean_t  both = ISC_TRUE;
-	isc_boolean_t  usekeyset = ISC_FALSE;
-	isc_result_t   result;
-	isc_log_t      *log = NULL;
-	isc_entropy_t  *ectx = NULL;
-	dns_rdata_t    rdata;
-
-	dns_rdata_init(&rdata);
-
-	if (argc == 1)
-		usage();
-
-	result = isc_mem_create(0, 0, &mctx);
-	if (result != ISC_R_SUCCESS)
-		fatal("out of memory");
-
-	dns_result_register();
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((ch = isc_commandline_parse(argc, argv,
-					   "12a:c:d:sv:h")) != -1) {
-		switch (ch) {
-		case '1':
-			dtype = DNS_DSDIGEST_SHA1;
-			both = ISC_FALSE;
-			break;
-		case '2':
-			dtype = DNS_DSDIGEST_SHA256;
-			both = ISC_FALSE;
-			break;
-		case 'a':
-			algname = isc_commandline_argument;
-			both = ISC_FALSE;
-			break;
-		case 'c':
-			classname = isc_commandline_argument;
-			break;
-		case 'd':
-			dirname = isc_commandline_argument;
-			break;
-		case 's':
-			usekeyset = ISC_TRUE;
-			break;
-		case 'v':
-			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("-v must be followed by a number");
-			break;
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-			/* Falls into */
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (algname != NULL) {
-		if (strcasecmp(algname, "SHA1") == 0 ||
-		    strcasecmp(algname, "SHA-1") == 0)
-			dtype = DNS_DSDIGEST_SHA1;
-		else if (strcasecmp(algname, "SHA256") == 0 ||
-			 strcasecmp(algname, "SHA-256") == 0)
-			dtype = DNS_DSDIGEST_SHA256;
-		else
-			fatal("unknown algorithm %s", algname);
-	}
-
-	rdclass = strtoclass(classname);
-
-	if (argc < isc_commandline_index + 1)
-		fatal("the key file name was not specified");
-	if (argc > isc_commandline_index + 1)
-		fatal("extraneous arguments");
-
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
-	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
-	if (result != ISC_R_SUCCESS)
-		fatal("could not initialize hash");
-	result = dst_lib_init(mctx, ectx,
-			      ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
-	if (result != ISC_R_SUCCESS)
-		fatal("could not initialize dst");
-	isc_entropy_stopcallbacksources(ectx);
-
-	setup_logging(verbose, mctx, &log);
-
-	if (usekeyset) {
-		loadkeys(dirname, argv[isc_commandline_index]);
-
-		for (result = dns_rdataset_first(&keyset);
-		     result == ISC_R_SUCCESS;
-		     result = dns_rdataset_next(&keyset)) {
-			dns_rdata_init(&rdata);
-			dns_rdataset_current(&keyset, &rdata);
-
-			if (verbose > 2)
-				logkey(&rdata);
-
-			if (both) {
-				emitds(DNS_DSDIGEST_SHA1, &rdata);
-				emitds(DNS_DSDIGEST_SHA256, &rdata);
-			} else
-				emitds(dtype, &rdata);
-		}
-	} else {
-		unsigned char key_buf[DST_KEY_MAXSIZE];
-
-		loadkey(argv[isc_commandline_index], key_buf,
-			DST_KEY_MAXSIZE, &rdata);
-
-		if (both) {
-			emitds(DNS_DSDIGEST_SHA1, &rdata);
-			emitds(DNS_DSDIGEST_SHA256, &rdata);
-		} else
-			emitds(dtype, &rdata);
-	}
-
-	if (dns_rdataset_isassociated(&keyset))
-		dns_rdataset_disassociate(&keyset);
-	if (node != NULL)
-		dns_db_detachnode(db, &node);
-	if (db != NULL)
-		dns_db_detach(&db);
-	cleanup_logging(&log);
-	dst_lib_destroy();
-	isc_hash_destroy();
-	cleanup_entropy(&ectx);
-	dns_name_destroy();
-	if (verbose > 10)
-		isc_mem_stats(mctx, stdout);
-	isc_mem_destroy(&mctx);
-
-	fflush(stdout);
-	if (ferror(stdout)) {
-		fprintf(stderr, "write error\n");
-		return (1);
-	} else
-		return (0);
-}

bin/dnssec/dnssec-dsfromkey.docbook

@@ -1,214 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-               [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2008  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: dnssec-dsfromkey.docbook,v 1.6 2008/11/07 13:54:11 jreed Exp $ -->
-<refentry id="man.dnssec-dsfromkey">
-  <refentryinfo>
-    <date>November 29, 2008</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-dsfromkey</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-dsfromkey</application></refname>
-    <refpurpose>DNSSEC DS RR generation tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2008</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-dsfromkey</command>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-1</option></arg>
-      <arg><option>-2</option></arg>
-      <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
-      <arg choice="req">keyfile</arg>
-    </cmdsynopsis>
-    <cmdsynopsis>
-      <command>dnssec-dsfromkey</command>
-      <arg choice="req">-s</arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg><option>-1</option></arg>
-      <arg><option>-2</option></arg>
-      <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-d <replaceable class="parameter">dir</replaceable></option></arg>
-      <arg choice="req">dnsname</arg>
-   </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-dsfromkey</command>
-      outputs the Delegation Signer (DS) resource record (RR), as defined in
-      RFC 3658 and RFC 4509, for the given key(s).
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-1</term>
-        <listitem>
-          <para>
-            Use SHA-1 as the digest algorithm (the default is to use
-            both SHA-1 and SHA-256).
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-2</term>
-        <listitem>
-          <para>
-            Use SHA-256 as the digest algorithm.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
-        <listitem>
-          <para>
-            Select the digest algorithm. The value of
-            <option>algorithm</option> must be one of SHA-1 (SHA1) or
-            SHA-256 (SHA256). These values are case insensitive.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-s</term>
-        <listitem>
-          <para>
-            Keyset mode: in place of the keyfile name, the argument is
-            the DNS domain name of a keyset file. Following options make sense
-            only in this mode.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the DNS class (default is IN), useful only
-            in the keyset mode.
-          </para>
-	  </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-d <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Look for <filename>keyset</filename> files in
-            <option>directory</option> as the directory, ignored when
-            not in the keyset mode.
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>EXAMPLE</title>
-    <para>
-      To build the SHA-256 DS RR from the
-      <userinput>Kexample.com.+003+26160</userinput>
-      keyfile name, the following command would be issued:
-    </para>
-    <para><userinput>dnssec-dsfromkey -2 Kexample.com.+003+26160</userinput>
-    </para>
-    <para>
-      The command would print something like:
-    </para>
-    <para><userinput>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</userinput>
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>FILES</title>
-    <para>
-      The keyfile can be designed by the key identification
-      <filename>Knnnn.+aaa+iiiii</filename> or the full file name
-      <filename>Knnnn.+aaa+iiiii.key</filename> as generated by
-      <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>.
-    </para>
-    <para>
-      The keyset file name is built from the <option>directory</option>,
-      the string <filename>keyset-</filename> and the
-      <option>dnsname</option>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>CAVEAT</title>
-    <para>
-      A keyfile error can give a "file not found" even if the file exists.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 3658</citetitle>,
-      <citetitle>RFC 4509</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-dsfromkey.html

@@ -1,132 +0,0 @@
-<!--
- - Copyright (C) 2008 Internet Systems Consortium, Inc. ("ISC")
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id: dnssec-dsfromkey.html,v 1.5.14.1 2010/05/19 02:06:11 tbox Exp $ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dnssec-dsfromkey</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dnssec-dsfromkey"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">dnssec-dsfromkey</span> &#8212; DNSSEC DS RR generation tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] {keyfile}</p></div>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  {-s} [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>dir</code></em></code>] {dnsname}</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543424"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-dsfromkey</strong></span>
-      outputs the Delegation Signer (DS) resource record (RR), as defined in
-      RFC 3658 and RFC 4509, for the given key(s).
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543435"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-1</span></dt>
-<dd><p>
-            Use SHA-1 as the digest algorithm (the default is to use
-            both SHA-1 and SHA-256).
-          </p></dd>
-<dt><span class="term">-2</span></dt>
-<dd><p>
-            Use SHA-256 as the digest algorithm.
-          </p></dd>
-<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd><p>
-            Select the digest algorithm. The value of
-            <code class="option">algorithm</code> must be one of SHA-1 (SHA1) or
-            SHA-256 (SHA256). These values are case insensitive.
-          </p></dd>
-<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-            Sets the debugging level.
-          </p></dd>
-<dt><span class="term">-s</span></dt>
-<dd><p>
-            Keyset mode: in place of the keyfile name, the argument is
-            the DNS domain name of a keyset file. Following options make sense
-            only in this mode.
-          </p></dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
-            Specifies the DNS class (default is IN), useful only
-            in the keyset mode.
-          </p></dd>
-<dt><span class="term">-d <em class="replaceable"><code>directory</code></em></span></dt>
-<dd><p>
-            Look for <code class="filename">keyset</code> files in
-            <code class="option">directory</code> as the directory, ignored when
-            not in the keyset mode.
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543563"></a><h2>EXAMPLE</h2>
-<p>
-      To build the SHA-256 DS RR from the
-      <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
-      keyfile name, the following command would be issued:
-    </p>
-<p><strong class="userinput"><code>dnssec-dsfromkey -2 Kexample.com.+003+26160</code></strong>
-    </p>
-<p>
-      The command would print something like:
-    </p>
-<p><strong class="userinput"><code>example.com. IN DS 26160 5 2 3A1EADA7A74B8D0BA86726B0C227AA85AB8BBD2B2004F41A868A54F0 C5EA0B94</code></strong>
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543593"></a><h2>FILES</h2>
-<p>
-      The keyfile can be designed by the key identification
-      <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
-      <code class="filename">Knnnn.+aaa+iiiii.key</code> as generated by
-      <span class="refentrytitle">dnssec-keygen</span>(8).
-    </p>
-<p>
-      The keyset file name is built from the <code class="option">directory</code>,
-      the string <code class="filename">keyset-</code> and the
-      <code class="option">dnsname</code>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543628"></a><h2>CAVEAT</h2>
-<p>
-      A keyfile error can give a "file not found" even if the file exists.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543638"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 3658</em>,
-      <em class="citetitle">RFC 4509</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543674"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/dnssec/dnssec-keyfromlabel.8

@@ -1,153 +0,0 @@
-.\" Copyright (C) 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
-.\" purpose with or without fee is hereby granted, provided that the above
-.\" copyright notice and this permission notice appear in all copies.
-.\" 
-.\" THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-.\" REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-.\" AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-.\" INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-.\" LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-.\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-.\" PERFORMANCE OF THIS SOFTWARE.
-.\"
-.\" $Id: dnssec-keyfromlabel.8,v 1.6.14.3 2010/01/16 01:55:32 tbox Exp $
-.\"
-.hy 0
-.ad l
-.\"     Title: dnssec\-keyfromlabel
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: February 8, 2008
-.\"    Manual: BIND9
-.\"    Source: BIND9
-.\"
-.TH "DNSSEC\-KEYFROMLABEL" "8" "February 8, 2008" "BIND9" "BIND9"
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.SH "NAME"
-dnssec\-keyfromlabel \- DNSSEC key generation tool
-.SH "SYNOPSIS"
-.HP 20
-\fBdnssec\-keyfromlabel\fR {\-a\ \fIalgorithm\fR} {\-l\ \fIlabel\fR} [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-k\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {name}
-.SH "DESCRIPTION"
-.PP
-\fBdnssec\-keyfromlabel\fR
-gets keys with the given label from a crypto hardware and builds key files for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034.
-.SH "OPTIONS"
-.PP
-\-a \fIalgorithm\fR
-.RS 4
-Selects the cryptographic algorithm. The value of
-\fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or DH (Diffie Hellman). These values are case insensitive.
-.sp
-If no algorithm is specified, then RSASHA1 will be used by default, unless the
-\fB\-3\fR
-option is specified, in which case NSEC3RSASHA1 will be used instead. (If
-\fB\-3\fR
-is used and an algorithm is specified, that algorithm will be checked for compatibility with NSEC3.)
-.sp
-Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended.
-.sp
-Note 2: DH automatically sets the \-k flag.
-.RE
-.PP
-\-l \fIlabel\fR
-.RS 4
-Specifies the label of keys in the crypto hardware (PKCS#11 device).
-.RE
-.PP
-\-n \fInametype\fR
-.RS 4
-Specifies the owner type of the key. The value of
-\fBnametype\fR
-must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
-.RE
-.PP
-\-f \fIflag\fR
-.RS 4
-Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY.
-.RE
-.PP
-\-h
-.RS 4
-Prints a short summary of the options and arguments to
-\fBdnssec\-keygen\fR.
-.RE
-.PP
-\-k
-.RS 4
-Generate KEY records rather than DNSKEY records.
-.RE
-.PP
-\-p \fIprotocol\fR
-.RS 4
-Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
-.RE
-.PP
-\-t \fItype\fR
-.RS 4
-Indicates the use of the key.
-\fBtype\fR
-must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
-.RE
-.PP
-\-v \fIlevel\fR
-.RS 4
-Sets the debugging level.
-.RE
-.SH "GENERATED KEY FILES"
-.PP
-When
-\fBdnssec\-keyfromlabel\fR
-completes successfully, it prints a string of the form
-\fIKnnnn.+aaa+iiiii\fR
-to the standard output. This is an identification string for the key files it has generated.
-.TP 4
-\(bu
-\fInnnn\fR
-is the key name.
-.TP 4
-\(bu
-\fIaaa\fR
-is the numeric representation of the algorithm.
-.TP 4
-\(bu
-\fIiiiii\fR
-is the key identifier (or footprint).
-.PP
-\fBdnssec\-keyfromlabel\fR
-creates two files, with names based on the printed string.
-\fIKnnnn.+aaa+iiiii.key\fR
-contains the public key, and
-\fIKnnnn.+aaa+iiiii.private\fR
-contains the private key.
-.PP
-The
-\fI.key\fR
-file contains a DNS KEY record that can be inserted into a zone file (directly or with a $INCLUDE statement).
-.PP
-The
-\fI.private\fR
-file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission.
-.SH "SEE ALSO"
-.PP
-\fBdnssec\-keygen\fR(8),
-\fBdnssec\-signzone\fR(8),
-BIND 9 Administrator Reference Manual,
-RFC 4034.
-.SH "AUTHOR"
-.PP
-Internet Systems Consortium
-.SH "COPYRIGHT"
-Copyright \(co 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dnssec/dnssec-keyfromlabel.c

@@ -1,334 +0,0 @@
-/*
- * Copyright (C) 2007, 2008, 2010, 2011  Internet Systems Consortium, Inc. ("ISC")
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
- */
-
-/* $Id: dnssec-keyfromlabel.c,v 1.4.50.4 2011/03/12 04:57:22 tbox Exp $ */
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdlib.h>
-
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/entropy.h>
-#include <isc/mem.h>
-#include <isc/region.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <dns/fixedname.h>
-#include <dns/keyvalues.h>
-#include <dns/log.h>
-#include <dns/name.h>
-#include <dns/rdataclass.h>
-#include <dns/result.h>
-#include <dns/secalg.h>
-
-#include <dst/dst.h>
-
-#include "dnssectool.h"
-
-#define MAX_RSA 4096 /* should be long enough... */
-
-const char *program = "dnssec-keyfromlabel";
-int verbose;
-
-static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
-			  " NSEC3DSA | NSEC3RSASHA1 |"
-			  " RSASHA256 | RSASHA512";
-
-static void
-usage(void) {
-	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s -a alg -l label [options] name\n\n",
-		program);
-	fprintf(stderr, "Version: %s\n", VERSION);
-	fprintf(stderr, "Required options:\n");
-	fprintf(stderr, "    -a algorithm: %s\n", algs);
-	fprintf(stderr, "    -l label: label of the key\n");
-	fprintf(stderr, "    name: owner of the key\n");
-	fprintf(stderr, "Other options:\n");
-	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
-	fprintf(stderr, "        (DNSKEY generation defaults to ZONE\n");
-	fprintf(stderr, "    -c <class> (default: IN)\n");
-	fprintf(stderr, "    -f keyflag: KSK\n");
-	fprintf(stderr, "    -t <type>: "
-		"AUTHCONF | NOAUTHCONF | NOAUTH | NOCONF "
-		"(default: AUTHCONF)\n");
-	fprintf(stderr, "    -p <protocol>: "
-	       "default: 3 [dnssec]\n");
-	fprintf(stderr, "    -v <verbose level>\n");
-	fprintf(stderr, "    -k : generate a TYPE=KEY key\n");
-	fprintf(stderr, "Output:\n");
-	fprintf(stderr, "     K<name>+<alg>+<id>.key, "
-		"K<name>+<alg>+<id>.private\n");
-
-	exit (-1);
-}
-
-int
-main(int argc, char **argv) {
-	char		*algname = NULL, *nametype = NULL, *type = NULL;
-	char		*classname = NULL;
-	char		*endp;
-	dst_key_t	*key = NULL, *oldkey;
-	dns_fixedname_t	fname;
-	dns_name_t	*name;
-	isc_uint16_t	flags = 0, ksk = 0;
-	dns_secalg_t	alg;
-	isc_boolean_t	null_key = ISC_FALSE;
-	isc_mem_t	*mctx = NULL;
-	int		ch;
-	int		protocol = -1, signatory = 0;
-	isc_result_t	ret;
-	isc_textregion_t r;
-	char		filename[255];
-	isc_buffer_t	buf;
-	isc_log_t	*log = NULL;
-	isc_entropy_t	*ectx = NULL;
-	dns_rdataclass_t rdclass;
-	int		options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
-	char		*label = NULL;
-
-	if (argc == 1)
-		usage();
-
-	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
-
-	dns_result_register();
-
-	isc_commandline_errprint = ISC_FALSE;
-
-	while ((ch = isc_commandline_parse(argc, argv,
-					 "a:c:f:kl:n:p:t:v:h")) != -1)
-	{
-	    switch (ch) {
-		case 'a':
-			algname = isc_commandline_argument;
-			break;
-		case 'c':
-			classname = isc_commandline_argument;
-			break;
-		case 'f':
-			if (strcasecmp(isc_commandline_argument, "KSK") == 0)
-				ksk = DNS_KEYFLAG_KSK;
-			else
-				fatal("unknown flag '%s'",
-				      isc_commandline_argument);
-			break;
-		case 'k':
-			options |= DST_TYPE_KEY;
-			break;
-		case 'l':
-			label = isc_commandline_argument;
-			break;
-		case 'n':
-			nametype = isc_commandline_argument;
-			break;
-		case 'p':
-			protocol = strtol(isc_commandline_argument, &endp, 10);
-			if (*endp != '\0' || protocol < 0 || protocol > 255)
-				fatal("-p must be followed by a number "
-				      "[0..255]");
-			break;
-		case 't':
-			type = isc_commandline_argument;
-			break;
-		case 'v':
-			verbose = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0')
-				fatal("-v must be followed by a number");
-			break;
-
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (ectx == NULL)
-		setup_entropy(mctx, NULL, &ectx);
-	ret = dst_lib_init(mctx, ectx,
-			   ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
-	if (ret != ISC_R_SUCCESS)
-		fatal("could not initialize dst");
-
-	setup_logging(verbose, mctx, &log);
-
-	if (label == NULL)
-		fatal("the key label was not specified");
-	if (argc < isc_commandline_index + 1)
-		fatal("the key name was not specified");
-	if (argc > isc_commandline_index + 1)
-		fatal("extraneous arguments");
-
-	if (algname == NULL)
-		fatal("no algorithm was specified");
-	if (strcasecmp(algname, "RSA") == 0) {
-		fprintf(stderr, "The use of RSA (RSAMD5) is not recommended.\n"
-				"If you still wish to use RSA (RSAMD5) please "
-				"specify \"-a RSAMD5\"\n");
-		return (1);
-	} else {
-		r.base = algname;
-		r.length = strlen(algname);
-		ret = dns_secalg_fromtext(&alg, &r);
-		if (ret != ISC_R_SUCCESS)
-			fatal("unknown algorithm %s", algname);
-		if (alg == DST_ALG_DH)
-			options |= DST_TYPE_KEY;
-	}
-
-	if (type != NULL && (options & DST_TYPE_KEY) != 0) {
-		if (strcasecmp(type, "NOAUTH") == 0)
-			flags |= DNS_KEYTYPE_NOAUTH;
-		else if (strcasecmp(type, "NOCONF") == 0)
-			flags |= DNS_KEYTYPE_NOCONF;
-		else if (strcasecmp(type, "NOAUTHCONF") == 0) {
-			flags |= (DNS_KEYTYPE_NOAUTH | DNS_KEYTYPE_NOCONF);
-		}
-		else if (strcasecmp(type, "AUTHCONF") == 0)
-			/* nothing */;
-		else
-			fatal("invalid type %s", type);
-	}
-
-	if (nametype == NULL) {
-		if ((options & DST_TYPE_KEY) != 0) /* KEY */
-			fatal("no nametype specified");
-		flags |= DNS_KEYOWNER_ZONE;	/* DNSKEY */
-	} else if (strcasecmp(nametype, "zone") == 0)
-		flags |= DNS_KEYOWNER_ZONE;
-	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY */
-		if (strcasecmp(nametype, "host") == 0 ||
-			 strcasecmp(nametype, "entity") == 0)
-			flags |= DNS_KEYOWNER_ENTITY;
-		else if (strcasecmp(nametype, "user") == 0)
-			flags |= DNS_KEYOWNER_USER;
-		else
-			fatal("invalid KEY nametype %s", nametype);
-	} else if (strcasecmp(nametype, "other") != 0) /* DNSKEY */
-		fatal("invalid DNSKEY nametype %s", nametype);
-
-	rdclass = strtoclass(classname);
-
-	if ((options & DST_TYPE_KEY) != 0)  /* KEY */
-		flags |= signatory;
-	else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */
-		flags |= ksk;
-
-	if (protocol == -1)
-		protocol = DNS_KEYPROTO_DNSSEC;
-	else if ((options & DST_TYPE_KEY) == 0 &&
-		 protocol != DNS_KEYPROTO_DNSSEC)
-		fatal("invalid DNSKEY protocol: %d", protocol);
-
-	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
-		if ((flags & DNS_KEYFLAG_SIGNATORYMASK) != 0)
-			fatal("specified null key with signing authority");
-	}
-
-	if ((flags & DNS_KEYFLAG_OWNERMASK) == DNS_KEYOWNER_ZONE &&
-	    alg == DNS_KEYALG_DH)
-		fatal("a key with algorithm '%s' cannot be a zone key",
-		      algname);
-
-	dns_fixedname_init(&fname);
-	name = dns_fixedname_name(&fname);
-	isc_buffer_init(&buf, argv[isc_commandline_index],
-			strlen(argv[isc_commandline_index]));
-	isc_buffer_add(&buf, strlen(argv[isc_commandline_index]));
-	ret = dns_name_fromtext(name, &buf, dns_rootname, ISC_FALSE, NULL);
-	if (ret != ISC_R_SUCCESS)
-		fatal("invalid key name %s: %s", argv[isc_commandline_index],
-		      isc_result_totext(ret));
-
-	if ((flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY)
-		null_key = ISC_TRUE;
-
-	isc_buffer_init(&buf, filename, sizeof(filename) - 1);
-
-	/* associate the key */
-	ret = dst_key_fromlabel(name, alg, flags, protocol,
-				rdclass, "", label, NULL, mctx, &key);
-	isc_entropy_stopcallbacksources(ectx);
-
-	if (ret != ISC_R_SUCCESS) {
-		char namestr[DNS_NAME_FORMATSIZE];
-		char algstr[ALG_FORMATSIZE];
-		dns_name_format(name, namestr, sizeof(namestr));
-		alg_format(alg, algstr, sizeof(algstr));
-		fatal("failed to generate key %s/%s: %s\n",
-		      namestr, algstr, isc_result_totext(ret));
-		exit(-1);
-	}
-
-	/*
-	 * Try to read a key with the same name, alg and id from disk.
-	 * If there is one we must continue generating a new one
-	 * unless we were asked to generate a null key, in which
-	 * case we return failure.
-	 */
-	ret = dst_key_fromfile(name, dst_key_id(key), alg,
-			       DST_TYPE_PRIVATE, NULL, mctx, &oldkey);
-	/* do not overwrite an existing key  */
-	if (ret == ISC_R_SUCCESS) {
-		isc_buffer_clear(&buf);
-		ret = dst_key_buildfilename(key, 0, NULL, &buf);
-		if (ret != ISC_R_SUCCESS)
-			fatal("dst_key_buildfilename returned: %s\n",
-			      isc_result_totext(ret));
-		fprintf(stderr, "%s: %s already exists\n",
-			program, filename);
-		dst_key_free(&key);
-		exit (1);
-	}
-
-	ret = dst_key_tofile(key, options, NULL);
-	if (ret != ISC_R_SUCCESS) {
-		char keystr[KEY_FORMATSIZE];
-		key_format(key, keystr, sizeof(keystr));
-		fatal("failed to write key %s: %s\n", keystr,
-		      isc_result_totext(ret));
-	}
-
-	isc_buffer_clear(&buf);
-	ret = dst_key_buildfilename(key, 0, NULL, &buf);
-	if (ret != ISC_R_SUCCESS)
-		fatal("dst_key_buildfilename returned: %s\n",
-		      isc_result_totext(ret));
-	printf("%s\n", filename);
-	dst_key_free(&key);
-
-	cleanup_logging(&log);
-	cleanup_entropy(&ectx);
-	dst_lib_destroy();
-	dns_name_destroy();
-	if (verbose > 10)
-		isc_mem_stats(mctx, stdout);
-	isc_mem_destroy(&mctx);
-
-	return (0);
-}

bin/dnssec/dnssec-keyfromlabel.docbook

@@ -1,272 +0,0 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-	       [<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) 2008, 2010  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: dnssec-keyfromlabel.docbook,v 1.6.14.2 2010/01/15 23:47:31 tbox Exp $ -->
-<refentry id="man.dnssec-keyfromlabel">
-  <refentryinfo>
-    <date>February 8, 2008</date>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>dnssec-keyfromlabel</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>dnssec-keyfromlabel</application></refname>
-    <refpurpose>DNSSEC key generation tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2008</year>
-      <year>2010</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis>
-      <command>dnssec-keyfromlabel</command>
-      <arg choice="req">-a <replaceable class="parameter">algorithm</replaceable></arg>
-      <arg choice="req">-l <replaceable class="parameter">label</replaceable></arg>
-      <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg><option>-f <replaceable class="parameter">flag</replaceable></option></arg>
-      <arg><option>-k</option></arg>
-      <arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
-      <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
-      <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
-      <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-      <arg choice="req">name</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsect1>
-    <title>DESCRIPTION</title>
-    <para><command>dnssec-keyfromlabel</command>
-      gets keys with the given label from a crypto hardware and builds
-      key files for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>OPTIONS</title>
-
-    <variablelist>
-      <varlistentry>
-        <term>-a <replaceable class="parameter">algorithm</replaceable></term>
-        <listitem>
-	  <para>
-	    Selects the cryptographic algorithm.  The value of
-	    <option>algorithm</option> must be one of RSAMD5,
- 	    RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256,
- 	    RSASHA512 or DH (Diffie Hellman).
-	    These values are case insensitive.
-	  </para>
-          <para>
-            If no algorithm is specified, then RSASHA1 will be used by
-            default, unless the <option>-3</option> option is specified,
-            in which case NSEC3RSASHA1 will be used instead.  (If
-            <option>-3</option> is used and an algorithm is specified,
-            that algorithm will be checked for compatibility with NSEC3.)
-          </para>
-          <para>
-            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.
-          </para>
-          <para>
-            Note 2: DH automatically sets the -k flag.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-l <replaceable class="parameter">label</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the label of keys in the crypto hardware
-            (PKCS#11 device).
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-n <replaceable class="parameter">nametype</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the owner type of the key.  The value of
-            <option>nametype</option> must either be ZONE (for a DNSSEC
-            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
-            a host (KEY)),
-            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are
-            case insensitive.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-        <listitem>
-          <para>
-            Indicates that the DNS record containing the key should have
-            the specified class.  If not specified, class IN is used.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-f <replaceable class="parameter">flag</replaceable></term>
-        <listitem>
-          <para>
-            Set the specified flag in the flag field of the KEY/DNSKEY record.
-            The only recognized flag is KSK (Key Signing Key) DNSKEY.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Prints a short summary of the options and arguments to
-            <command>dnssec-keygen</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-k</term>
-        <listitem>
-          <para>
-            Generate KEY records rather than DNSKEY records.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p <replaceable class="parameter">protocol</replaceable></term>
-        <listitem>
-          <para>
-            Sets the protocol value for the generated key.  The protocol
-            is a number between 0 and 255.  The default is 3 (DNSSEC).
-            Other possible values for this argument are listed in
-            RFC 2535 and its successors.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t <replaceable class="parameter">type</replaceable></term>
-        <listitem>
-          <para>
-            Indicates the use of the key.  <option>type</option> must be
-            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-            is AUTHCONF.  AUTH refers to the ability to authenticate
-            data, and CONF the ability to encrypt data.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v <replaceable class="parameter">level</replaceable></term>
-        <listitem>
-          <para>
-            Sets the debugging level.
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsect1>
-
-  <refsect1>
-    <title>GENERATED KEY FILES</title>
-    <para>
-      When <command>dnssec-keyfromlabel</command> completes
-      successfully,
-      it prints a string of the form <filename>Knnnn.+aaa+iiiii</filename>
-      to the standard output.  This is an identification string for
-      the key files it has generated.
-    </para>
-    <itemizedlist>
-      <listitem>
-        <para><filename>nnnn</filename> is the key name.
-        </para>
-      </listitem>
-      <listitem>
-        <para><filename>aaa</filename> is the numeric representation
-          of the
-          algorithm.
-        </para>
-      </listitem>
-      <listitem>
-        <para><filename>iiiii</filename> is the key identifier (or
-          footprint).
-        </para>
-      </listitem>
-    </itemizedlist>
-    <para><command>dnssec-keyfromlabel</command> 
-      creates two files, with names based
-      on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
-      contains the public key, and
-      <filename>Knnnn.+aaa+iiiii.private</filename> contains the
-      private
-      key.
-    </para>
-    <para>
-      The <filename>.key</filename> file contains a DNS KEY record
-      that
-      can be inserted into a zone file (directly or with a $INCLUDE
-      statement).
-    </para>
-    <para>
-      The <filename>.private</filename> file contains algorithm
-      specific
-      fields.  For obvious security reasons, this file does not have
-      general read permission.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>SEE ALSO</title>
-    <para><citerefentry>
-        <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 4034</citetitle>.
-    </para>
-  </refsect1>
-
-  <refsect1>
-    <title>AUTHOR</title>
-    <para><corpauthor>Internet Systems Consortium</corpauthor>
-    </para>
-  </refsect1>
-
-</refentry><!--
- - Local variables:
- - mode: sgml
- - End:
--->

bin/dnssec/dnssec-keyfromlabel.html

@@ -1,177 +0,0 @@
-<!--
- - Copyright (C) 2008, 2010 Internet Systems Consortium, Inc. ("ISC")
- - 
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- - 
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-<!-- $Id: dnssec-keyfromlabel.html,v 1.5.44.3 2010/01/16 01:55:32 tbox Exp $ -->
-<html>
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>dnssec-keyfromlabel</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="man.dnssec-keyfromlabel"></a><div class="titlepage"></div>
-<div class="refnamediv">
-<h2>Name</h2>
-<p><span class="application">dnssec-keyfromlabel</span> &#8212; DNSSEC key generation tool</p>
-</div>
-<div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-k</code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543416"></a><h2>DESCRIPTION</h2>
-<p><span><strong class="command">dnssec-keyfromlabel</strong></span>
-      gets keys with the given label from a crypto hardware and builds
-      key files for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543428"></a><h2>OPTIONS</h2>
-<div class="variablelist"><dl>
-<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd>
-<p>
-	    Selects the cryptographic algorithm.  The value of
-	    <code class="option">algorithm</code> must be one of RSAMD5,
- 	    RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256,
- 	    RSASHA512 or DH (Diffie Hellman).
-	    These values are case insensitive.
-	  </p>
-<p>
-            If no algorithm is specified, then RSASHA1 will be used by
-            default, unless the <code class="option">-3</code> option is specified,
-            in which case NSEC3RSASHA1 will be used instead.  (If
-            <code class="option">-3</code> is used and an algorithm is specified,
-            that algorithm will be checked for compatibility with NSEC3.)
-          </p>
-<p>
-            Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.
-          </p>
-<p>
-            Note 2: DH automatically sets the -k flag.
-          </p>
-</dd>
-<dt><span class="term">-l <em class="replaceable"><code>label</code></em></span></dt>
-<dd><p>
-            Specifies the label of keys in the crypto hardware
-            (PKCS#11 device).
-          </p></dd>
-<dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
-<dd><p>
-            Specifies the owner type of the key.  The value of
-            <code class="option">nametype</code> must either be ZONE (for a DNSSEC
-            zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
-            a host (KEY)),
-            USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are
-            case insensitive.
-          </p></dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd><p>
-            Indicates that the DNS record containing the key should have
-            the specified class.  If not specified, class IN is used.
-          </p></dd>
-<dt><span class="term">-f <em class="replaceable"><code>flag</code></em></span></dt>
-<dd><p>
-            Set the specified flag in the flag field of the KEY/DNSKEY record.
-            The only recognized flag is KSK (Key Signing Key) DNSKEY.
-          </p></dd>
-<dt><span class="term">-h</span></dt>
-<dd><p>
-            Prints a short summary of the options and arguments to
-            <span><strong class="command">dnssec-keygen</strong></span>.
-          </p></dd>
-<dt><span class="term">-k</span></dt>
-<dd><p>
-            Generate KEY records rather than DNSKEY records.
-          </p></dd>
-<dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
-<dd><p>
-            Sets the protocol value for the generated key.  The protocol
-            is a number between 0 and 255.  The default is 3 (DNSSEC).
-            Other possible values for this argument are listed in
-            RFC 2535 and its successors.
-          </p></dd>
-<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
-<dd><p>
-            Indicates the use of the key.  <code class="option">type</code> must be
-            one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF.  The default
-            is AUTHCONF.  AUTH refers to the ability to authenticate
-            data, and CONF the ability to encrypt data.
-          </p></dd>
-<dt><span class="term">-v <em class="replaceable"><code>level</code></em></span></dt>
-<dd><p>
-            Sets the debugging level.
-          </p></dd>
-</dl></div>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543632"></a><h2>GENERATED KEY FILES</h2>
-<p>
-      When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
-      successfully,
-      it prints a string of the form <code class="filename">Knnnn.+aaa+iiiii</code>
-      to the standard output.  This is an identification string for
-      the key files it has generated.
-    </p>
-<div class="itemizedlist"><ul type="disc">
-<li><p><code class="filename">nnnn</code> is the key name.
-        </p></li>
-<li><p><code class="filename">aaa</code> is the numeric representation
-          of the
-          algorithm.
-        </p></li>
-<li><p><code class="filename">iiiii</code> is the key identifier (or
-          footprint).
-        </p></li>
-</ul></div>
-<p><span><strong class="command">dnssec-keyfromlabel</strong></span> 
-      creates two files, with names based
-      on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
-      contains the public key, and
-      <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
-      private
-      key.
-    </p>
-<p>
-      The <code class="filename">.key</code> file contains a DNS KEY record
-      that
-      can be inserted into a zone file (directly or with a $INCLUDE
-      statement).
-    </p>
-<p>
-      The <code class="filename">.private</code> file contains algorithm
-      specific
-      fields.  For obvious security reasons, this file does not have
-      general read permission.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543704"></a><h2>SEE ALSO</h2>
-<p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
-      <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 4034</em>.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2543737"></a><h2>AUTHOR</h2>
-<p><span class="corpauthor">Internet Systems Consortium</span>
-    </p>
-</div>
-</div></body>
-</html>

bin/dnssec/dnssec-keygen.8

@@ -1,7 +1,7 @@
-.\" Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -13,13 +13,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-keygen.8,v 1.40.44.4 2010/01/16 01:55:32 tbox Exp $
+.\" $Id: dnssec-keygen.8,v 1.23.18.11 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: dnssec\-keygen
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: June 30, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -37,74 +37,49 @@ dnssec\-keygen \- DNSSEC key generation tool
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-keygen\fR
-generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
-.PP
-The
-\fBname\fR
-of the key is specified on the command line. For DNSSEC keys, this must match the name of the zone for which the key is being generated.
+generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\\>. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
 .SH "OPTIONS"
-.PP
+.TP 3n
 \-a \fIalgorithm\fR
-.RS 4
-Selects the cryptographic algorithm. For DNSSEC keys, the value of
+Selects the cryptographic algorithm. The value of
 \fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
+must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive.
 .sp
 Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
 .sp
 Note 2: HMAC\-MD5 and DH automatically set the \-k flag.
-.RE
-.PP
+.TP 3n
 \-b \fIkeysize\fR
-.RS 4
-Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSA keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC keys must be between 1 and 512 bits.
-.RE
-.PP
+Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
+.TP 3n
 \-n \fInametype\fR
-.RS 4
 Specifies the owner type of the key. The value of
 \fBnametype\fR
-must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive. Defaults to ZONE for DNSKEY generation.
-.RE
-.PP
+must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
+.TP 3n
 \-c \fIclass\fR
-.RS 4
 Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
-.RE
-.PP
+.TP 3n
 \-e
-.RS 4
 If generating an RSAMD5/RSASHA1 key, use a large exponent.
-.RE
-.PP
+.TP 3n
 \-f \fIflag\fR
-.RS 4
 Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY.
-.RE
-.PP
+.TP 3n
 \-g \fIgenerator\fR
-.RS 4
 If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2.
-.RE
-.PP
+.TP 3n
 \-h
-.RS 4
 Prints a short summary of the options and arguments to
 \fBdnssec\-keygen\fR.
-.RE
-.PP
+.TP 3n
 \-k
-.RS 4
 Generate KEY records rather than DNSKEY records.
-.RE
-.PP
+.TP 3n
 \-p \fIprotocol\fR
-.RS 4
 Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
-.RE
-.PP
+.TP 3n
 \-r \fIrandomdev\fR
-.RS 4
 Specifies the source of randomness. If the operating system does not provide a
 \fI/dev/random\fR
 or equivalent device, the default source of randomness is keyboard input.
@@ -112,24 +87,17 @@ or equivalent device, the default source of randomness is keyboard input.
 specifies the name of a character device or file containing random data to be used instead of the default. The special value
 \fIkeyboard\fR
 indicates that keyboard input should be used.
-.RE
-.PP
+.TP 3n
 \-s \fIstrength\fR
-.RS 4
 Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
-.RE
-.PP
+.TP 3n
 \-t \fItype\fR
-.RS 4
 Indicates the use of the key.
 \fBtype\fR
 must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
-.RE
-.PP
+.TP 3n
 \-v \fIlevel\fR
-.RS 4
 Sets the debugging level.
-.RE
 .SH "GENERATED KEYS"
 .PP
 When
@@ -137,21 +105,23 @@ When
 completes successfully, it prints a string of the form
 \fIKnnnn.+aaa+iiiii\fR
 to the standard output. This is an identification string for the key it has generated.
-.TP 4
+.TP 3n
 \(bu
 \fInnnn\fR
 is the key name.
-.TP 4
+.TP 3n
 \(bu
 \fIaaa\fR
 is the numeric representation of the algorithm.
-.TP 4
+.TP 3n
 \(bu
 \fIiiiii\fR
 is the key identifier (or footprint).
+.sp
+.RE
 .PP
 \fBdnssec\-keygen\fR
-creates two files, with names based on the printed string.
+creates two file, with names based on the printed string.
 \fIKnnnn.+aaa+iiiii.key\fR
 contains the public key, and
 \fIKnnnn.+aaa+iiiii.private\fR
@@ -163,13 +133,13 @@ file contains a DNS KEY record that can be inserted into a zone file (directly o
 .PP
 The
 \fI.private\fR
-file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission.
+file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission.
 .PP
 Both
 \fI.key\fR
 and
 \fI.private\fR
-files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent.
+files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent.
 .SH "EXAMPLE"
 .PP
 To generate a 768\-bit DSA key for the domain
@@ -186,19 +156,16 @@ In this example,
 creates the files
 \fIKexample.com.+003+26160.key\fR
 and
-\fIKexample.com.+003+26160.private\fR.
+\fIKexample.com.+003+26160.private\fR
 .SH "SEE ALSO"
 .PP
 \fBdnssec\-signzone\fR(8),
 BIND 9 Administrator Reference Manual,
-RFC 2539,
+RFC 2535,
 RFC 2845,
-RFC 4034.
+RFC 2539.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2010 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
-.br
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")

bin/dnssec/dnssec-keygen.c

@@ -1,22 +1,9 @@
 /*
- * Portions Copyright (C) 2004-2008, 2010, 2011  Internet Systems Consortium, Inc. ("ISC")
- * Portions Copyright (C) 1999-2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
- * purpose with or without fee is hereby granted, provided that the above
- * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
- * WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
- * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
- * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
- *
+ * Portions Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2000-2003  Internet Software Consortium.
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -29,7 +16,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keygen.c,v 1.81.48.4 2011/03/12 04:57:23 tbox Exp $ */
+/* $Id: dnssec-keygen.c,v 1.66.18.7 2006/01/27 02:50:50 marka Exp $ */
 
 /*! \file */
 
@@ -62,9 +49,8 @@
 const char *program = "dnssec-keygen";
 int verbose;
 
-static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | RSASHA256 |"
-			  " RSASHA512 | NSEC3DSA | NSEC3RSASHA1 | HMAC-MD5 |"
-			  " HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 |"
+static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 | HMAC-MD5 |"
+			  " HMAC-SHA1 | HMAC-SHA224 | HMAC-SHA256 | "
 			  " HMAC-SHA384 | HMAC-SHA512";
 
 static isc_boolean_t
@@ -75,7 +61,7 @@ dsa_size_ok(int size) {
 static void
 usage(void) {
 	fprintf(stderr, "Usage:\n");
-	fprintf(stderr, "    %s -a alg -b bits [-n type] [options] name\n\n",
+	fprintf(stderr, "    %s -a alg -b bits -n type [options] name\n\n",
 		program);
 	fprintf(stderr, "Version: %s\n", VERSION);
 	fprintf(stderr, "Required options:\n");
@@ -83,12 +69,8 @@ usage(void) {
 	fprintf(stderr, "    -b key size, in bits:\n");
 	fprintf(stderr, "        RSAMD5:\t\t[512..%d]\n", MAX_RSA);
 	fprintf(stderr, "        RSASHA1:\t\t[512..%d]\n", MAX_RSA);
-	fprintf(stderr, "        NSEC3RSASHA1:\t\t[512..%d]\n", MAX_RSA);
-	fprintf(stderr, "	 RSASHA256:\t[512..%d]\n", MAX_RSA);
-	fprintf(stderr, "	 RSASHA512:\t[1024..%d]\n", MAX_RSA);
 	fprintf(stderr, "        DH:\t\t[128..4096]\n");
 	fprintf(stderr, "        DSA:\t\t[512..1024] and divisible by 64\n");
-	fprintf(stderr, "        NSEC3DSA:\t\t[512..1024] and divisible by 64\n");
 	fprintf(stderr, "        HMAC-MD5:\t[1..512]\n");
 	fprintf(stderr, "        HMAC-SHA1:\t[1..160]\n");
 	fprintf(stderr, "        HMAC-SHA224:\t[1..224]\n");
@@ -96,7 +78,6 @@ usage(void) {
 	fprintf(stderr, "        HMAC-SHA384:\t[1..384]\n");
 	fprintf(stderr, "        HMAC-SHA512:\t[1..512]\n");
 	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
-	fprintf(stderr, "        (DNSKEY generation defaults to ZONE\n");
 	fprintf(stderr, "    name: owner of the key\n");
 	fprintf(stderr, "Other options:\n");
 	fprintf(stderr, "    -c <class> (default: IN)\n");
@@ -153,10 +134,8 @@ main(int argc, char **argv) {
 
 	dns_result_register();
 
-	isc_commandline_errprint = ISC_FALSE;
-
 	while ((ch = isc_commandline_parse(argc, argv,
-					 "a:b:c:d:ef:g:kn:t:p:s:r:v:h")) != -1)
+					   "a:b:c:d:ef:g:kn:t:p:s:r:v:h")) != -1)
 	{
 	    switch (ch) {
 		case 'a':
@@ -223,17 +202,12 @@ main(int argc, char **argv) {
 				fatal("-v must be followed by a number");
 			break;
 
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
 		case 'h':
 			usage();
-
 		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
+			fprintf(stderr, "%s: invalid argument -%c\n",
+				program, ch);
+			usage();
 		}
 	}
 
@@ -308,21 +282,14 @@ main(int argc, char **argv) {
 	switch (alg) {
 	case DNS_KEYALG_RSAMD5:
 	case DNS_KEYALG_RSASHA1:
-	case DNS_KEYALG_NSEC3RSASHA1:
-	case DNS_KEYALG_RSASHA256:
 		if (size != 0 && (size < 512 || size > MAX_RSA))
 			fatal("RSA key size %d out of range", size);
 		break;
-	case DNS_KEYALG_RSASHA512:
-		if (size != 0 && (size < 1024 || size > MAX_RSA))
-			fatal("RSA key size %d out of range", size);
-		break;
 	case DNS_KEYALG_DH:
 		if (size != 0 && (size < 128 || size > 4096))
 			fatal("DH key size %d out of range", size);
 		break;
 	case DNS_KEYALG_DSA:
-	case DNS_KEYALG_NSEC3DSA:
 		if (size != 0 && !dsa_size_ok(size))
 			fatal("invalid DSS key size: %d", size);
 		break;
@@ -382,21 +349,18 @@ main(int argc, char **argv) {
 		break;
 	}
 
-	if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1 ||
-	      alg == DNS_KEYALG_NSEC3RSASHA1 || alg == DNS_KEYALG_RSASHA256 ||
-	      alg == DNS_KEYALG_RSASHA512) && rsa_exp != 0)
+	if (!(alg == DNS_KEYALG_RSAMD5 || alg == DNS_KEYALG_RSASHA1) &&
+	    rsa_exp != 0)
 		fatal("specified RSA exponent for a non-RSA key");
 
 	if (alg != DNS_KEYALG_DH && generator != 0)
 		fatal("specified DH generator for a non-DH key");
 
-	if (nametype == NULL) {
-		if ((options & DST_TYPE_KEY) != 0) /* KEY / HMAC */
-			fatal("no nametype specified");
-		flags |= DNS_KEYOWNER_ZONE;	/* DNSKEY */
-	} else if (strcasecmp(nametype, "zone") == 0)
+	if (nametype == NULL)
+		fatal("no nametype specified");
+	if (strcasecmp(nametype, "zone") == 0)
 		flags |= DNS_KEYOWNER_ZONE;
-	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY / HMAC */
+	else if ((options & DST_TYPE_KEY) != 0)	{ /* KEY */
 		if (strcasecmp(nametype, "host") == 0 ||
 			 strcasecmp(nametype, "entity") == 0)
 			flags |= DNS_KEYOWNER_ENTITY;
@@ -409,7 +373,7 @@ main(int argc, char **argv) {
 
 	rdclass = strtoclass(classname);
 
-	if ((options & DST_TYPE_KEY) != 0)  /* KEY / HMAC */
+	if ((options & DST_TYPE_KEY) != 0)  /* KEY */
 		flags |= signatory;
 	else if ((flags & DNS_KEYOWNER_ZONE) != 0) /* DNSKEY */
 		flags |= ksk;
@@ -448,16 +412,12 @@ main(int argc, char **argv) {
 	switch(alg) {
 	case DNS_KEYALG_RSAMD5:
 	case DNS_KEYALG_RSASHA1:
-	case DNS_KEYALG_NSEC3RSASHA1:
-	case DNS_KEYALG_RSASHA256:
-	case DNS_KEYALG_RSASHA512:
 		param = rsa_exp;
 		break;
 	case DNS_KEYALG_DH:
 		param = generator;
 		break;
 	case DNS_KEYALG_DSA:
-	case DNS_KEYALG_NSEC3DSA:
 	case DST_ALG_HMACMD5:
 	case DST_ALG_HMACSHA1:
 	case DST_ALG_HMACSHA224:
@@ -513,11 +473,10 @@ main(int argc, char **argv) {
 			if (verbose > 0) {
 				isc_buffer_clear(&buf);
 				ret = dst_key_buildfilename(key, 0, NULL, &buf);
-				if (ret == ISC_R_SUCCESS)
-					fprintf(stderr,
-						"%s: %s already exists, "
-						"generating a new key\n",
-						program, filename);
+				fprintf(stderr,
+					"%s: %s already exists, "
+					"generating a new key\n",
+					program, filename);
 			}
 			dst_key_free(&key);
 		}
@@ -538,9 +497,6 @@ main(int argc, char **argv) {
 
 	isc_buffer_clear(&buf);
 	ret = dst_key_buildfilename(key, 0, NULL, &buf);
-	if (ret != ISC_R_SUCCESS)
-		fatal("dst_key_buildfilename returned: %s\n",
-		      isc_result_totext(ret));
 	printf("%s\n", filename);
 	dst_key_free(&key);
 

bin/dnssec/dnssec-keygen.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007-2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-keygen.docbook,v 1.22.44.4 2010/01/15 23:47:33 tbox Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.7.18.7 2005/08/30 01:42:12 marka Exp $ -->
 <refentry id="man.dnssec-keygen">
   <refentryinfo>
     <date>June 30, 2000</date>
@@ -39,10 +39,6 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
-      <year>2007</year>
-      <year>2008</year>
-      <year>2009</year>
-      <year>2010</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -79,14 +75,9 @@
     <title>DESCRIPTION</title>
     <para><command>dnssec-keygen</command>
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  It can also generate keys for use with
+      and RFC &lt;TBA\&gt;.  It can also generate keys for use with
       TSIG (Transaction Signatures), as defined in RFC 2845.
     </para>
-    <para>
-      The <option>name</option> of the key is specified on the command
-      line.  For DNSSEC keys, this must match the name of the zone for
-      which the key is being generated.
-    </para>
   </refsect1>
 
   <refsect1>
@@ -97,18 +88,15 @@
         <term>-a <replaceable class="parameter">algorithm</replaceable></term>
         <listitem>
           <para>
-            Selects the cryptographic algorithm.  For DNSSEC keys, the value
-            of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
-            DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
-            For TSIG/TKEY, the value must
-            be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
-            HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
-            case insensitive.
+            Selects the cryptographic algorithm.  The value of
+            <option>algorithm</option> must be one of RSAMD5 (RSA) or RSASHA1,
+            	      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
+            are case insensitive.
           </para>
           <para>
             Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.  For TSIG, HMAC-MD5 is
-	    mandatory.
+            algorithm,
+            and DSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
           </para>
           <para>
             Note 2: HMAC-MD5 and DH automatically set the -k flag.
@@ -121,10 +109,11 @@
         <listitem>
           <para>
             Specifies the number of bits in the key.  The choice of key
-            size depends on the algorithm used.  RSA keys must be
-            between 512 and 2048 bits.  Diffie Hellman keys must be between
+            size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be
+            between
+            512 and 2048 bits.  Diffie Hellman keys must be between
             128 and 4096 bits.  DSA keys must be between 512 and 1024
-            bits and an exact multiple of 64.  HMAC keys must be
+            bits and an exact multiple of 64.  HMAC-MD5 keys must be
             between 1 and 512 bits.
           </para>
         </listitem>
@@ -139,8 +128,8 @@
             zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
             a host (KEY)),
             USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are case insensitive.  Defaults to ZONE for DNSKEY
-	    generation.
+            These values are
+            case insensitive.
           </para>
         </listitem>
       </varlistentry>
@@ -296,7 +285,7 @@
       </listitem>
     </itemizedlist>
     <para><command>dnssec-keygen</command> 
-      creates two files, with names based
+      creates two file, with names based
       on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
       contains the public key, and
       <filename>Knnnn.+aaa+iiiii.private</filename> contains the
@@ -310,14 +299,14 @@
       statement).
     </para>
     <para>
-      The <filename>.private</filename> file contains
-      algorithm-specific
+      The <filename>.private</filename> file contains algorithm
+      specific
       fields.  For obvious security reasons, this file does not have
       general read permission.
     </para>
     <para>
       Both <filename>.key</filename> and <filename>.private</filename>
-      files are generated for symmetric encryption algorithms such as
+      files are generated for symmetric encryption algorithm such as
       HMAC-MD5, even though the public and private key are equivalent.
     </para>
   </refsect1>
@@ -340,7 +329,7 @@
       In this example, <command>dnssec-keygen</command> creates
       the files <filename>Kexample.com.+003+26160.key</filename>
       and
-      <filename>Kexample.com.+003+26160.private</filename>.
+      <filename>Kexample.com.+003+26160.private</filename>
     </para>
   </refsect1>
 
@@ -350,9 +339,9 @@
         <refentrytitle>dnssec-signzone</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 2539</citetitle>,
+      <citetitle>RFC 2535</citetitle>,
       <citetitle>RFC 2845</citetitle>,
-      <citetitle>RFC 4034</citetitle>.
+      <citetitle>RFC 2539</citetitle>.
     </para>
   </refsect1>
 

bin/dnssec/dnssec-keygen.html

@@ -1,8 +1,8 @@
 <!--
- - Copyright (C) 2004, 2005, 2007-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  - 
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-keygen.html,v 1.32.44.4 2010/01/16 01:55:32 tbox Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.9.18.16 2006/06/29 13:03:01 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dnssec-keygen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.dnssec-keygen"></a><div class="titlepage"></div>
@@ -32,36 +32,28 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543483"></a><h2>DESCRIPTION</h2>
+<a name="id2549531"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keygen</strong></span>
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  It can also generate keys for use with
+      and RFC &lt;TBA\&gt;.  It can also generate keys for use with
       TSIG (Transaction Signatures), as defined in RFC 2845.
     </p>
-<p>
-      The <code class="option">name</code> of the key is specified on the command
-      line.  For DNSSEC keys, this must match the name of the zone for
-      which the key is being generated.
-    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543501"></a><h2>OPTIONS</h2>
+<a name="id2549543"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
 <p>
-            Selects the cryptographic algorithm.  For DNSSEC keys, the value
-            of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
-            DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
-            For TSIG/TKEY, the value must
-            be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
-            HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
-            case insensitive.
+            Selects the cryptographic algorithm.  The value of
+            <code class="option">algorithm</code> must be one of RSAMD5 (RSA) or RSASHA1,
+            	      DSA, DH (Diffie Hellman), or HMAC-MD5.  These values
+            are case insensitive.
           </p>
 <p>
             Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement
-            algorithm, and DSA is recommended.  For TSIG, HMAC-MD5 is
-	    mandatory.
+            algorithm,
+            and DSA is recommended.  For TSIG, HMAC-MD5 is mandatory.
           </p>
 <p>
             Note 2: HMAC-MD5 and DH automatically set the -k flag.
@@ -70,10 +62,11 @@
 <dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
 <dd><p>
             Specifies the number of bits in the key.  The choice of key
-            size depends on the algorithm used.  RSA keys must be
-            between 512 and 2048 bits.  Diffie Hellman keys must be between
+            size depends on the algorithm used.  RSAMD5 / RSASHA1 keys must be
+            between
+            512 and 2048 bits.  Diffie Hellman keys must be between
             128 and 4096 bits.  DSA keys must be between 512 and 1024
-            bits and an exact multiple of 64.  HMAC keys must be
+            bits and an exact multiple of 64.  HMAC-MD5 keys must be
             between 1 and 512 bits.
           </p></dd>
 <dt><span class="term">-n <em class="replaceable"><code>nametype</code></em></span></dt>
@@ -83,8 +76,8 @@
             zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with
             a host (KEY)),
             USER (for a key associated with a user(KEY)) or OTHER (DNSKEY).
-            These values are case insensitive.  Defaults to ZONE for DNSKEY
-	    generation.
+            These values are
+            case insensitive.
           </p></dd>
 <dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
 <dd><p>
@@ -155,7 +148,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543836"></a><h2>GENERATED KEYS</h2>
+<a name="id2549946"></a><h2>GENERATED KEYS</h2>
 <p>
       When <span><strong class="command">dnssec-keygen</strong></span> completes
       successfully,
@@ -175,7 +168,7 @@
         </p></li>
 </ul></div>
 <p><span><strong class="command">dnssec-keygen</strong></span> 
-      creates two files, with names based
+      creates two file, with names based
       on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
       contains the public key, and
       <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
@@ -189,19 +182,19 @@
       statement).
     </p>
 <p>
-      The <code class="filename">.private</code> file contains
-      algorithm-specific
+      The <code class="filename">.private</code> file contains algorithm
+      specific
       fields.  For obvious security reasons, this file does not have
       general read permission.
     </p>
 <p>
       Both <code class="filename">.key</code> and <code class="filename">.private</code>
-      files are generated for symmetric encryption algorithms such as
+      files are generated for symmetric encryption algorithm such as
       HMAC-MD5, even though the public and private key are equivalent.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543918"></a><h2>EXAMPLE</h2>
+<a name="id2550028"></a><h2>EXAMPLE</h2>
 <p>
       To generate a 768-bit DSA key for the domain
       <strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -218,20 +211,20 @@
       In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
       the files <code class="filename">Kexample.com.+003+26160.key</code>
       and
-      <code class="filename">Kexample.com.+003+26160.private</code>.
+      <code class="filename">Kexample.com.+003+26160.private</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544030"></a><h2>SEE ALSO</h2>
+<a name="id2550072"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 2539</em>,
+      <em class="citetitle">RFC 2535</em>,
       <em class="citetitle">RFC 2845</em>,
-      <em class="citetitle">RFC 4034</em>.
+      <em class="citetitle">RFC 2539</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544061"></a><h2>AUTHOR</h2>
+<a name="id2550103"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dnssec/dnssec-signzone.8

@@ -1,7 +1,7 @@
-.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
-.\" Permission to use, copy, modify, and/or distribute this software for any
+.\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
 .\" copyright notice and this permission notice appear in all copies.
 .\" 
@@ -13,18 +13,18 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-signzone.8,v 1.47.44.8 2009/11/07 01:56:11 tbox Exp $
+.\" $Id: dnssec-signzone.8,v 1.28.18.14 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: dnssec\-signzone
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
-.\"      Date: June 08, 2009
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
+.\"      Date: June 30, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
 .\"
-.TH "DNSSEC\-SIGNZONE" "8" "June 08, 2009" "BIND9" "BIND9"
+.TH "DNSSEC\-SIGNZONE" "8" "June 30, 2000" "BIND9" "BIND9"
 .\" disable hyphenation
 .nh
 .\" disable justification (adjust text to left margin only)
@@ -33,84 +33,59 @@
 dnssec\-signzone \- DNSSEC zone signing tool
 .SH "SYNOPSIS"
 .HP 16
-\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-P\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
+\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-t\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {zonefile} [key...]
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-signzone\fR
-signs a zone. It generates NSEC and RRSIG records and produces a signed version of the zone. It also generates a
-\fIkeyset\-\fR
-file containing the key\-signing keys for the zone, and if signing a zone which contains delegations, it can optionally generate DS records for the child zones from their
-\fIkeyset\-\fR
-files.
+signs a zone. It generates NSEC and RRSIG records and produces a signed version of the zone. The security status of delegations from the signed zone (that is, whether the child zones are secure or not) is determined by the presence or absence of a
+\fIkeyset\fR
+file for each child zone.
 .SH "OPTIONS"
-.PP
+.TP 3n
 \-a
-.RS 4
 Verify all generated signatures.
-.RE
-.PP
+.TP 3n
 \-c \fIclass\fR
-.RS 4
 Specifies the DNS class of the zone.
-.RE
-.PP
+.TP 3n
 \-k \fIkey\fR
-.RS 4
 Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times.
-.RE
-.PP
+.TP 3n
 \-l \fIdomain\fR
-.RS 4
 Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records.
-.RE
-.PP
+.TP 3n
 \-d \fIdirectory\fR
-.RS 4
 Look for
 \fIkeyset\fR
 files in
 \fBdirectory\fR
 as the directory
-.RE
-.PP
+.TP 3n
 \-g
-.RS 4
-If the zone contains any delegations, and there are
-\fIkeyset\-\fR
-files for any of the child zones, then DS records for the child zones will be generated from the keys in those files. Existing DS records will be removed.
-.RE
-.PP
+Generate DS records for child zones from keyset files. Existing DS records will be removed.
+.TP 3n
 \-s \fIstart\-time\fR
-.RS 4
 Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
 \fBstart\-time\fR
 is specified, the current time minus 1 hour (to allow for clock skew) is used.
-.RE
-.PP
+.TP 3n
 \-e \fIend\-time\fR
-.RS 4
 Specify the date and time when the generated RRSIG records expire. As with
 \fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
 \fBend\-time\fR
 is specified, 30 days from the start time is used as a default.
-.RE
-.PP
+.TP 3n
 \-f \fIoutput\-file\fR
-.RS 4
 The name of the output file containing the signed zone. The default is to append
 \fI.signed\fR
-to the input filename.
-.RE
-.PP
+to the input file.
+.TP 3n
 \-h
-.RS 4
 Prints a short summary of the options and arguments to
 \fBdnssec\-signzone\fR.
-.RE
-.PP
+.TP 3n
 \-i \fIinterval\fR
-.RS 4
-When a previously\-signed zone is passed as input, records may be resigned. The
+When a previously signed zone is passed as input, records may be resigned. The
 \fBinterval\fR
 option specifies the cycle interval as an offset from the current time (in seconds). If a RRSIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced.
 .sp
@@ -121,84 +96,55 @@ or
 are specified,
 \fBdnssec\-signzone\fR
 generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they would be replaced.
-.RE
-.PP
+.TP 3n
 \-I \fIinput\-format\fR
-.RS 4
 The format of the input zone file. Possible formats are
 \fB"text"\fR
 (default) and
 \fB"raw"\fR. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be signed directly. The use of this option does not make much sense for non\-dynamic zones.
-.RE
-.PP
+.TP 3n
 \-j \fIjitter\fR
-.RS 4
-When signing a zone with a fixed signature lifetime, all RRSIG records issued at the time of signing expires simultaneously. If the zone is incrementally signed, i.e. a previously\-signed zone is passed as input to the signer, all expired signatures have to be regenerated at about the same time. The
+When signing a zone with a fixed signature lifetime, all RRSIG records issued at the time of signing expires simultaneously. If the zone is incrementally signed, i.e. a previously signed zone is passed as input to the signer, all expired signatures has to be regenerated at about the same time. The
 \fBjitter\fR
 option specifies a jitter window that will be used to randomize the signature expire time, thus spreading incremental signature regeneration over time.
 .sp
 Signature lifetime jitter also to some extent benefits validators and servers by spreading out cache expiration, i.e. if large numbers of RRSIGs don't expire at the same time from all caches there will be less congestion than if all validators need to refetch at mostly the same time.
-.RE
-.PP
+.TP 3n
 \-n \fIncpus\fR
-.RS 4
 Specifies the number of threads to use. By default, one thread is started for each detected CPU.
-.RE
-.PP
+.TP 3n
 \-N \fIsoa\-serial\-format\fR
-.RS 4
 The SOA serial number format of the signed zone. Possible formats are
 \fB"keep"\fR
 (default),
 \fB"increment"\fR
 and
 \fB"unixtime"\fR.
-.RS 4
-.PP
+.RS 3n
+.TP 3n
 \fB"keep"\fR
-.RS 4
 Do not modify the SOA serial number.
-.RE
-.PP
+.TP 3n
 \fB"increment"\fR
-.RS 4
 Increment the SOA serial number using RFC 1982 arithmetics.
-.RE
-.PP
+.TP 3n
 \fB"unixtime"\fR
-.RS 4
 Set the SOA serial number to the number of seconds since epoch.
 .RE
-.RE
-.RE
-.PP
+.TP 3n
 \-o \fIorigin\fR
-.RS 4
 The zone origin. If not specified, the name of the zone file is assumed to be the origin.
-.RE
-.PP
+.TP 3n
 \-O \fIoutput\-format\fR
-.RS 4
 The format of the output file containing the signed zone. Possible formats are
 \fB"text"\fR
 (default) and
 \fB"raw"\fR.
-.RE
-.PP
+.TP 3n
 \-p
-.RS 4
 Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
-.RE
-.PP
-\-P
-.RS 4
-Disable post sign verification tests.
-.sp
-The post sign verification test ensures that for each algorithm in use there is at least one non revoked self signed KSK key, that all revoked KSK keys are self signed, and that all records in the zone are signed by the algorithm. This option skips these tests.
-.RE
-.PP
+.TP 3n
 \-r \fIrandomdev\fR
-.RS 4
 Specifies the source of randomness. If the operating system does not provide a
 \fI/dev/random\fR
 or equivalent device, the default source of randomness is keyboard input.
@@ -206,105 +152,49 @@ or equivalent device, the default source of randomness is keyboard input.
 specifies the name of a character device or file containing random data to be used instead of the default. The special value
 \fIkeyboard\fR
 indicates that keyboard input should be used.
-.RE
-.PP
+.TP 3n
 \-t
-.RS 4
 Print statistics at completion.
-.RE
-.PP
+.TP 3n
 \-v \fIlevel\fR
-.RS 4
 Sets the debugging level.
-.RE
-.PP
+.TP 3n
 \-z
-.RS 4
 Ignore KSK flag on key when determining what to sign.
-.RE
-.PP
-\-3 \fIsalt\fR
-.RS 4
-Generate a NSEC3 chain with the given hex encoded salt. A dash (\fIsalt\fR) can be used to indicate that no salt is to be used when generating the NSEC3 chain.
-.RE
-.PP
-\-H \fIiterations\fR
-.RS 4
-When generating a NSEC3 chain use this many interations. The default is 100.
-.RE
-.PP
-\-A
-.RS 4
-When generating a NSEC3 chain set the OPTOUT flag on all NSEC3 records and do not generate NSEC3 records for insecure delegations.
-.RE
-.PP
+.TP 3n
 zonefile
-.RS 4
 The file containing the zone to be signed.
-.RE
-.PP
+.TP 3n
 key
-.RS 4
-Specify which keys should be used to sign the zone. If no keys are specified, then the zone will be examined for DNSKEY records at the zone apex. If these are found and there are matching private keys, in the current directory, then these will be used for signing.
-.RE
+The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory.
 .SH "EXAMPLE"
 .PP
 The following command signs the
 \fBexample.com\fR
-zone with the DSA key generated by
+zone with the DSA key generated in the
 \fBdnssec\-keygen\fR
-(Kexample.com.+003+17247). The zone's keys must be in the master file (\fIdb.example.com\fR). This invocation looks for
+man page. The zone's keys must be in the zone. If there are
 \fIkeyset\fR
-files, in the current directory, so that DS records can be generated from them (\fB\-g\fR).
-.sp
-.RS 4
-.nf
-% dnssec\-signzone \-g \-o example.com db.example.com \\
-Kexample.com.+003+17247
-db.example.com.signed
-%
-.fi
-.RE
+files associated with child zones, they must be in the current directory.
+\fBexample.com\fR, the following command would be issued:
 .PP
-In the above example,
+\fBdnssec\-signzone \-o example.com db.example.com Kexample.com.+003+26160\fR
+.PP
+The command would print a string of the form:
+.PP
+In this example,
 \fBdnssec\-signzone\fR
 creates the file
 \fIdb.example.com.signed\fR. This file should be referenced in a zone statement in a
 \fInamed.conf\fR
 file.
-.PP
-This example re\-signs a previously signed zone with default parameters. The private keys are assumed to be in the current directory.
-.sp
-.RS 4
-.nf
-% cp db.example.com.signed db.example.com
-% dnssec\-signzone \-o example.com db.example.com
-db.example.com.signed
-%
-.fi
-.RE
-.SH "KNOWN BUGS"
-.PP
-\fBdnssec\-signzone\fR
-was designed so that it could sign a zone partially, using only a subset of the DNSSEC keys needed to produce a fully\-signed zone. This permits a zone administrator, for example, to sign a zone with one key on one machine, move the resulting partially\-signed zone to a second machine, and sign it again with a second key.
-.PP
-An unfortunate side\-effect of this flexibility is that
-\fBdnssec\-signzone\fR
-does not check to make sure it's signing a zone with any valid keys at all. An attempt to sign a zone without any keys will appear to succeed, producing a "signed" zone with no signatures. There is no warning issued when a zone is not fully signed.
-.PP
-This will be corrected in a future release. In the meantime, ISC recommends examining the output of
-\fBdnssec\-signzone\fR
-to confirm that the zone is properly signed by all keys before using it.
 .SH "SEE ALSO"
 .PP
 \fBdnssec\-keygen\fR(8),
 BIND 9 Administrator Reference Manual,
-RFC 4033.
+RFC 2535.
 .SH "AUTHOR"
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
-.br
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")

bin/dnssec/dnssec-signzone.docbook

@@ -1,11 +1,11 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  -
@@ -18,10 +18,10 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-signzone.docbook,v 1.31.44.8 2009/11/06 21:36:22 each Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.10.18.13 2006/04/15 22:19:21 marka Exp $ -->
 <refentry id="man.dnssec-signzone">
   <refentryinfo>
-    <date>June 08, 2009</date>
+    <date>June 30, 2000</date>
   </refentryinfo>
 
   <refmeta>
@@ -40,9 +40,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
-      <year>2007</year>
-      <year>2008</year>
-      <year>2009</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -73,15 +70,11 @@
       <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
       <arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
       <arg><option>-p</option></arg>
-      <arg><option>-P</option></arg>
       <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
       <arg><option>-t</option></arg>
       <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
       <arg><option>-z</option></arg>
-      <arg><option>-3 <replaceable class="parameter">salt</replaceable></option></arg>
-      <arg><option>-H <replaceable class="parameter">iterations</replaceable></option></arg>
-      <arg><option>-A</option></arg>
       <arg choice="req">zonefile</arg>
       <arg rep="repeat">key</arg>
     </cmdsynopsis>
@@ -92,10 +85,10 @@
     <para><command>dnssec-signzone</command>
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
-      zone.  It also generates a <filename>keyset-</filename> file containing
-      the key-signing keys for the zone, and if signing a zone which
-      contains delegations, it can optionally generate DS records for
-      the child zones from their <filename>keyset-</filename> files.
+      zone. The security status of delegations from the signed zone
+      (that is, whether the child zones are secure or not) is
+      determined by the presence or absence of a
+      <filename>keyset</filename> file for each child zone.
     </para>
   </refsect1>
 
@@ -155,10 +148,8 @@
         <term>-g</term>
         <listitem>
           <para>
-            If the zone contains any delegations, and there are
-            <filename>keyset-</filename> files for any of the child zones,
-            then DS records for the child zones will be generated from the
-            keys in those files.  Existing DS records will be removed.
+            Generate DS records for child zones from keyset files.
+            Existing DS records will be removed.
           </para>
         </listitem>
       </varlistentry>
@@ -201,7 +192,7 @@
             The name of the output file containing the signed zone.  The
             default is to append <filename>.signed</filename> to
             the
-            input filename.
+            input file.
           </para>
         </listitem>
       </varlistentry>
@@ -220,7 +211,7 @@
         <term>-i <replaceable class="parameter">interval</replaceable></term>
         <listitem>
           <para>
-            When a previously-signed zone is passed as input, records
+            When a previously signed zone is passed as input, records
             may be resigned.  The <option>interval</option> option
             specifies the cycle interval as an offset from the current
             time (in seconds).  If a RRSIG record expires after the
@@ -264,8 +255,8 @@
             When signing a zone with a fixed signature lifetime, all
             RRSIG records issued at the time of signing expires
             simultaneously.  If the zone is incrementally signed, i.e.
-            a previously-signed zone is passed as input to the signer,
-            all expired signatures have to be regenerated at about the
+            a previously signed zone is passed as input to the signer,
+            all expired signatures has to be regenerated at about the
             same time.  The <option>jitter</option> option specifies a
             jitter window that will be used to randomize the signature
             expire time, thus spreading incremental signature
@@ -362,22 +353,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-P</term>
-        <listitem>
-          <para>
-	    Disable post sign verification tests.
-          </para>
-          <para>
-	    The post sign verification test ensures that for each algorithm
-	    in use there is at least one non revoked self signed KSK key,
-	    that all revoked KSK keys are self signed, and that all records
-	    in the zone are signed by the algorithm.
-	    This option skips these tests.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-r <replaceable class="parameter">randomdev</replaceable></term>
         <listitem>
@@ -422,38 +397,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-3 <replaceable class="parameter">salt</replaceable></term>
-        <listitem>
-          <para>
-            Generate a NSEC3 chain with the given hex encoded salt.
-	    A dash (<replaceable class="parameter">salt</replaceable>) can
-	    be used to indicate that no salt is to be used when generating		    the NSEC3 chain.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-H <replaceable class="parameter">iterations</replaceable></term>
-        <listitem>
-          <para>
-	    When generating a NSEC3 chain use this many interations.  The
-	    default is 100.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-A</term>
-        <listitem>
-          <para>
-	    When generating a NSEC3 chain set the OPTOUT flag on all
-	    NSEC3 records and do not generate NSEC3 records for insecure
-	    delegations.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>zonefile</term>
         <listitem>
@@ -467,11 +410,9 @@
         <term>key</term>
         <listitem>
           <para>
-	    Specify which keys should be used to sign the zone.  If
-	    no keys are specified, then the zone will be examined
-	    for DNSKEY records at the zone apex.  If these are found and
-	    there are matching private keys, in the current directory,
-	    then these will be used for signing.
+            The keys used to sign the zone.  If no keys are specified, the
+            default all zone keys that have private key files in the
+            current directory.
           </para>
         </listitem>
       </varlistentry>
@@ -483,57 +424,27 @@
     <title>EXAMPLE</title>
     <para>
       The following command signs the <userinput>example.com</userinput>
-      zone with the DSA key generated by <command>dnssec-keygen</command>
-      (Kexample.com.+003+17247).  The zone's keys must be in the master
-      file (<filename>db.example.com</filename>).  This invocation looks
-      for <filename>keyset</filename> files, in the current directory,
-      so that DS records can be generated from them (<command>-g</command>).
+      zone with the DSA key generated in the <command>dnssec-keygen</command>
+      man page.  The zone's keys must be in the zone.  If there are
+      <filename>keyset</filename> files associated with child
+      zones,
+      they must be in the current directory.
+      <userinput>example.com</userinput>, the following command would be
+      issued:
+    </para>
+    <para><userinput>dnssec-signzone -o example.com db.example.com
+        Kexample.com.+003+26160</userinput>
     </para>
-<programlisting>% dnssec-signzone -g -o example.com db.example.com \
-Kexample.com.+003+17247
-db.example.com.signed
-%</programlisting>
     <para>
-      In the above example, <command>dnssec-signzone</command> creates
+      The command would print a string of the form:
+    </para>
+    <para>
+      In this example, <command>dnssec-signzone</command> creates
       the file <filename>db.example.com.signed</filename>.  This
-      file should be referenced in a zone statement in a
+      file
+      should be referenced in a zone statement in a
       <filename>named.conf</filename> file.
     </para>
-    <para>
-      This example re-signs a previously signed zone with default parameters.
-      The private keys are assumed to be in the current directory.
-    </para>
-<programlisting>% cp db.example.com.signed db.example.com
-% dnssec-signzone -o example.com db.example.com
-db.example.com.signed
-%</programlisting>
-  </refsect1>
-
-  <refsect1>
-    <title>KNOWN BUGS</title>
-    <para>
-        <command>dnssec-signzone</command> was designed so that it could
-        sign a zone partially, using only a subset of the DNSSEC keys
-        needed to produce a fully-signed zone.  This permits a zone
-        administrator, for example, to sign a zone with one key on one
-        machine, move the resulting partially-signed zone to a second
-        machine, and sign it again with a second key.
-    </para>
-    <para>
-        An unfortunate side-effect of this flexibility is that
-        <command>dnssec-signzone</command> does not check to make sure
-        it's signing a zone with any valid keys at all.  An attempt to
-        sign a zone without any keys will appear to succeed, producing
-        a "signed" zone with no signatures.  There is no warning issued
-        when a zone is not fully signed.
-    </para>
-
-    <para>
-        This will be corrected in a future release.  In the meantime, ISC
-        recommends examining the output of <command>dnssec-signzone</command>
-        to confirm that the zone is properly signed by all keys before
-        using it.
-    </para>
   </refsect1>
 
   <refsect1>
@@ -542,7 +453,7 @@ db.example.com.signed
         <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
       <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-      <citetitle>RFC 4033</citetitle>.
+      <citetitle>RFC 2535</citetitle>.
     </para>
   </refsect1>
 

bin/dnssec/dnssec-signzone.html

@@ -1,8 +1,8 @@
 <!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
- - Permission to use, copy, modify, and/or distribute this software for any
+ - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
  - copyright notice and this permission notice appear in all copies.
  - 
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-signzone.html,v 1.33.44.8 2009/11/07 01:56:11 tbox Exp $ -->
+<!-- $Id: dnssec-signzone.html,v 1.8.18.19 2006/06/29 13:03:01 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dnssec-signzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.dnssec-signzone"></a><div class="titlepage"></div>
@@ -29,21 +29,21 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543558"></a><h2>DESCRIPTION</h2>
+<a name="id2549584"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-signzone</strong></span>
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
-      zone.  It also generates a <code class="filename">keyset-</code> file containing
-      the key-signing keys for the zone, and if signing a zone which
-      contains delegations, it can optionally generate DS records for
-      the child zones from their <code class="filename">keyset-</code> files.
+      zone. The security status of delegations from the signed zone
+      (that is, whether the child zones are secure or not) is
+      determined by the presence or absence of a
+      <code class="filename">keyset</code> file for each child zone.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543576"></a><h2>OPTIONS</h2>
+<a name="id2549598"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a</span></dt>
 <dd><p>
@@ -70,10 +70,8 @@
           </p></dd>
 <dt><span class="term">-g</span></dt>
 <dd><p>
-            If the zone contains any delegations, and there are
-            <code class="filename">keyset-</code> files for any of the child zones,
-            then DS records for the child zones will be generated from the
-            keys in those files.  Existing DS records will be removed.
+            Generate DS records for child zones from keyset files.
+            Existing DS records will be removed.
           </p></dd>
 <dt><span class="term">-s <em class="replaceable"><code>start-time</code></em></span></dt>
 <dd><p>
@@ -101,7 +99,7 @@
             The name of the output file containing the signed zone.  The
             default is to append <code class="filename">.signed</code> to
             the
-            input filename.
+            input file.
           </p></dd>
 <dt><span class="term">-h</span></dt>
 <dd><p>
@@ -111,7 +109,7 @@
 <dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
 <dd>
 <p>
-            When a previously-signed zone is passed as input, records
+            When a previously signed zone is passed as input, records
             may be resigned.  The <code class="option">interval</code> option
             specifies the cycle interval as an offset from the current
             time (in seconds).  If a RRSIG record expires after the
@@ -147,8 +145,8 @@
             When signing a zone with a fixed signature lifetime, all
             RRSIG records issued at the time of signing expires
             simultaneously.  If the zone is incrementally signed, i.e.
-            a previously-signed zone is passed as input to the signer,
-            all expired signatures have to be regenerated at about the
+            a previously signed zone is passed as input to the signer,
+            all expired signatures has to be regenerated at about the
             same time.  The <code class="option">jitter</code> option specifies a
             jitter window that will be used to randomize the signature
             expire time, thus spreading incremental signature
@@ -204,19 +202,6 @@
             may be useful when signing large zones or when the entropy
             source is limited.
           </p></dd>
-<dt><span class="term">-P</span></dt>
-<dd>
-<p>
-	    Disable post sign verification tests.
-          </p>
-<p>
-	    The post sign verification test ensures that for each algorithm
-	    in use there is at least one non revoked self signed KSK key,
-	    that all revoked KSK keys are self signed, and that all records
-	    in the zone are signed by the algorithm.
-	    This option skips these tests.
-          </p>
-</dd>
 <dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
 <dd><p>
             Specifies the source of randomness.  If the operating
@@ -241,100 +226,53 @@
 <dd><p>
             Ignore KSK flag on key when determining what to sign.
           </p></dd>
-<dt><span class="term">-3 <em class="replaceable"><code>salt</code></em></span></dt>
-<dd><p>
-            Generate a NSEC3 chain with the given hex encoded salt.
-	    A dash (<em class="replaceable"><code>salt</code></em>) can
-	    be used to indicate that no salt is to be used when generating		    the NSEC3 chain.
-          </p></dd>
-<dt><span class="term">-H <em class="replaceable"><code>iterations</code></em></span></dt>
-<dd><p>
-	    When generating a NSEC3 chain use this many interations.  The
-	    default is 100.
-          </p></dd>
-<dt><span class="term">-A</span></dt>
-<dd><p>
-	    When generating a NSEC3 chain set the OPTOUT flag on all
-	    NSEC3 records and do not generate NSEC3 records for insecure
-	    delegations.
-          </p></dd>
 <dt><span class="term">zonefile</span></dt>
 <dd><p>
             The file containing the zone to be signed.
           </p></dd>
 <dt><span class="term">key</span></dt>
 <dd><p>
-	    Specify which keys should be used to sign the zone.  If
-	    no keys are specified, then the zone will be examined
-	    for DNSKEY records at the zone apex.  If these are found and
-	    there are matching private keys, in the current directory,
-	    then these will be used for signing.
+            The keys used to sign the zone.  If no keys are specified, the
+            default all zone keys that have private key files in the
+            current directory.
           </p></dd>
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544503"></a><h2>EXAMPLE</h2>
+<a name="id2550521"></a><h2>EXAMPLE</h2>
 <p>
       The following command signs the <strong class="userinput"><code>example.com</code></strong>
-      zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
-      (Kexample.com.+003+17247).  The zone's keys must be in the master
-      file (<code class="filename">db.example.com</code>).  This invocation looks
-      for <code class="filename">keyset</code> files, in the current directory,
-      so that DS records can be generated from them (<span><strong class="command">-g</strong></span>).
+      zone with the DSA key generated in the <span><strong class="command">dnssec-keygen</strong></span>
+      man page.  The zone's keys must be in the zone.  If there are
+      <code class="filename">keyset</code> files associated with child
+      zones,
+      they must be in the current directory.
+      <strong class="userinput"><code>example.com</code></strong>, the following command would be
+      issued:
+    </p>
+<p><strong class="userinput"><code>dnssec-signzone -o example.com db.example.com
+        Kexample.com.+003+26160</code></strong>
     </p>
-<pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
-Kexample.com.+003+17247
-db.example.com.signed
-%</pre>
 <p>
-      In the above example, <span><strong class="command">dnssec-signzone</strong></span> creates
+      The command would print a string of the form:
+    </p>
+<p>
+      In this example, <span><strong class="command">dnssec-signzone</strong></span> creates
       the file <code class="filename">db.example.com.signed</code>.  This
-      file should be referenced in a zone statement in a
+      file
+      should be referenced in a zone statement in a
       <code class="filename">named.conf</code> file.
     </p>
-<p>
-      This example re-signs a previously signed zone with default parameters.
-      The private keys are assumed to be in the current directory.
-    </p>
-<pre class="programlisting">% cp db.example.com.signed db.example.com
-% dnssec-signzone -o example.com db.example.com
-db.example.com.signed
-%</pre>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544554"></a><h2>KNOWN BUGS</h2>
-<p>
-        <span><strong class="command">dnssec-signzone</strong></span> was designed so that it could
-        sign a zone partially, using only a subset of the DNSSEC keys
-        needed to produce a fully-signed zone.  This permits a zone
-        administrator, for example, to sign a zone with one key on one
-        machine, move the resulting partially-signed zone to a second
-        machine, and sign it again with a second key.
-    </p>
-<p>
-        An unfortunate side-effect of this flexibility is that
-        <span><strong class="command">dnssec-signzone</strong></span> does not check to make sure
-        it's signing a zone with any valid keys at all.  An attempt to
-        sign a zone without any keys will appear to succeed, producing
-        a "signed" zone with no signatures.  There is no warning issued
-        when a zone is not fully signed.
-    </p>
-<p>
-        This will be corrected in a future release.  In the meantime, ISC
-        recommends examining the output of <span><strong class="command">dnssec-signzone</strong></span>
-        to confirm that the zone is properly signed by all keys before
-        using it.
-    </p>
-</div>
-<div class="refsect1" lang="en">
-<a name="id2544716"></a><h2>SEE ALSO</h2>
+<a name="id2550569"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
-      <em class="citetitle">RFC 4033</em>.
+      <em class="citetitle">RFC 2535</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544741"></a><h2>AUTHOR</h2>
+<a name="id2550594"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dnssec/dnssectool.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssectool.c,v 1.45.334.5 2009/06/22 05:05:00 marka Exp $ */
+/* $Id: dnssectool.c,v 1.40.18.3 2005/07/01 03:55:28 marka Exp $ */
 
 /*! \file */
 
@@ -65,7 +65,7 @@ void
 fatal(const char *format, ...) {
 	va_list args;
 
-	fprintf(stderr, "%s: fatal: ", program);
+	fprintf(stderr, "%s: ", program);
 	va_start(args, format);
 	vfprintf(stderr, format, args);
 	va_end(args);
@@ -222,7 +222,7 @@ setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
 	int usekeyboard = ISC_ENTROPY_KEYBOARDMAYBE;
 
 	REQUIRE(ectx != NULL);
-
+	
 	if (*ectx == NULL) {
 		result = isc_entropy_create(mctx, ectx);
 		if (result != ISC_R_SUCCESS)

bin/dnssec/dnssectool.h

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2007-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssectool.h,v 1.22.48.2 2009/09/04 23:46:58 tbox Exp $ */
+/* $Id: dnssectool.h,v 1.18 2004/03/05 04:57:41 marka Exp $ */
 
 #ifndef DNSSECTOOL_H
 #define DNSSECTOOL_H 1
@@ -41,11 +41,11 @@ vbprintf(int level, const char *fmt, ...) ISC_FORMAT_PRINTF(2, 3);
 
 void
 type_format(const dns_rdatatype_t type, char *cp, unsigned int size);
-#define TYPE_FORMATSIZE 20
+#define TYPE_FORMATSIZE 10
 
 void
 alg_format(const dns_secalg_t alg, char *cp, unsigned int size);
-#define ALG_FORMATSIZE 20
+#define ALG_FORMATSIZE 10
 
 void
 sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size);

bin/dnssec/win32/dnssectool.dsp

@@ -1,113 +0,0 @@
-# Microsoft Developer Studio Project File - Name="dnssectool" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
-
-CFG=dnssectool - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "dnssectool.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dnssectool.mak" CFG="dnssectool - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dnssectool - Win32 Release" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE "dnssectool - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-MTL=midl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "dnssectool - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddnssectool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /out:"Release/dnssectool.lib"
-
-!ELSEIF  "$(CFG)" == "dnssectool - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddnssectool
-# SUBTRACT CPP /X
-# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 
-# ADD LINK32 /debug out:"Debug/dnssectool.lib"
-
-!ENDIF 
-
-# Begin Target
-
-# Name "dnssectool - Win32 Release"
-# Name "dnssectool - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# Begin Group "Main Dns Lib"
-
-# PROP Default_Filter "c"
-# Begin Source File
-
-SOURCE=..\dnssectool.c
-# End Source File
-# End Group
-# End Target
-# End Project

bin/dnssec/win32/dnssectool.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "dighost"=".\dnssectool.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dnssec/win32/dsfromkey.dsp

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="dsfromkey" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=dsfromkey - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "dsfromkey.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dsfromkey.mak" CFG="dsfromkey - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dsfromkey - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "dsfromkey - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-dsfromkey.exe"
-
-!ELSEIF  "$(CFG)" == "dsfromkey - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-dsfromkey.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "dsfromkey - Win32 Release"
-# Name "dsfromkey - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\dnssec-dsfromkey.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/dnssec/win32/dsfromkey.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "dsfromkey"=".\dsfromkey.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dnssec/win32/dsfromkey.mak

@@ -1,324 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on dsfromkey.dsp
-!IF "$(CFG)" == ""
-CFG=dsfromkey - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to dsfromkey - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "dsfromkey - Win32 Release" && "$(CFG)" != "dsfromkey - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "dsfromkey.mak" CFG="dsfromkey - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "dsfromkey - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "dsfromkey - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\dnssec-dsfromkey.exe"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\dnssec-dsfromkey.obj"
-	-@erase "$(INTDIR)\dnssectool.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\dnssec-dsfromkey.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dsfromkey.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\dsfromkey.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dnssec-dsfromkey.pdb" /machine:I386 /out:"../../../Build/Release/dnssec-dsfromkey.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\dnssec-dsfromkey.obj" \
-	"$(INTDIR)\dnssectool.obj"
-
-"..\..\..\Build\Release\dnssec-dsfromkey.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "dsfromkey - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\dnssec-dsfromkey.exe" "$(OUTDIR)\dsfromkey.bsc"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\dnssec-dsfromkey.obj"
-	-@erase "$(INTDIR)\dnssec-dsfromkey.sbr"
-	-@erase "$(INTDIR)\dnssectool.obj"
-	-@erase "$(INTDIR)\dnssectool.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\dnssec-dsfromkey.pdb"
-	-@erase "$(OUTDIR)\dsfromkey.bsc"
-	-@erase "..\..\..\Build\Debug\dnssec-dsfromkey.exe"
-	-@erase "..\..\..\Build\Debug\dnssec-dsfromkey.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\dsfromkey.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\dnssec-dsfromkey.sbr" \
-	"$(INTDIR)\dnssectool.sbr"
-
-"$(OUTDIR)\dsfromkey.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dnssec-dsfromkey.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dnssec-dsfromkey.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\dnssec-dsfromkey.obj" \
-	"$(INTDIR)\dnssectool.obj"
-
-"..\..\..\Build\Debug\dnssec-dsfromkey.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("dsfromkey.dep")
-!INCLUDE "dsfromkey.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "dsfromkey.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "dsfromkey - Win32 Release" || "$(CFG)" == "dsfromkey - Win32 Debug"
-SOURCE="..\dnssec-dsfromkey.c"
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-
-
-"$(INTDIR)\dnssec-dsfromkey.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "dsfromkey - Win32 Debug"
-
-
-"$(INTDIR)\dnssec-dsfromkey.obj"	"$(INTDIR)\dnssec-dsfromkey.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\dnssectool.c
-
-!IF  "$(CFG)" == "dsfromkey - Win32 Release"
-
-
-"$(INTDIR)\dnssectool.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "dsfromkey - Win32 Debug"
-
-
-"$(INTDIR)\dnssectool.obj"	"$(INTDIR)\dnssectool.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dnssec/win32/keyfromlabel.dsp

@@ -1,103 +0,0 @@
-# Microsoft Developer Studio Project File - Name="keyfromlabel" - Package Owner=<4>
-# Microsoft Developer Studio Generated Build File, Format Version 6.00
-# ** DO NOT EDIT **
-
-# TARGTYPE "Win32 (x86) Console Application" 0x0103
-
-CFG=keyfromlabel - Win32 Debug
-!MESSAGE This is not a valid makefile. To build this project using NMAKE,
-!MESSAGE use the Export Makefile command and run
-!MESSAGE 
-!MESSAGE NMAKE /f "keyfromlabel.mak".
-!MESSAGE 
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "keyfromlabel.mak" CFG="keyfromlabel - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "keyfromlabel - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "keyfromlabel - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-
-# Begin Project
-# PROP AllowPerConfigDependencies 0
-# PROP Scc_ProjName ""
-# PROP Scc_LocalPath ""
-CPP=cl.exe
-RSC=rc.exe
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 0
-# PROP BASE Output_Dir "Release"
-# PROP BASE Intermediate_Dir "Release"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 0
-# PROP Output_Dir "Release"
-# PROP Intermediate_Dir "Release"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
-# ADD BASE RSC /l 0x409 /d "NDEBUG"
-# ADD RSC /l 0x409 /d "NDEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-keyfromlabel.exe"
-
-!ELSEIF  "$(CFG)" == "keyfromlabel - Win32 Debug"
-
-# PROP BASE Use_MFC 0
-# PROP BASE Use_Debug_Libraries 1
-# PROP BASE Output_Dir "Debug"
-# PROP BASE Intermediate_Dir "Debug"
-# PROP BASE Target_Dir ""
-# PROP Use_MFC 0
-# PROP Use_Debug_Libraries 1
-# PROP Output_Dir "Debug"
-# PROP Intermediate_Dir "Debug"
-# PROP Ignore_Export_Lib 0
-# PROP Target_Dir ""
-# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
-# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
-# SUBTRACT CPP /X /YX
-# ADD BASE RSC /l 0x409 /d "_DEBUG"
-# ADD RSC /l 0x409 /d "_DEBUG"
-BSC32=bscmake.exe
-# ADD BASE BSC32 /nologo
-# ADD BSC32 /nologo
-LINK32=link.exe
-# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keyfromlabel.exe" /pdbtype:sept
-
-!ENDIF 
-
-# Begin Target
-
-# Name "keyfromlabel - Win32 Release"
-# Name "keyfromlabel - Win32 Debug"
-# Begin Group "Source Files"
-
-# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
-# Begin Source File
-
-SOURCE="..\dnssec-keyfromlabel.c"
-# End Source File
-# End Group
-# Begin Group "Header Files"
-
-# PROP Default_Filter "h;hpp;hxx;hm;inl"
-# End Group
-# Begin Group "Resource Files"
-
-# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
-# End Group
-# End Target
-# End Project

bin/dnssec/win32/keyfromlabel.dsw

@@ -1,29 +0,0 @@
-Microsoft Developer Studio Workspace File, Format Version 6.00
-# WARNING: DO NOT EDIT OR DELETE THIS WORKSPACE FILE!
-
-###############################################################################
-
-Project: "keyfromlabel"=".\keyfromlabel.dsp" - Package Owner=<4>
-
-Package=<5>
-{{{
-}}}
-
-Package=<4>
-{{{
-}}}
-
-###############################################################################
-
-Global:
-
-Package=<5>
-{{{
-}}}
-
-Package=<3>
-{{{
-}}}
-
-###############################################################################
-

bin/dnssec/win32/keyfromlabel.mak

@@ -1,324 +0,0 @@
-# Microsoft Developer Studio Generated NMAKE File, Based on keyfromlabel.dsp
-!IF "$(CFG)" == ""
-CFG=keyfromlabel - Win32 Debug
-!MESSAGE No configuration specified. Defaulting to keyfromlabel - Win32 Debug.
-!ENDIF 
-
-!IF "$(CFG)" != "keyfromlabel - Win32 Release" && "$(CFG)" != "keyfromlabel - Win32 Debug"
-!MESSAGE Invalid configuration "$(CFG)" specified.
-!MESSAGE You can specify a configuration when running NMAKE
-!MESSAGE by defining the macro CFG on the command line. For example:
-!MESSAGE 
-!MESSAGE NMAKE /f "keyfromlabel.mak" CFG="keyfromlabel - Win32 Debug"
-!MESSAGE 
-!MESSAGE Possible choices for configuration are:
-!MESSAGE 
-!MESSAGE "keyfromlabel - Win32 Release" (based on "Win32 (x86) Console Application")
-!MESSAGE "keyfromlabel - Win32 Debug" (based on "Win32 (x86) Console Application")
-!MESSAGE 
-!ERROR An invalid configuration is specified.
-!ENDIF 
-
-!IF "$(OS)" == "Windows_NT"
-NULL=
-!ELSE 
-NULL=nul
-!ENDIF 
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-
-OUTDIR=.\Release
-INTDIR=.\Release
-
-ALL : "..\..\..\Build\Release\dnssec-keyfromlabel.exe"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\dnssec-keyfromlabel.obj"
-	-@erase "$(INTDIR)\dnssectool.obj"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "..\..\..\Build\Release\dnssec-keyfromlabel.exe"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "NDEBUG" /D "__STDC__" /D "WIN32" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\keyfromlabel.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\keyfromlabel.bsc" 
-BSC32_SBRS= \
-	
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dnssec-keyfromlabel.pdb" /machine:I386 /out:"../../../Build/Release/dnssec-keyfromlabel.exe" 
-LINK32_OBJS= \
-	"$(INTDIR)\dnssec-keyfromlabel.obj" \
-	"$(INTDIR)\dnssectool.obj"
-
-"..\..\..\Build\Release\dnssec-keyfromlabel.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ELSEIF  "$(CFG)" == "keyfromlabel - Win32 Debug"
-
-OUTDIR=.\Debug
-INTDIR=.\Debug
-# Begin Custom Macros
-OutDir=.\Debug
-# End Custom Macros
-
-ALL : "..\..\..\Build\Debug\dnssec-keyfromlabel.exe" "$(OUTDIR)\keyfromlabel.bsc"
-
-
-CLEAN :
-	-@erase "$(INTDIR)\dnssec-keyfromlabel.obj"
-	-@erase "$(INTDIR)\dnssec-keyfromlabel.sbr"
-	-@erase "$(INTDIR)\dnssectool.obj"
-	-@erase "$(INTDIR)\dnssectool.sbr"
-	-@erase "$(INTDIR)\vc60.idb"
-	-@erase "$(INTDIR)\vc60.pdb"
-	-@erase "$(OUTDIR)\dnssec-keyfromlabel.pdb"
-	-@erase "$(OUTDIR)\keyfromlabel.bsc"
-	-@erase "..\..\..\Build\Debug\dnssec-keyfromlabel.exe"
-	-@erase "..\..\..\Build\Debug\dnssec-keyfromlabel.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
-
-"$(OUTDIR)" :
-    if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
-
-CPP=cl.exe
-CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /D "_DEBUG" /D "WIN32" /D "__STDC__" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c 
-
-.c{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.obj::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.c{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cpp{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-.cxx{$(INTDIR)}.sbr::
-   $(CPP) @<<
-   $(CPP_PROJ) $< 
-<<
-
-RSC=rc.exe
-BSC32=bscmake.exe
-BSC32_FLAGS=/nologo /o"$(OUTDIR)\keyfromlabel.bsc" 
-BSC32_SBRS= \
-	"$(INTDIR)\dnssec-keyfromlabel.sbr" \
-	"$(INTDIR)\dnssectool.sbr"
-
-"$(OUTDIR)\keyfromlabel.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-    $(BSC32) @<<
-  $(BSC32_FLAGS) $(BSC32_SBRS)
-<<
-
-LINK32=link.exe
-LINK32_FLAGS=user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dnssec-keyfromlabel.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keyfromlabel.exe" /pdbtype:sept 
-LINK32_OBJS= \
-	"$(INTDIR)\dnssec-keyfromlabel.obj" \
-	"$(INTDIR)\dnssectool.obj"
-
-"..\..\..\Build\Debug\dnssec-keyfromlabel.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-    $(LINK32) @<<
-  $(LINK32_FLAGS) $(LINK32_OBJS)
-<<
-    $(_VC_MANIFEST_EMBED_EXE)
-
-!ENDIF 
-
-
-!IF "$(NO_EXTERNAL_DEPS)" != "1"
-!IF EXISTS("keyfromlabel.dep")
-!INCLUDE "keyfromlabel.dep"
-!ELSE 
-!MESSAGE Warning: cannot find "keyfromlabel.dep"
-!ENDIF 
-!ENDIF 
-
-
-!IF "$(CFG)" == "keyfromlabel - Win32 Release" || "$(CFG)" == "keyfromlabel - Win32 Debug"
-SOURCE="..\dnssec-keyfromlabel.c"
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-
-
-"$(INTDIR)\dnssec-keyfromlabel.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "keyfromlabel - Win32 Debug"
-
-
-"$(INTDIR)\dnssec-keyfromlabel.obj"	"$(INTDIR)\dnssec-keyfromlabel.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-SOURCE=..\dnssectool.c
-
-!IF  "$(CFG)" == "keyfromlabel - Win32 Release"
-
-
-"$(INTDIR)\dnssectool.obj" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ELSEIF  "$(CFG)" == "keyfromlabel - Win32 Debug"
-
-
-"$(INTDIR)\dnssectool.obj"	"$(INTDIR)\dnssectool.sbr" : $(SOURCE) "$(INTDIR)"
-	$(CPP) $(CPP_PROJ) $(SOURCE)
-
-
-!ENDIF 
-
-
-!ENDIF 
-
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dnssec/win32/keygen.dsp

@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-keygen.exe"
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-keygen.exe"
 
 !ELSEIF  "$(CFG)" == "keygen - Win32 Debug"
 
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keygen.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-keygen.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -90,6 +90,10 @@ LINK32=link.exe
 
 SOURCE="..\dnssec-keygen.c"
 # End Source File
+# Begin Source File
+
+SOURCE=..\dnssectool.c
+# End Source File
 # End Group
 # Begin Group "Header Files"
 

bin/dnssec/win32/keygen.mak

@@ -25,81 +25,6 @@ NULL=
 NULL=nul
 !ENDIF 
 
-!IF  "$(CFG)" == "keygen - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
 !IF  "$(CFG)" == "keygen - Win32 Release"
 
 OUTDIR=.\Release
@@ -113,7 +38,6 @@ CLEAN :
 	-@erase "$(INTDIR)\dnssectool.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\dnssec-keygen.exe"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -166,7 +90,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "keygen - Win32 Debug"
 
@@ -190,7 +113,6 @@ CLEAN :
 	-@erase "$(OUTDIR)\keygen.bsc"
 	-@erase "..\..\..\Build\Debug\dnssec-keygen.exe"
 	-@erase "..\..\..\Build\Debug\dnssec-keygen.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -250,7 +172,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -304,21 +225,3 @@ SOURCE=..\dnssectool.c
 
 !ENDIF 
 
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/dnssec/win32/signzone.dsp

@@ -50,7 +50,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
-# ADD LINK32 user32.lib advapi32.lib Release/dnssectool.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-signzone.exe"
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dnssec-signzone.exe"
 
 !ELSEIF  "$(CFG)" == "signzone - Win32 Debug"
 
@@ -75,7 +75,7 @@ BSC32=bscmake.exe
 # ADD BSC32 /nologo
 LINK32=link.exe
 # ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
-# ADD LINK32 user32.lib advapi32.lib Debug/dnssectool.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-signzone.exe" /pdbtype:sept
+# ADD LINK32 user32.lib advapi32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dnssec-signzone.exe" /pdbtype:sept
 
 !ENDIF 
 
@@ -90,6 +90,10 @@ LINK32=link.exe
 
 SOURCE="..\dnssec-signzone.c"
 # End Source File
+# Begin Source File
+
+SOURCE=..\dnssectool.c
+# End Source File
 # End Group
 # Begin Group "Header Files"
 

bin/dnssec/win32/signzone.mak

@@ -25,81 +25,6 @@ NULL=
 NULL=nul
 !ENDIF 
 
-!IF  "$(CFG)" == "signzone - Win32 Release"
-_VC_MANIFEST_INC=0
-_VC_MANIFEST_BASENAME=__VC80
-!ELSE
-_VC_MANIFEST_INC=1
-_VC_MANIFEST_BASENAME=__VC80.Debug
-!ENDIF
-
-####################################################
-# Specifying name of temporary resource file used only in incremental builds:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
-!else
-_VC_MANIFEST_AUTO_RES=
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
-
-!endif
-
-####################################################
-# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-#MT_SPECIAL_RETURN=1090650113
-#MT_SPECIAL_SWITCH=-notify_resource_update
-MT_SPECIAL_RETURN=0
-MT_SPECIAL_SWITCH=
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
-if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
-rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
-link $** /out:$@ $(LFLAGS)
-
-!else
-
-_VC_MANIFEST_EMBED_EXE= \
-if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
-
-!endif
-####################################################
-# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
-
-!if "$(_VC_MANIFEST_INC)" == "1"
-
-_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-    $(_VC_MANIFEST_BASENAME).auto.rc \
-    $(_VC_MANIFEST_BASENAME).auto.manifest
-
-!else
-
-_VC_MANIFEST_CLEAN=
-
-!endif
-
 !IF  "$(CFG)" == "signzone - Win32 Release"
 
 OUTDIR=.\Release
@@ -113,7 +38,6 @@ CLEAN :
 	-@erase "$(INTDIR)\dnssectool.obj"
 	-@erase "$(INTDIR)\vc60.idb"
 	-@erase "..\..\..\Build\Release\dnssec-signzone.exe"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -166,7 +90,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ELSEIF  "$(CFG)" == "signzone - Win32 Debug"
 
@@ -190,7 +113,6 @@ CLEAN :
 	-@erase "$(OUTDIR)\signzone.bsc"
 	-@erase "..\..\..\Build\Debug\dnssec-signzone.exe"
 	-@erase "..\..\..\Build\Debug\dnssec-signzone.ilk"
-	-@$(_VC_MANIFEST_CLEAN)
 
 "$(OUTDIR)" :
     if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
@@ -250,7 +172,6 @@ LINK32_OBJS= \
     $(LINK32) @<<
   $(LINK32_FLAGS) $(LINK32_OBJS)
 <<
-    $(_VC_MANIFEST_EMBED_EXE)
 
 !ENDIF 
 
@@ -304,21 +225,3 @@ SOURCE=..\dnssectool.c
 
 !ENDIF 
 
-####################################################
-# Commands to generate initial empty manifest file and the RC file
-# that references it, and for generating the .res file:
-
-$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
-
-$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-    type <<$@
-#include <winuser.h>
-1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
-<< KEEP
-
-$(_VC_MANIFEST_BASENAME).auto.manifest :
-    type <<$@
-<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
-<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
-</assembly>
-<< KEEP

bin/named/Makefile.in

@@ -1,7 +1,7 @@
-# Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2002  Internet Software Consortium.
 #
-# Permission to use, copy, modify, and/or distribute this software for any
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.101 2008/09/23 17:25:47 jinmei Exp $
+# $Id: Makefile.in,v 1.80.18.7 2005/09/05 00:18:10 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,8 +21,6 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-@BIND9_CONFIGARGS@
-
 @BIND9_MAKE_INCLUDES@
 
 #
@@ -40,7 +38,7 @@ DLZDRIVER_SRCS =	@DLZ_DRIVER_SRCS@
 DLZDRIVER_INCLUDES =	@DLZ_DRIVER_INCLUDES@
 DLZDRIVER_LIBS =	@DLZ_DRIVER_LIBS@
 
-CINCLUDES =	-I${srcdir}/include -I${srcdir}/unix/include -I. \
+CINCLUDES =	-I${srcdir}/include -I${srcdir}/unix/include \
 		${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
 		${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
 		${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES}
@@ -77,7 +75,7 @@ TARGETS =	named@EXEEXT@ lwresd@EXEEXT@
 OBJS =		builtin.@O@ client.@O@ config.@O@ control.@O@ \
 		controlconf.@O@ interfacemgr.@O@ \
 		listenlist.@O@ log.@O@ logconf.@O@ main.@O@ notify.@O@ \
-		query.@O@ server.@O@ sortlist.@O@ statschannel.@O@ \
+		query.@O@ server.@O@ sortlist.@O@ \
 		tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \
 		zoneconf.@O@ \
 		lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \
@@ -89,7 +87,7 @@ UOBJS =		unix/os.@O@
 SRCS =		builtin.c client.c config.c control.c \
 		controlconf.c interfacemgr.c \
 		listenlist.c log.c logconf.c main.c notify.c \
-		query.c server.c sortlist.c statschannel.c \
+		query.c server.c sortlist.c \
 		tkeyconf.c tsigconf.c update.c xfrout.c \
 		zoneconf.c \
 		lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \
@@ -107,7 +105,6 @@ MANOBJS =	${MANPAGES} ${HTMLPAGES}
 main.@O@: main.c
 	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
 		-DVERSION=\"${VERSION}\" \
-		-DCONFIGARGS="\"${CONFIGARGS}\"" \
 		-DNS_LOCALSTATEDIR=\"${localstatedir}\" \
 		-DNS_SYSCONFDIR=\"${sysconfdir}\" -c ${srcdir}/main.c
 
@@ -133,12 +130,6 @@ docclean manclean maintainer-clean::
 clean distclean maintainer-clean::
 	rm -f ${TARGETS} ${OBJS}
 
-bind9.xsl.h: bind9.xsl convertxsl.pl
-	${PERL} ${srcdir}/convertxsl.pl < ${srcdir}/bind9.xsl > bind9.xsl.h
-
-depend: bind9.xsl.h
-statschannel.@O@: bind9.xsl.h
-
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5

bin/named/bind9.xsl

@@ -1,492 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- - Copyright (C) 2006-2009  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and/or distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: bind9.xsl,v 1.19.82.2 2009/01/29 23:47:43 tbox Exp $ -->
-
-<xsl:stylesheet version="1.0"
-   xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
-   xmlns="http://www.w3.org/1999/xhtml">
-  <xsl:template match="isc/bind/statistics">
-    <html>
-      <head>
-        <style type="text/css">
-body {
-	font-family: sans-serif;
-	background-color: #ffffff;
-	color: #000000;
-}
-
-table {
-	border-collapse: collapse;
-}
-
-tr.rowh {
-	text-align: center;
-	border: 1px solid #000000;
-	background-color: #8080ff;
-	color: #ffffff;
-}
-
-tr.row {
-	text-align: right;
-	border: 1px solid #000000;
-	background-color: teal;
-	color: #ffffff;
-}
-
-tr.lrow {
-	text-align: left;
-	border: 1px solid #000000;
-	background-color: teal;
-	color: #ffffff;
-}
-
-td, th {
-	padding-right: 5px;
-	padding-left: 5px;
-}
-
-.header h1 {
-	background-color: teal;
-	color: #ffffff;
-	padding: 4px;
-}
-
-.content {
-	background-color: #ffffff;
-	color: #000000;
-	padding: 4px;
-}
-
-.item {
-	padding: 4px;
-	align: right;
-}
-
-.value {
-	padding: 4px;
-	font-weight: bold;
-}
-
-div.statcounter h2 {
-	text-align: center;
-	font-size: large;
-	border: 1px solid #000000;
-	background-color: #8080ff;
-	color: #ffffff;
-}
-
-div.statcounter dl {
-	float: left;
-	margin-top: 0;
-	margin-bottom: 0;
-	margin-left: 0;
-	margin-right: 0;
-}
-
-div.statcounter dt {
-	width: 200px;
-	text-align: center;
-	font-weight: bold;
-	border: 0.5px solid #000000;
-	background-color: #8080ff;
-	color: #ffffff;
-}
-
-div.statcounter dd {
-	width: 200px;
-	text-align: right;
-	border: 0.5px solid #000000;
-	background-color: teal;
-	color: #ffffff;
-	margin-left: 0;
-	margin-right: 0;
-}
-
-div.statcounter br {
-	clear: left;
-}
-        </style>
-        <title>BIND 9 Statistics</title>
-      </head>
-      <body>
-	<div class="header">
-	  <h1>Bind 9 Configuration and Statistics</h1>
-	</div>
-
-	<br/>
-
-	<table>
-	  <tr class="rowh"><th colspan="2">Times</th></tr>
-	  <tr class="lrow">
-	    <td>boot-time</td>
-	    <td><xsl:value-of select="server/boot-time"/></td>
-	  </tr>
-	  <tr class="lrow">
-	    <td>current-time</td>
-	    <td><xsl:value-of select="server/current-time"/></td>
-	  </tr>
-	</table>
-
-	<br/>
-
-	<table>
-	  <tr class="rowh"><th colspan="2">Incoming Requests</th></tr>
-	  <xsl:for-each select="server/requests/opcode">
-	    <tr class="lrow">
-	      <td><xsl:value-of select="name"/></td>
-	      <td><xsl:value-of select="counter"/></td>
-	    </tr>
-	  </xsl:for-each>
-	</table>
-
-	<br/>
-
-	<table>
-	  <tr class="rowh"><th colspan="2">Incoming Queries</th></tr>
-	  <xsl:for-each select="server/queries-in/rdtype">
-	    <tr class="lrow">
-	      <td><xsl:value-of select="name"/></td>
-	      <td><xsl:value-of select="counter"/></td>
-	    </tr>
-	  </xsl:for-each>
-	</table>
-
-	<br/>
-
-	<xsl:for-each select="views/view">
-	  <table>
-	    <tr class="rowh">
-	      <th colspan="2">Outgoing Queries from View <xsl:value-of select="name"/></th>
-	    </tr>
-	    <xsl:for-each select="rdtype">
-	      <tr class="lrow">
-		<td><xsl:value-of select="name"/></td>
-		<td><xsl:value-of select="counter"/></td>
-	      </tr>
-	    </xsl:for-each>
-	  </table>
-	  <br/>
-	</xsl:for-each>
-
-	<br/>
-
-	<div class="statcounter">
-	  <h2>Server Statistics</h2>
-	  <xsl:for-each select="server/nsstat">
-	    <dl>
-	      <dt><xsl:value-of select="name"/></dt>
-	      <dd><xsl:value-of select="counter"/></dd>
-	    </dl>
-	  </xsl:for-each>
-	  <br/>
-	</div>
-
-	<div class="statcounter">
-	  <h2>Zone Maintenance Statistics</h2>
-	  <xsl:for-each select="server/zonestat">
-	    <dl>
-	      <dt><xsl:value-of select="name"/></dt>
-	      <dd><xsl:value-of select="counter"/></dd>
-	    </dl>
-	  </xsl:for-each>
-	  <br />
-	</div>
-
-	<div class="statcounter">
-	  <h2>Resolver Statistics (Common)</h2>
-	  <xsl:for-each select="server/resstat">
-	    <dl>
-	      <dt><xsl:value-of select="name"/></dt>
-	      <dd><xsl:value-of select="counter"/></dd>
-	    </dl>
-	  </xsl:for-each>
-	  <br />
-	</div>
-
-	<xsl:for-each select="views/view">
-	  <div class="statcounter">
-	    <h2>Resolver Statistics for View <xsl:value-of select="name"/></h2>
-	    <xsl:for-each select="resstat">
-	      <dl>
-		<dt><xsl:value-of select="name"/></dt>
-		<dd><xsl:value-of select="counter"/></dd>
-	      </dl>
-	    </xsl:for-each>
-	    <br />
-	  </div>
-	</xsl:for-each>
-
-	<br />
-
-	<xsl:for-each select="views/view">
-	  <table>
-	    <tr class="rowh">
-	      <th colspan="2">Cache DB RRsets for View <xsl:value-of select="name"/></th>
-	    </tr>
-	    <xsl:for-each select="cache/rrset">
-	      <tr class="lrow">
-		<td><xsl:value-of select="name"/></td>
-		<td><xsl:value-of select="counter"/></td>
-	      </tr>
-	    </xsl:for-each>
-	  </table>
-	  <br/>
-	</xsl:for-each>
-
-	<div class="statcounter">
-	  <h2>Socket I/O Statistics</h2>
-	  <xsl:for-each select="server/sockstat">
-	    <dl>
-	      <dt><xsl:value-of select="name"/></dt>
-	      <dd><xsl:value-of select="counter"/></dd>
-	    </dl>
-	  </xsl:for-each>
-	  <br/>
-	</div>
-
-	<br/>
-
-        <xsl:for-each select="views/view">
-          <table>
-            <tr class="rowh">
-              <th colspan="10">Zones for View <xsl:value-of select="name"/></th>
-            </tr>
-            <tr class="rowh">
-              <th>Name</th>
-              <th>Class</th>
-              <th>Serial</th>
-              <th>Success</th>
-              <th>Referral</th>
-              <th>NXRRSET</th>
-              <th>NXDOMAIN</th>
-              <th>Failure</th>
-	      <th>XfrReqDone</th>
-	      <th>XfrRej</th>
-            </tr>
-            <xsl:for-each select="zones/zone">
-              <tr class="lrow">
-                <td>
-                  <xsl:value-of select="name"/>
-                </td>
-                <td>
-                  <xsl:value-of select="rdataclass"/>
-                </td>
-                <td>
-                  <xsl:value-of select="serial"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/QrySuccess"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/QryReferral"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/QryNxrrset"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/QryNXDOMAIN"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/QryFailure"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/XfrReqDone"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/XfrRej"/>
-                </td>
-              </tr>
-            </xsl:for-each>
-          </table>
-          <br/>
-        </xsl:for-each>
-
-        <br/>
-
-        <table>
-          <tr class="rowh">
-            <th colspan="7">Network Status</th>
-          </tr>
-          <tr class="rowh">
-            <th>ID</th>
-	    <th>Name</th>
-            <th>Type</th>
-            <th>References</th>
-            <th>LocalAddress</th>
-            <th>PeerAddress</th>
-            <th>State</th>
-          </tr>
-          <xsl:for-each select="socketmgr/sockets/socket">
-            <tr class="lrow">
-              <td>
-                <xsl:value-of select="id"/>
-              </td>
-              <td>
-                <xsl:value-of select="name"/>
-              </td>
-              <td>
-                <xsl:value-of select="type"/>
-              </td>
-              <td>
-                <xsl:value-of select="references"/>
-              </td>
-              <td>
-                <xsl:value-of select="local-address"/>
-              </td>
-              <td>
-                <xsl:value-of select="peer-address"/>
-              </td>
-              <td>
-                <xsl:for-each select="states">
-                  <xsl:value-of select="."/>
-                </xsl:for-each>
-              </td>
-            </tr>
-          </xsl:for-each>
-        </table>
-        <br/>
-        <table>
-          <tr class="rowh">
-            <th colspan="2">Task Manager Configuration</th>
-          </tr>
-          <tr class="lrow">
-            <td>Thread-Model</td>
-            <td>
-              <xsl:value-of select="taskmgr/thread-model/type"/>
-            </td>
-          </tr>
-          <tr class="lrow">
-            <td>Worker Threads</td>
-            <td>
-              <xsl:value-of select="taskmgr/thread-model/worker-threads"/>
-            </td>
-          </tr>
-          <tr class="lrow">
-            <td>Default Quantum</td>
-            <td>
-              <xsl:value-of select="taskmgr/thread-model/default-quantum"/>
-            </td>
-          </tr>
-          <tr class="lrow">
-            <td>Tasks Running</td>
-            <td>
-              <xsl:value-of select="taskmgr/thread-model/tasks-running"/>
-            </td>
-          </tr>
-        </table>
-        <br/>
-        <table>
-          <tr class="rowh">
-            <th colspan="5">Tasks</th>
-          </tr>
-          <tr class="rowh">
-            <th>ID</th>
-            <th>Name</th>
-            <th>References</th>
-            <th>State</th>
-            <th>Quantum</th>
-          </tr>
-          <xsl:for-each select="taskmgr/tasks/task">
-            <tr class="lrow">
-              <td>
-                <xsl:value-of select="id"/>
-              </td>
-              <td>
-                <xsl:value-of select="name"/>
-              </td>
-              <td>
-                <xsl:value-of select="references"/>
-              </td>
-              <td>
-                <xsl:value-of select="state"/>
-              </td>
-              <td>
-                <xsl:value-of select="quantum"/>
-              </td>
-            </tr>
-          </xsl:for-each>
-        </table>
-	<br />
-	<table>
-          <tr class="rowh">
-            <th colspan="4">Memory Usage Summary</th>
-          </tr>
-	  <xsl:for-each select="memory/summary/*">
-	    <tr class="lrow">
-	      <td><xsl:value-of select="name()"/></td>
-	      <td><xsl:value-of select="."/></td>
-	    </tr>
-	  </xsl:for-each>
-	</table>
-	<br />
-	<table>
-          <tr class="rowh">
-            <th colspan="10">Memory Contexts</th>
-          </tr>
-	  <tr class="rowh">
-	    <th>ID</th>
-	    <th>Name</th>
-	    <th>References</th>
-	    <th>TotalUse</th>
-	    <th>InUse</th>
-	    <th>MaxUse</th>
-	    <th>BlockSize</th>
-	    <th>Pools</th>
-	    <th>HiWater</th>
-	    <th>LoWater</th>
-	  </tr>
-	  <xsl:for-each select="memory/contexts/context">
-	    <tr class="lrow">
-	      <td>
-		<xsl:value-of select="id"/>
-	      </td>
-              <td>
-                <xsl:value-of select="name"/>
-              </td>
-	      <td>
-		<xsl:value-of select="references"/>
-	      </td>
-	      <td>
-		<xsl:value-of select="total"/>
-	      </td>
-	      <td>
-		<xsl:value-of select="inuse"/>
-	      </td>
-	      <td>
-		<xsl:value-of select="maxinuse"/>
-	      </td>
-	      <td>
-		<xsl:value-of select="blocksize"/>
-	      </td>
-	      <td>
-		<xsl:value-of select="pools"/>
-	      </td>
-	      <td>
-		<xsl:value-of select="hiwater"/>
-	      </td>
-	      <td>
-		<xsl:value-of select="lowater"/>
-	      </td>
-	    </tr>
-	  </xsl:for-each>
-	</table>
-
-      </body>
-    </html>
-  </xsl:template>
-</xsl:stylesheet>

bin/named/bind9.xsl.h

@@ -1,497 +0,0 @@
-/*
- * Generated by convertxsl.pl 1.14 2008-07-17 23:43:26 jinmei Exp  
- * From bind9.xsl 1.19.82.2 2009-01-29 23:47:43 tbox Exp 
- */
-static char xslmsg[] =
-	"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
-	"<!--\n"
-	" - Copyright (C) 2006-2009 Internet Systems Consortium, Inc. (\"ISC\")\n"
-	" -\n"
-	" - Permission to use, copy, modify, and/or distribute this software for any\n"
-	" - purpose with or without fee is hereby granted, provided that the above\n"
-	" - copyright notice and this permission notice appear in all copies.\n"
-	" -\n"
-	" - THE SOFTWARE IS PROVIDED \"AS IS\" AND ISC DISCLAIMS ALL WARRANTIES WITH\n"
-	" - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY\n"
-	" - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,\n"
-	" - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM\n"
-	" - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE\n"
-	" - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR\n"
-	" - PERFORMANCE OF THIS SOFTWARE.\n"
-	"-->\n"
-	"\n"
-	"<!-- \045Id: bind9.xsl,v 1.19.82.2 2009-01-29 23:47:43 tbox Exp \045 -->\n"
-	"\n"
-	"<xsl:stylesheet version=\"1.0\"\n"
-	" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"\n"
-	" xmlns=\"http://www.w3.org/1999/xhtml\">\n"
-	" <xsl:template match=\"isc/bind/statistics\">\n"
-	" <html>\n"
-	" <head>\n"
-	" <style type=\"text/css\">\n"
-	"body {\n"
-	" font-family: sans-serif;\n"
-	" background-color: #ffffff;\n"
-	" color: #000000;\n"
-	"}\n"
-	"\n"
-	"table {\n"
-	" border-collapse: collapse;\n"
-	"}\n"
-	"\n"
-	"tr.rowh {\n"
-	" text-align: center;\n"
-	" border: 1px solid #000000;\n"
-	" background-color: #8080ff;\n"
-	" color: #ffffff;\n"
-	"}\n"
-	"\n"
-	"tr.row {\n"
-	" text-align: right;\n"
-	" border: 1px solid #000000;\n"
-	" background-color: teal;\n"
-	" color: #ffffff;\n"
-	"}\n"
-	"\n"
-	"tr.lrow {\n"
-	" text-align: left;\n"
-	" border: 1px solid #000000;\n"
-	" background-color: teal;\n"
-	" color: #ffffff;\n"
-	"}\n"
-	"\n"
-	"td, th {\n"
-	" padding-right: 5px;\n"
-	" padding-left: 5px;\n"
-	"}\n"
-	"\n"
-	".header h1 {\n"
-	" background-color: teal;\n"
-	" color: #ffffff;\n"
-	" padding: 4px;\n"
-	"}\n"
-	"\n"
-	".content {\n"
-	" background-color: #ffffff;\n"
-	" color: #000000;\n"
-	" padding: 4px;\n"
-	"}\n"
-	"\n"
-	".item {\n"
-	" padding: 4px;\n"
-	" align: right;\n"
-	"}\n"
-	"\n"
-	".value {\n"
-	" padding: 4px;\n"
-	" font-weight: bold;\n"
-	"}\n"
-	"\n"
-	"div.statcounter h2 {\n"
-	" text-align: center;\n"
-	" font-size: large;\n"
-	" border: 1px solid #000000;\n"
-	" background-color: #8080ff;\n"
-	" color: #ffffff;\n"
-	"}\n"
-	"\n"
-	"div.statcounter dl {\n"
-	" float: left;\n"
-	" margin-top: 0;\n"
-	" margin-bottom: 0;\n"
-	" margin-left: 0;\n"
-	" margin-right: 0;\n"
-	"}\n"
-	"\n"
-	"div.statcounter dt {\n"
-	" width: 200px;\n"
-	" text-align: center;\n"
-	" font-weight: bold;\n"
-	" border: 0.5px solid #000000;\n"
-	" background-color: #8080ff;\n"
-	" color: #ffffff;\n"
-	"}\n"
-	"\n"
-	"div.statcounter dd {\n"
-	" width: 200px;\n"
-	" text-align: right;\n"
-	" border: 0.5px solid #000000;\n"
-	" background-color: teal;\n"
-	" color: #ffffff;\n"
-	" margin-left: 0;\n"
-	" margin-right: 0;\n"
-	"}\n"
-	"\n"
-	"div.statcounter br {\n"
-	" clear: left;\n"
-	"}\n"
-	" </style>\n"
-	" <title>BIND 9 Statistics</title>\n"
-	" </head>\n"
-	" <body>\n"
-	" <div class=\"header\">\n"
-	" <h1>Bind 9 Configuration and Statistics</h1>\n"
-	" </div>\n"
-	"\n"
-	" <br/>\n"
-	"\n"
-	" <table>\n"
-	" <tr class=\"rowh\"><th colspan=\"2\">Times</th></tr>\n"
-	" <tr class=\"lrow\">\n"
-	" <td>boot-time</td>\n"
-	" <td><xsl:value-of select=\"server/boot-time\"/></td>\n"
-	" </tr>\n"
-	" <tr class=\"lrow\">\n"
-	" <td>current-time</td>\n"
-	" <td><xsl:value-of select=\"server/current-time\"/></td>\n"
-	" </tr>\n"
-	" </table>\n"
-	"\n"
-	" <br/>\n"
-	"\n"
-	" <table>\n"
-	" <tr class=\"rowh\"><th colspan=\"2\">Incoming Requests</th></tr>\n"
-	" <xsl:for-each select=\"server/requests/opcode\">\n"
-	" <tr class=\"lrow\">\n"
-	" <td><xsl:value-of select=\"name\"/></td>\n"
-	" <td><xsl:value-of select=\"counter\"/></td>\n"
-	" </tr>\n"
-	" </xsl:for-each>\n"
-	" </table>\n"
-	"\n"
-	" <br/>\n"
-	"\n"
-	" <table>\n"
-	" <tr class=\"rowh\"><th colspan=\"2\">Incoming Queries</th></tr>\n"
-	" <xsl:for-each select=\"server/queries-in/rdtype\">\n"
-	" <tr class=\"lrow\">\n"
-	" <td><xsl:value-of select=\"name\"/></td>\n"
-	" <td><xsl:value-of select=\"counter\"/></td>\n"
-	" </tr>\n"
-	" </xsl:for-each>\n"
-	" </table>\n"
-	"\n"
-	" <br/>\n"
-	"\n"
-	" <xsl:for-each select=\"views/view\">\n"
-	" <table>\n"
-	" <tr class=\"rowh\">\n"
-	" <th colspan=\"2\">Outgoing Queries from View <xsl:value-of select=\"name\"/></th>\n"
-	" </tr>\n"
-	" <xsl:for-each select=\"rdtype\">\n"
-	" <tr class=\"lrow\">\n"
-	" <td><xsl:value-of select=\"name\"/></td>\n"
-	" <td><xsl:value-of select=\"counter\"/></td>\n"
-	" </tr>\n"
-	" </xsl:for-each>\n"
-	" </table>\n"
-	" <br/>\n"
-	" </xsl:for-each>\n"
-	"\n"
-	" <br/>\n"
-	"\n"
-	" <div class=\"statcounter\">\n"
-	" <h2>Server Statistics</h2>\n"
-	" <xsl:for-each select=\"server/nsstat\">\n"
-	" <dl>\n"
-	" <dt><xsl:value-of select=\"name\"/></dt>\n"
-	" <dd><xsl:value-of select=\"counter\"/></dd>\n"
-	" </dl>\n"
-	" </xsl:for-each>\n"
-	" <br/>\n"
-	" </div>\n"
-	"\n"
-	" <div class=\"statcounter\">\n"
-	" <h2>Zone Maintenance Statistics</h2>\n"
-	" <xsl:for-each select=\"server/zonestat\">\n"
-	" <dl>\n"
-	" <dt><xsl:value-of select=\"name\"/></dt>\n"
-	" <dd><xsl:value-of select=\"counter\"/></dd>\n"
-	" </dl>\n"
-	" </xsl:for-each>\n"
-	" <br />\n"
-	" </div>\n"
-	"\n"
-	" <div class=\"statcounter\">\n"
-	" <h2>Resolver Statistics (Common)</h2>\n"
-	" <xsl:for-each select=\"server/resstat\">\n"
-	" <dl>\n"
-	" <dt><xsl:value-of select=\"name\"/></dt>\n"
-	" <dd><xsl:value-of select=\"counter\"/></dd>\n"
-	" </dl>\n"
-	" </xsl:for-each>\n"
-	" <br />\n"
-	" </div>\n"
-	"\n"
-	" <xsl:for-each select=\"views/view\">\n"
-	" <div class=\"statcounter\">\n"
-	" <h2>Resolver Statistics for View <xsl:value-of select=\"name\"/></h2>\n"
-	" <xsl:for-each select=\"resstat\">\n"
-	" <dl>\n"
-	" <dt><xsl:value-of select=\"name\"/></dt>\n"
-	" <dd><xsl:value-of select=\"counter\"/></dd>\n"
-	" </dl>\n"
-	" </xsl:for-each>\n"
-	" <br />\n"
-	" </div>\n"
-	" </xsl:for-each>\n"
-	"\n"
-	" <br />\n"
-	"\n"
-	" <xsl:for-each select=\"views/view\">\n"
-	" <table>\n"
-	" <tr class=\"rowh\">\n"
-	" <th colspan=\"2\">Cache DB RRsets for View <xsl:value-of select=\"name\"/></th>\n"
-	" </tr>\n"
-	" <xsl:for-each select=\"cache/rrset\">\n"
-	" <tr class=\"lrow\">\n"
-	" <td><xsl:value-of select=\"name\"/></td>\n"
-	" <td><xsl:value-of select=\"counter\"/></td>\n"
-	" </tr>\n"
-	" </xsl:for-each>\n"
-	" </table>\n"
-	" <br/>\n"
-	" </xsl:for-each>\n"
-	"\n"
-	" <div class=\"statcounter\">\n"
-	" <h2>Socket I/O Statistics</h2>\n"
-	" <xsl:for-each select=\"server/sockstat\">\n"
-	" <dl>\n"
-	" <dt><xsl:value-of select=\"name\"/></dt>\n"
-	" <dd><xsl:value-of select=\"counter\"/></dd>\n"
-	" </dl>\n"
-	" </xsl:for-each>\n"
-	" <br/>\n"
-	" </div>\n"
-	"\n"
-	" <br/>\n"
-	"\n"
-	" <xsl:for-each select=\"views/view\">\n"
-	" <table>\n"
-	" <tr class=\"rowh\">\n"
-	" <th colspan=\"10\">Zones for View <xsl:value-of select=\"name\"/></th>\n"
-	" </tr>\n"
-	" <tr class=\"rowh\">\n"
-	" <th>Name</th>\n"
-	" <th>Class</th>\n"
-	" <th>Serial</th>\n"
-	" <th>Success</th>\n"
-	" <th>Referral</th>\n"
-	" <th>NXRRSET</th>\n"
-	" <th>NXDOMAIN</th>\n"
-	" <th>Failure</th>\n"
-	" <th>XfrReqDone</th>\n"
-	" <th>XfrRej</th>\n"
-	" </tr>\n"
-	" <xsl:for-each select=\"zones/zone\">\n"
-	" <tr class=\"lrow\">\n"
-	" <td>\n"
-	" <xsl:value-of select=\"name\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"rdataclass\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"serial\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"counters/QrySuccess\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"counters/QryReferral\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"counters/QryNxrrset\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"counters/QryNXDOMAIN\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"counters/QryFailure\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"counters/XfrReqDone\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"counters/XfrRej\"/>\n"
-	" </td>\n"
-	" </tr>\n"
-	" </xsl:for-each>\n"
-	" </table>\n"
-	" <br/>\n"
-	" </xsl:for-each>\n"
-	"\n"
-	" <br/>\n"
-	"\n"
-	" <table>\n"
-	" <tr class=\"rowh\">\n"
-	" <th colspan=\"7\">Network Status</th>\n"
-	" </tr>\n"
-	" <tr class=\"rowh\">\n"
-	" <th>ID</th>\n"
-	" <th>Name</th>\n"
-	" <th>Type</th>\n"
-	" <th>References</th>\n"
-	" <th>LocalAddress</th>\n"
-	" <th>PeerAddress</th>\n"
-	" <th>State</th>\n"
-	" </tr>\n"
-	" <xsl:for-each select=\"socketmgr/sockets/socket\">\n"
-	" <tr class=\"lrow\">\n"
-	" <td>\n"
-	" <xsl:value-of select=\"id\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"name\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"type\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"references\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"local-address\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"peer-address\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:for-each select=\"states\">\n"
-	" <xsl:value-of select=\".\"/>\n"
-	" </xsl:for-each>\n"
-	" </td>\n"
-	" </tr>\n"
-	" </xsl:for-each>\n"
-	" </table>\n"
-	" <br/>\n"
-	" <table>\n"
-	" <tr class=\"rowh\">\n"
-	" <th colspan=\"2\">Task Manager Configuration</th>\n"
-	" </tr>\n"
-	" <tr class=\"lrow\">\n"
-	" <td>Thread-Model</td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"taskmgr/thread-model/type\"/>\n"
-	" </td>\n"
-	" </tr>\n"
-	" <tr class=\"lrow\">\n"
-	" <td>Worker Threads</td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"taskmgr/thread-model/worker-threads\"/>\n"
-	" </td>\n"
-	" </tr>\n"
-	" <tr class=\"lrow\">\n"
-	" <td>Default Quantum</td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"taskmgr/thread-model/default-quantum\"/>\n"
-	" </td>\n"
-	" </tr>\n"
-	" <tr class=\"lrow\">\n"
-	" <td>Tasks Running</td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"taskmgr/thread-model/tasks-running\"/>\n"
-	" </td>\n"
-	" </tr>\n"
-	" </table>\n"
-	" <br/>\n"
-	" <table>\n"
-	" <tr class=\"rowh\">\n"
-	" <th colspan=\"5\">Tasks</th>\n"
-	" </tr>\n"
-	" <tr class=\"rowh\">\n"
-	" <th>ID</th>\n"
-	" <th>Name</th>\n"
-	" <th>References</th>\n"
-	" <th>State</th>\n"
-	" <th>Quantum</th>\n"
-	" </tr>\n"
-	" <xsl:for-each select=\"taskmgr/tasks/task\">\n"
-	" <tr class=\"lrow\">\n"
-	" <td>\n"
-	" <xsl:value-of select=\"id\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"name\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"references\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"state\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"quantum\"/>\n"
-	" </td>\n"
-	" </tr>\n"
-	" </xsl:for-each>\n"
-	" </table>\n"
-	" <br />\n"
-	" <table>\n"
-	" <tr class=\"rowh\">\n"
-	" <th colspan=\"4\">Memory Usage Summary</th>\n"
-	" </tr>\n"
-	" <xsl:for-each select=\"memory/summary/*\">\n"
-	" <tr class=\"lrow\">\n"
-	" <td><xsl:value-of select=\"name()\"/></td>\n"
-	" <td><xsl:value-of select=\".\"/></td>\n"
-	" </tr>\n"
-	" </xsl:for-each>\n"
-	" </table>\n"
-	" <br />\n"
-	" <table>\n"
-	" <tr class=\"rowh\">\n"
-	" <th colspan=\"10\">Memory Contexts</th>\n"
-	" </tr>\n"
-	" <tr class=\"rowh\">\n"
-	" <th>ID</th>\n"
-	" <th>Name</th>\n"
-	" <th>References</th>\n"
-	" <th>TotalUse</th>\n"
-	" <th>InUse</th>\n"
-	" <th>MaxUse</th>\n"
-	" <th>BlockSize</th>\n"
-	" <th>Pools</th>\n"
-	" <th>HiWater</th>\n"
-	" <th>LoWater</th>\n"
-	" </tr>\n"
-	" <xsl:for-each select=\"memory/contexts/context\">\n"
-	" <tr class=\"lrow\">\n"
-	" <td>\n"
-	" <xsl:value-of select=\"id\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"name\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"references\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"total\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"inuse\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"maxinuse\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"blocksize\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"pools\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"hiwater\"/>\n"
-	" </td>\n"
-	" <td>\n"
-	" <xsl:value-of select=\"lowater\"/>\n"
-	" </td>\n"
-	" </tr>\n"
-	" </xsl:for-each>\n"
-	" </table>\n"
-	"\n"
-	" </body>\n"
-	" </html>\n"
-	" </xsl:template>\n"
-	"</xsl:stylesheet>\n";

bin/named/builtin.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: builtin.c,v 1.12.334.3 2010/08/03 23:45:47 tbox Exp $ */
+/* $Id: builtin.c,v 1.5.18.5 2005/08/23 04:12:38 marka Exp $ */
 
 /*! \file
  * \brief
@@ -95,7 +95,7 @@ put_txt(dns_sdblookup_t *lookup, const char *text) {
 
 static isc_result_t
 do_version_lookup(dns_sdblookup_t *lookup) {
-	if (ns_g_server->version_set) {
+	if (ns_g_server->version_set) {	
 		if (ns_g_server->version == NULL)
 			return (ISC_R_SUCCESS);
 		else
@@ -132,7 +132,6 @@ do_authors_lookup(dns_sdblookup_t *lookup) {
 		"Michael Graff",
 		"Andreas Gustafsson",
 		"Bob Halley",
-		"JINMEI Tatuya",
 		"David Lawrence",
 		"Danny Mayer",
 		"Damien Neil",
@@ -199,7 +198,7 @@ builtin_authority(const char *zone, void *dbdata, dns_sdblookup_t *lookup) {
 		if (b->contact != NULL)
 			contact = b->contact;
 	}
-
+	
 	result = dns_sdb_putsoa(lookup, server, contact, 0);
 	if (result != ISC_R_SUCCESS)
 		return (ISC_R_FAILURE);
@@ -234,7 +233,7 @@ builtin_create(const char *zone, int argc, char **argv,
 		*dbdata = &authors_builtin;
 	else if (strcmp(argv[0], "id") == 0)
 		*dbdata = &id_builtin;
-	else if (strcmp(argv[0], "empty") == 0) {
+	else if (strcmp(argv[0], "empty") == 0) { 
 		builtin_t *empty;
 		char *server;
 		char *contact;

bin/named/client.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.259.12.7 2011/05/06 23:45:55 tbox Exp $ */
+/* $Id: client.c,v 1.219.18.20 2006/07/22 01:02:36 marka Exp $ */
 
 #include <config.h>
 
@@ -24,7 +24,6 @@
 #include <isc/once.h>
 #include <isc/platform.h>
 #include <isc/print.h>
-#include <isc/stats.h>
 #include <isc/stdio.h>
 #include <isc/string.h>
 #include <isc/task.h>
@@ -42,7 +41,6 @@
 #include <dns/rdatalist.h>
 #include <dns/rdataset.h>
 #include <dns/resolver.h>
-#include <dns/stats.h>
 #include <dns/tsig.h>
 #include <dns/view.h>
 #include <dns/zone.h>
@@ -50,7 +48,6 @@
 #include <named/interfacemgr.h>
 #include <named/log.h>
 #include <named/notify.h>
-#include <named/os.h>
 #include <named/server.h>
 #include <named/update.h>
 
@@ -122,9 +119,9 @@ struct ns_clientmgr {
 	isc_mutex_t			lock;
 	/* Locked by lock. */
 	isc_boolean_t			exiting;
-	client_list_t			active;		/*%< Active clients */
-	client_list_t			recursing;	/*%< Recursing clients */
-	client_list_t			inactive;	/*%< To be recycled */
+	client_list_t			active; 	/*%< Active clients */
+	client_list_t			recursing; 	/*%< Recursing clients */
+	client_list_t 			inactive;	/*%< To be recycled */
 #if NMCTXS > 0
 	/*%< mctx pool for clients. */
 	unsigned int			nextmctx;
@@ -135,7 +132,7 @@ struct ns_clientmgr {
 #define MANAGER_MAGIC			ISC_MAGIC('N', 'S', 'C', 'm')
 #define VALID_MANAGER(m)		ISC_MAGIC_VALID(m, MANAGER_MAGIC)
 
-/*!
+/*! 
  * Client object states.  Ordering is significant: higher-numbered
  * states are generally "more active", meaning that the client can
  * have more dynamically allocated data, outstanding events, etc.
@@ -289,7 +286,7 @@ exit_check(ns_client_t *client) {
 	 *
 	 * Keep the view attached until any outstanding updates complete.
 	 */
-	if (client->nupdates == 0 &&
+	if (client->nupdates == 0 && 
 	    client->newstate == NS_CLIENTSTATE_FREED && client->view != NULL)
 		dns_view_detach(&client->view);
 
@@ -466,8 +463,6 @@ exit_check(ns_client_t *client) {
 
 		if (client->state == client->newstate) {
 			client->newstate = NS_CLIENTSTATE_MAX;
-			if (client->needshutdown)
-				isc_task_shutdown(client->task);
 			goto unlock;
 		}
 	}
@@ -524,14 +519,6 @@ exit_check(ns_client_t *client) {
 
 		CTRACE("free");
 		client->magic = 0;
-		/*
-		 * Check that there are no other external references to
-		 * the memory context.
-		 */
-		if (ns_g_clienttest && isc_mem_references(client->mctx) != 1) {
-			isc_mem_stats(client->mctx, stderr);
-			INSIST(0);
-		}
 		isc_mem_putanddetach(&client->mctx, client, sizeof(*client));
 
 		goto unlock;
@@ -605,7 +592,6 @@ client_shutdown(isc_task_t *task, isc_event_t *event) {
 	}
 
 	client->newstate = NS_CLIENTSTATE_FREED;
-	client->needshutdown = ISC_FALSE;
 	(void)exit_check(client);
 }
 
@@ -633,7 +619,6 @@ ns_client_endrequest(ns_client_t *client) {
 		dns_message_puttemprdataset(client->message, &client->opt);
 	}
 
-	client->signer = NULL;
 	client->udpsize = 512;
 	client->extflags = 0;
 	client->ednsversion = -1;
@@ -655,11 +640,11 @@ ns_client_checkactive(ns_client_t *client) {
 		/*
 		 * This client object should normally go inactive
 		 * at this point, but if we have fewer active client
-		 * objects than desired due to earlier quota exhaustion,
+		 * objects than  desired due to earlier quota exhaustion,
 		 * keep it active to make up for the shortage.
 		 */
 		isc_boolean_t need_another_client = ISC_FALSE;
-		if (TCP_CLIENT(client) && !ns_g_clienttest) {
+		if (TCP_CLIENT(client)) {
 			LOCK(&client->interface->lock);
 			if (client->interface->ntcpcurrent <
 			    client->interface->ntcptarget)
@@ -832,7 +817,7 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
 		isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
 		if (ns_g_server->blackholeacl != NULL &&
 		    dns_acl_match(&netaddr, NULL,
-				  ns_g_server->blackholeacl,
+			    	  ns_g_server->blackholeacl,
 				  &ns_g_server->aclenv,
 				  &match, NULL) == ISC_R_SUCCESS &&
 		    match > 0)
@@ -849,7 +834,7 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
 	isc_buffer_usedregion(buffer, &r);
 
 	CTRACE("sendto");
-
+	
 	result = isc_socket_sendto2(socket, &r, client->task,
 				    address, pktinfo,
 				    client->sendevent, sockflags);
@@ -921,7 +906,6 @@ ns_client_send(ns_client_t *client) {
 	unsigned char sendbuf[SEND_BUFFER_SIZE];
 	unsigned int dnssec_opts;
 	unsigned int preferred_glue;
-	isc_boolean_t opt_included = ISC_FALSE;
 
 	REQUIRE(NS_CLIENT_VALID(client));
 
@@ -959,10 +943,11 @@ ns_client_send(ns_client_t *client) {
 	result = dns_message_renderbegin(client->message, &cctx, &buffer);
 	if (result != ISC_R_SUCCESS)
 		goto done;
-
 	if (client->opt != NULL) {
 		result = dns_message_setopt(client->message, client->opt);
-		opt_included = ISC_TRUE;
+		/*
+		 * XXXRTH dns_message_setopt() should probably do this...
+		 */
 		client->opt = NULL;
 		if (result != ISC_R_SUCCESS)
 			goto done;
@@ -1018,25 +1003,6 @@ ns_client_send(ns_client_t *client) {
 		result = client_sendpkg(client, &tcpbuffer);
 	} else
 		result = client_sendpkg(client, &buffer);
-
-	/* update statistics (XXXJT: is it okay to access message->xxxkey?) */
-	isc_stats_increment(ns_g_server->nsstats, dns_nsstatscounter_response);
-	if (opt_included) {
-		isc_stats_increment(ns_g_server->nsstats,
-				    dns_nsstatscounter_edns0out);
-	}
-	if (client->message->tsigkey != NULL) {
-		isc_stats_increment(ns_g_server->nsstats,
-				    dns_nsstatscounter_tsigout);
-	}
-	if (client->message->sig0key != NULL) {
-		isc_stats_increment(ns_g_server->nsstats,
-				    dns_nsstatscounter_sig0out);
-	}
-	if ((client->message->flags & DNS_MESSAGEFLAG_TC) != 0)
-		isc_stats_increment(ns_g_server->nsstats,
-				    dns_nsstatscounter_truncatedresp);
-
 	if (result == ISC_R_SUCCESS)
 		return;
 
@@ -1142,8 +1108,8 @@ ns_client_error(ns_client_t *client, isc_result_t result) {
 	/*
 	 * FORMERR loop avoidance:  If we sent a FORMERR message
 	 * with the same ID to the same client less than two
-	 * seconds ago, assume that we are in an infinite error
-	 * packet dialog with a server for some protocol whose
+	 * seconds ago, assume that we are in an infinite error 
+	 * packet dialog with a server for some protocol whose 
 	 * error responses look enough like DNS queries to
 	 * elicit a FORMERR response.  Drop a packet to break
 	 * the loop.
@@ -1213,46 +1179,11 @@ client_addopt(ns_client_t *client) {
 	 */
 	rdatalist->ttl = (client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE);
 
-	/* Set EDNS options if applicable */
-	if (client->attributes & NS_CLIENTATTR_WANTNSID &&
-	    (ns_g_server->server_id != NULL ||
-	     ns_g_server->server_usehostname)) {
-		/*
-		 * Space required for NSID data:
-		 *   2 bytes for opt code
-		 * + 2 bytes for NSID length
-		 * + NSID itself
-		 */
-		char nsid[BUFSIZ], *nsidp;
-		isc_buffer_t *buffer = NULL;
-
-		if (ns_g_server->server_usehostname) {
-			isc_result_t result;
-			result = ns_os_gethostname(nsid, sizeof(nsid));
-			if (result != ISC_R_SUCCESS) {
-				goto no_nsid;
-			}
-			nsidp = nsid;
-		} else
-			nsidp = ns_g_server->server_id;
-
-		rdata->length = strlen(nsidp) + 4;
-		result = isc_buffer_allocate(client->mctx, &buffer,
-					     rdata->length);
-		if (result != ISC_R_SUCCESS)
-			goto no_nsid;
-
-		isc_buffer_putuint16(buffer, DNS_OPT_NSID);
-		isc_buffer_putuint16(buffer, strlen(nsidp));
-		isc_buffer_putstr(buffer, nsidp);
-		rdata->data = buffer->base;
-		dns_message_takebuffer(client->message, &buffer);
-	} else {
-no_nsid:
-		rdata->data = NULL;
-		rdata->length = 0;
-	}
-
+	/*
+	 * No ENDS options in the default case.
+	 */
+	rdata->data = NULL;
+	rdata->length = 0;
 	rdata->rdclass = rdatalist->rdclass;
 	rdata->type = rdatalist->type;
 	rdata->flags = 0;
@@ -1287,7 +1218,7 @@ allowed(isc_netaddr_t *addr, dns_name_t *signer, dns_acl_t *acl) {
  * delivered to 'myview'.
  *
  * We run this unlocked as both the view list and the interface list
- * are updated when the appropriate task has exclusivity.
+ * are updated when the approprite task has exclusivity.
  */
 isc_boolean_t
 ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
@@ -1295,8 +1226,7 @@ ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
 		 dns_rdataclass_t rdclass, void *arg)
 {
 	dns_view_t *view;
-	dns_tsigkey_t *key = NULL;
-	dns_name_t *tsig = NULL;
+	dns_tsigkey_t *key;
 	isc_netaddr_t netsrc;
 	isc_netaddr_t netdst;
 
@@ -1311,6 +1241,7 @@ ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
 	for (view = ISC_LIST_HEAD(ns_g_server->viewlist);
 	     view != NULL;
 	     view = ISC_LIST_NEXT(view, link)) {
+		dns_name_t *tsig = NULL;
 
 		if (view->matchrecursiveonly)
 			continue;
@@ -1322,14 +1253,14 @@ ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
 			isc_boolean_t match;
 			isc_result_t result;
 
-			result = dns_view_gettsig(view, &mykey->name, &key);
+			tsig = &mykey->name;
+			result = dns_view_gettsig(view, tsig, &key);
 			if (result != ISC_R_SUCCESS)
 				continue;
 			match = dst_key_compare(mykey->key, key->key);
 			dns_tsigkey_detach(&key);
 			if (!match)
 				continue;
-			tsig = dns_tsigkey_identity(mykey);
 		}
 
 		if (allowed(&netsrc, tsig, view->matchclients) &&
@@ -1353,16 +1284,13 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	isc_buffer_t tbuffer;
 	dns_view_t *view;
 	dns_rdataset_t *opt;
-	dns_name_t *signame;
-	isc_boolean_t ra;	/* Recursion available. */
+	isc_boolean_t ra; 	/* Recursion available. */
 	isc_netaddr_t netaddr;
 	isc_netaddr_t destaddr;
 	int match;
 	dns_messageid_t id;
 	unsigned int flags;
 	isc_boolean_t notimp;
-	dns_rdata_t rdata;
-	isc_uint16_t optcode;
 
 	REQUIRE(event != NULL);
 	client = event->ev_arg;
@@ -1511,20 +1439,6 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		}
 	}
 
-	/*
-	 * Update some statistics counters.  Don't count responses.
-	 */
-	if (isc_sockaddr_pf(&client->peeraddr) == PF_INET) {
-		isc_stats_increment(ns_g_server->nsstats,
-				    dns_nsstatscounter_requestv4);
-	} else {
-		isc_stats_increment(ns_g_server->nsstats,
-				    dns_nsstatscounter_requestv6);
-	}
-	if (TCP_CLIENT(client))
-		isc_stats_increment(ns_g_server->nsstats,
-				    dns_nsstatscounter_tcp);
-
 	/*
 	 * It's a request.  Parse it.
 	 */
@@ -1538,8 +1452,6 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		goto cleanup;
 	}
 
-	dns_opcodestats_increment(ns_g_server->opcodestats,
-				  client->message->opcode);
 	switch (client->message->opcode) {
 	case dns_opcode_query:
 	case dns_opcode_update:
@@ -1587,35 +1499,12 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		 */
 		client->ednsversion = (opt->ttl & 0x00FF0000) >> 16;
 		if (client->ednsversion > 0) {
-			isc_stats_increment(ns_g_server->nsstats,
-					    dns_nsstatscounter_badednsver);
 			result = client_addopt(client);
 			if (result == ISC_R_SUCCESS)
 				result = DNS_R_BADVERS;
 			ns_client_error(client, result);
 			goto cleanup;
 		}
-
-		/* Check for NSID request */
-		result = dns_rdataset_first(opt);
-		if (result == ISC_R_SUCCESS) {
-			dns_rdata_init(&rdata);
-			dns_rdataset_current(opt, &rdata);
-			if (rdata.length >= 2) {
-				isc_buffer_t nsidbuf;
-				isc_buffer_init(&nsidbuf,
-						rdata.data, rdata.length);
-				isc_buffer_add(&nsidbuf, rdata.length);
-				optcode = isc_buffer_getuint16(&nsidbuf);
-				if (optcode == DNS_OPT_NSID)
-					client->attributes |=
-						NS_CLIENTATTR_WANTNSID;
-			}
-		}
-
-		isc_stats_increment(ns_g_server->nsstats,
-				    dns_nsstatscounter_edns0in);
-
 		/*
 		 * Create an OPT for our reply.
 		 */
@@ -1645,7 +1534,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	 * For IPv6 UDP queries, we get this from the pktinfo structure (if
 	 * supported).
 	 * If all the attempts fail (this can happen due to memory shortage,
-	 * etc), we regard this as an error for safety.
+	 * etc), we regard this as an error for safety. 
 	 */
 	if ((client->interface->flags & NS_INTERFACEFLAG_ANYADDR) == 0)
 		isc_netaddr_fromsockaddr(&destaddr, &client->interface->addr);
@@ -1687,7 +1576,6 @@ client_request(isc_task_t *task, isc_event_t *event) {
 					 "failed to get request's "
 					 "destination: %s",
 					 isc_result_totext(result));
-			ns_client_next(client, ISC_R_SUCCESS);
 			goto cleanup;
 		}
 	}
@@ -1702,12 +1590,11 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		    client->message->rdclass == dns_rdataclass_any)
 		{
 			dns_name_t *tsig = NULL;
-
 			sigresult = dns_message_rechecksig(client->message,
 							   view);
 			if (sigresult == ISC_R_SUCCESS)
-				tsig = dns_tsigkey_identity(client->message->tsigkey);
-
+				tsig = client->message->tsigname;
+				
 			if (allowed(&netaddr, tsig, view->matchclients) &&
 			    allowed(&destaddr, tsig, view->matchdestinations) &&
 			    !((client->message->flags & DNS_MESSAGEFLAG_RD)
@@ -1760,17 +1647,6 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	client->signer = NULL;
 	dns_name_init(&client->signername, NULL);
 	result = dns_message_signer(client->message, &client->signername);
-	if (result != ISC_R_NOTFOUND) {
-		signame = NULL;
-		if (dns_message_gettsig(client->message, &signame) != NULL) {
-			isc_stats_increment(ns_g_server->nsstats,
-					    dns_nsstatscounter_tsigin);
-		} else {
-			isc_stats_increment(ns_g_server->nsstats,
-					    dns_nsstatscounter_sig0in);
-		}
-
-	}
 	if (result == ISC_R_SUCCESS) {
 		ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
 			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
@@ -1787,48 +1663,22 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	} else {
 		char tsigrcode[64];
 		isc_buffer_t b;
-		dns_rcode_t status;
-		isc_result_t tresult;
+		dns_name_t *name = NULL;
 
+		isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
+		RUNTIME_CHECK(dns_tsigrcode_totext(client->message->tsigstatus,
+						   &b) == ISC_R_SUCCESS);
+		tsigrcode[isc_buffer_usedlength(&b)] = '\0';
 		/* There is a signature, but it is bad. */
-		isc_stats_increment(ns_g_server->nsstats,
-				    dns_nsstatscounter_invalidsig);
-		signame = NULL;
-		if (dns_message_gettsig(client->message, &signame) != NULL) {
+		if (dns_message_gettsig(client->message, &name) != NULL) {
 			char namebuf[DNS_NAME_FORMATSIZE];
-			char cnamebuf[DNS_NAME_FORMATSIZE];
-			dns_name_format(signame, namebuf, sizeof(namebuf));
-			status = client->message->tsigstatus;
-			isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
-			tresult = dns_tsigrcode_totext(status, &b);
-			INSIST(tresult == ISC_R_SUCCESS);
-			tsigrcode[isc_buffer_usedlength(&b)] = '\0';
-			if (client->message->tsigkey->generated) {
-				dns_name_format(client->message->tsigkey->creator,
-						cnamebuf, sizeof(cnamebuf));
-				ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
-					      NS_LOGMODULE_CLIENT,
-					      ISC_LOG_ERROR,
-					      "request has invalid signature: "
-					      "TSIG %s (%s): %s (%s)", namebuf,
-					      cnamebuf,
-					      isc_result_totext(result),
-					      tsigrcode);
-			} else {
-				ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
-					      NS_LOGMODULE_CLIENT,
-					      ISC_LOG_ERROR,
-					      "request has invalid signature: "
-					      "TSIG %s: %s (%s)", namebuf,
-					      isc_result_totext(result),
-					      tsigrcode);
-			}
+			dns_name_format(name, namebuf, sizeof(namebuf));
+			ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+				      NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
+				      "request has invalid signature: "
+				      "TSIG %s: %s (%s)", namebuf,
+				      isc_result_totext(result), tsigrcode);
 		} else {
-			status = client->message->sig0status;
-			isc_buffer_init(&b, tsigrcode, sizeof(tsigrcode) - 1);
-			tresult = dns_tsigrcode_totext(status, &b);
-			INSIST(tresult == ISC_R_SUCCESS);
-			tsigrcode[isc_buffer_usedlength(&b)] = '\0';
 			ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
 				      NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
 				      "request has invalid signature: %s (%s)",
@@ -1856,17 +1706,9 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	ra = ISC_FALSE;
 	if (client->view->resolver != NULL &&
 	    client->view->recursion == ISC_TRUE &&
-	    ns_client_checkaclsilent(client, NULL,
-				     client->view->recursionacl,
+	    ns_client_checkaclsilent(client, client->view->recursionacl,
 				     ISC_TRUE) == ISC_R_SUCCESS &&
-	    ns_client_checkaclsilent(client, NULL,
-				     client->view->cacheacl,
-				     ISC_TRUE) == ISC_R_SUCCESS &&
-	    ns_client_checkaclsilent(client, &client->interface->addr,
-				     client->view->recursiononacl,
-				     ISC_TRUE) == ISC_R_SUCCESS &&
-	    ns_client_checkaclsilent(client, &client->interface->addr,
-				     client->view->cacheonacl,
+	    ns_client_checkaclsilent(client, client->view->queryacl,
 				     ISC_TRUE) == ISC_R_SUCCESS)
 		ra = ISC_TRUE;
 
@@ -1875,7 +1717,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 
 	ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
 		      ISC_LOG_DEBUG(3), ra ? "recursion available" :
-					     "recursion not available");
+		      			     "recursion not available");
 
 	/*
 	 * Adjust maximum UDP response size for this client.
@@ -1953,17 +1795,13 @@ client_timeout(isc_task_t *task, isc_event_t *event) {
 static isc_result_t
 get_clientmctx(ns_clientmgr_t *manager, isc_mem_t **mctxp) {
 	isc_mem_t *clientmctx;
+#if NMCTXS > 0
 	isc_result_t result;
+#endif
 
 	/*
 	 * Caller must be holding the manager lock.
 	 */
-	if (ns_g_clienttest) {
-		result = isc_mem_create(0, 0, mctxp);
-		if (result == ISC_R_SUCCESS)
-			isc_mem_setname(*mctxp, "client", NULL);
-		return (result);
-	}
 #if NMCTXS > 0
 	INSIST(manager->nextmctx < NMCTXS);
 	clientmctx = manager->mctxpool[manager->nextmctx];
@@ -1971,13 +1809,12 @@ get_clientmctx(ns_clientmgr_t *manager, isc_mem_t **mctxp) {
 		result = isc_mem_create(0, 0, &clientmctx);
 		if (result != ISC_R_SUCCESS)
 			return (result);
-		isc_mem_setname(clientmctx, "client", NULL);
 
 		manager->mctxpool[manager->nextmctx] = clientmctx;
+		manager->nextmctx++;
+		if (manager->nextmctx == NMCTXS)
+			manager->nextmctx = 0;
 	}
-	manager->nextmctx++;
-	if (manager->nextmctx == NMCTXS)
-		manager->nextmctx = 0;
 #else
 	clientmctx = manager->mctx;
 #endif
@@ -2088,7 +1925,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 	client->next = NULL;
 	client->shutdown = NULL;
 	client->shutdown_arg = NULL;
-	client->signer = NULL;
 	dns_name_init(&client->signername, NULL);
 	client->mortal = ISC_FALSE;
 	client->tcpquota = NULL;
@@ -2121,8 +1957,6 @@ client_create(ns_clientmgr_t *manager, ns_client_t **clientp) {
 	if (result != ISC_R_SUCCESS)
 		goto cleanup_query;
 
-	client->needshutdown = ns_g_clienttest;
-
 	CTRACE("create");
 
 	*clientp = client;
@@ -2213,7 +2047,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
 	 */
 	if (nevent->result == ISC_R_SUCCESS) {
 		client->tcpsocket = nevent->newsocket;
-		isc_socket_setname(client->tcpsocket, "client-tcp", NULL);
 		client->state = NS_CLIENTSTATE_READING;
 		INSIST(client->recursionquota == NULL);
 
@@ -2226,7 +2059,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
 	} else {
 		/*
 		 * XXXRTH  What should we do?  We're trying to accept but
-		 *	   it didn't work.  If we just give up, then TCP
+		 *         it didn't work.  If we just give up, then TCP
 		 *	   service may eventually stop.
 		 *
 		 *	   For now, we just go idle.
@@ -2251,7 +2084,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
 
 		if (ns_g_server->blackholeacl != NULL &&
 		    dns_acl_match(&netaddr, NULL,
-				  ns_g_server->blackholeacl,
+			    	  ns_g_server->blackholeacl,
 				  &ns_g_server->aclenv,
 				  &match, NULL) == ISC_R_SUCCESS &&
 		    match > 0)
@@ -2273,7 +2106,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
 		 * Let a new client take our place immediately, before
 		 * we wait for a request packet.  If we don't,
 		 * telnetting to port 53 (once per CPU) will
-		 * deny service to legitimate TCP clients.
+		 * deny service to legititmate TCP clients.
 		 */
 		result = isc_quota_attach(&ns_g_server->tcpquota,
 					  &client->tcpquota);
@@ -2307,7 +2140,7 @@ client_accept(ns_client_t *client) {
 				 isc_result_totext(result));
 		/*
 		 * XXXRTH  What should we do?  We're trying to accept but
-		 *	   it didn't work.  If we just give up, then TCP
+		 *         it didn't work.  If we just give up, then TCP
 		 *	   service may eventually stop.
 		 *
 		 *	   For now, we just go idle.
@@ -2544,9 +2377,7 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
 		 * Allocate a client.  First try to get a recycled one;
 		 * if that fails, make a new one.
 		 */
-		client = NULL;
-		if (!ns_g_clienttest)
-			client = ISC_LIST_HEAD(manager->inactive);
+		client = ISC_LIST_HEAD(manager->inactive);
 		if (client != NULL) {
 			MTRACE("recycle");
 			ISC_LIST_UNLINK(manager->inactive, client, link);
@@ -2602,8 +2433,8 @@ ns_client_getsockaddr(ns_client_t *client) {
 }
 
 isc_result_t
-ns_client_checkaclsilent(ns_client_t *client, isc_sockaddr_t *sockaddr,
-			 dns_acl_t *acl, isc_boolean_t default_allow)
+ns_client_checkaclsilent(ns_client_t *client, dns_acl_t *acl,
+			 isc_boolean_t default_allow)
 {
 	isc_result_t result;
 	int match;
@@ -2616,16 +2447,11 @@ ns_client_checkaclsilent(ns_client_t *client, isc_sockaddr_t *sockaddr,
 			goto deny;
 	}
 
-
-	if (sockaddr == NULL)
-		isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
-	else
-		isc_netaddr_fromsockaddr(&netaddr, sockaddr);
+	isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
 
 	result = dns_acl_match(&netaddr, client->signer, acl,
 			       &ns_g_server->aclenv,
 			       &match, NULL);
-
 	if (result != ISC_R_SUCCESS)
 		goto deny; /* Internal error, already logged. */
 	if (match > 0)
@@ -2640,14 +2466,14 @@ ns_client_checkaclsilent(ns_client_t *client, isc_sockaddr_t *sockaddr,
 }
 
 isc_result_t
-ns_client_checkacl(ns_client_t *client, isc_sockaddr_t *sockaddr,
+ns_client_checkacl(ns_client_t *client,
 		   const char *opname, dns_acl_t *acl,
 		   isc_boolean_t default_allow, int log_level)
 {
 	isc_result_t result =
-		ns_client_checkaclsilent(client, sockaddr, acl, default_allow);
+		ns_client_checkaclsilent(client, acl, default_allow);
 
-	if (result == ISC_R_SUCCESS)
+	if (result == ISC_R_SUCCESS) 
 		ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
 			      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(3),
 			      "%s approved", opname);
@@ -2668,7 +2494,7 @@ ns_client_name(ns_client_t *client, char *peerbuf, size_t len) {
 
 void
 ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
-	       isc_logmodule_t *module, int level, const char *fmt, va_list ap)
+	   isc_logmodule_t *module, int level, const char *fmt, va_list ap)
 {
 	char msgbuf[2048];
 	char peerbuf[ISC_SOCKADDR_FORMATSIZE];
@@ -2703,16 +2529,16 @@ ns_client_log(ns_client_t *client, isc_logcategory_t *category,
 
 void
 ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type,
-		 dns_rdataclass_t rdclass, char *buf, size_t len)
+		 dns_rdataclass_t rdclass, char *buf, size_t len) 
 {
-	char namebuf[DNS_NAME_FORMATSIZE];
-	char typebuf[DNS_RDATATYPE_FORMATSIZE];
-	char classbuf[DNS_RDATACLASS_FORMATSIZE];
+        char namebuf[DNS_NAME_FORMATSIZE];
+        char typebuf[DNS_RDATATYPE_FORMATSIZE];
+        char classbuf[DNS_RDATACLASS_FORMATSIZE];
 
-	dns_name_format(name, namebuf, sizeof(namebuf));
-	dns_rdatatype_format(type, typebuf, sizeof(typebuf));
-	dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
-	(void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf,
+        dns_name_format(name, namebuf, sizeof(namebuf));
+        dns_rdatatype_format(type, typebuf, sizeof(typebuf));
+        dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
+        (void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf,
 		       classbuf);
 }
 
@@ -2740,7 +2566,7 @@ ns_client_dumpmessage(ns_client_t *client, const char *reason) {
 			isc_mem_put(client->mctx, buf, len);
 			len += 1024;
 		} else if (result == ISC_R_SUCCESS)
-			ns_client_log(client, NS_LOGCATEGORY_UNMATCHED,
+		        ns_client_log(client, NS_LOGCATEGORY_UNMATCHED,
 				      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
 				      "%s\n%.*s", reason,
 				       (int)isc_buffer_usedlength(&buffer),
@@ -2760,7 +2586,7 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
 	const char *sep;
 
 	REQUIRE(VALID_MANAGER(manager));
-
+	      
 	LOCK(&manager->lock);
 	client = ISC_LIST_HEAD(manager->recursing);
 	while (client != NULL) {

bin/named/config.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,13 +15,14 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.c,v 1.93.14.2 2009/03/17 23:47:28 tbox Exp $ */
+/* $Id: config.c,v 1.47.18.28 2006/05/03 01:46:40 marka Exp $ */
 
 /*! \file */
 
 #include <config.h>
 
 #include <stdlib.h>
+#include <string.h>
 
 #include <isc/buffer.h>
 #include <isc/log.h>
@@ -30,7 +31,6 @@
 #include <isc/region.h>
 #include <isc/result.h>
 #include <isc/sockaddr.h>
-#include <isc/string.h>
 #include <isc/util.h>
 
 #include <isccfg/namedconf.h>
@@ -52,7 +52,7 @@ options {\n\
 #ifndef WIN32
 "	coresize default;\n\
 	datasize default;\n\
-	files unlimited;\n\
+	files default;\n\
 	stacksize default;\n"
 #endif
 "	deallocate-on-exit true;\n\
@@ -69,7 +69,7 @@ options {\n\
 	memstatistics-file \"named.memstats\";\n\
 	multiple-cnames no;\n\
 #	named-xfer <obsolete>;\n\
-#	pid-file \"" NS_LOCALSTATEDIR "/run/named/named.pid\"; /* or /lwresd.pid */\n\
+#	pid-file \"" NS_LOCALSTATEDIR "/named.pid\"; /* or /lwresd.pid */\n\
 	port 53;\n\
 	recursing-file \"named.recursing\";\n\
 "
@@ -99,16 +99,12 @@ options {\n\
 	use-ixfr true;\n\
 	edns-udp-size 4096;\n\
 	max-udp-size 4096;\n\
-	request-nsid false;\n\
-	reserved-sockets 512;\n\
 \n\
 	/* view */\n\
 	allow-notify {none;};\n\
 	allow-update-forwarding {none;};\n\
 	allow-query-cache { localnets; localhost; };\n\
-	allow-query-cache-on { any; };\n\
 	allow-recursion { localnets; localhost; };\n\
-	allow-recursion-on { any; };\n\
 #	allow-v6-synthesis <obsolete>;\n\
 #	sortlist <none>\n\
 #	topology <none>\n\
@@ -125,7 +121,7 @@ options {\n\
 	query-source-v6 address *;\n\
 	notify-source *;\n\
 	notify-source-v6 *;\n\
-	cleaning-interval 0;  /* now meaningless */\n\
+	cleaning-interval 60;\n\
 	min-roots 2;\n\
 	lame-ttl 600;\n\
 	max-ncache-ttl 10800; /* 3 hours */\n\
@@ -138,24 +134,21 @@ options {\n\
 	check-mx warn;\n\
 	acache-enable no;\n\
 	acache-cleaning-interval 60;\n\
-	max-acache-size 16M;\n\
+	max-acache-size 0;\n\
 	dnssec-enable yes;\n\
-	dnssec-validation yes; \n\
+	dnssec-validation no; /* Make yes for 9.5. */ \n\
 	dnssec-accept-expired no;\n\
 	clients-per-query 10;\n\
 	max-clients-per-query 100;\n\
 	zero-no-soa-ttl-cache no;\n\
-	nsec3-test-zone no;\n\
 "
 
 "	/* zone */\n\
 	allow-query {any;};\n\
-	allow-query-on {any;};\n\
 	allow-transfer {any;};\n\
 	notify yes;\n\
 #	also-notify <none>\n\
 	notify-delay 5;\n\
-	notify-to-soa no;\n\
 	dialup no;\n\
 #	forward <none>\n\
 #	forwarders <none>\n\
@@ -175,9 +168,6 @@ options {\n\
 	min-refresh-time 300;\n\
 	multi-master no;\n\
 	sig-validity-interval 30; /* days */\n\
-	sig-signing-nodes 100;\n\
-	sig-signing-signatures 10;\n\
-	sig-signing-type 65534;\n\
 	zone-statistics false;\n\
 	max-journal-size unlimited;\n\
 	ixfr-from-differences false;\n\
@@ -188,12 +178,11 @@ options {\n\
 	check-srv-cname warn;\n\
 	zero-no-soa-ttl yes;\n\
 	update-check-ksk yes;\n\
-	try-tcp-refresh yes; /* BIND 8 compat */\n\
 };\n\
 "
 
 "#\n\
-#  Zones in the \"_bind\" view are NOT counted in the count of zones.\n\
+#  Zones in the \"_bind\" view are NOT counted is the count of zones.\n\
 #\n\
 view \"_bind\" chaos {\n\
 	recursion no;\n\
@@ -413,7 +402,7 @@ ns_config_putiplist(isc_mem_t *mctx, isc_sockaddr_t **addrsp,
 
 static isc_result_t
 get_masters_def(const cfg_obj_t *cctx, const char *name,
-		const cfg_obj_t **ret)
+	        const cfg_obj_t **ret)
 {
 	isc_result_t result;
 	const cfg_obj_t *masters = NULL;
@@ -531,7 +520,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
 			tresult = get_masters_def(config, listname, &list);
 			if (tresult == ISC_R_NOTFOUND) {
 				cfg_obj_log(addr, ns_g_lctx, ISC_LOG_ERROR,
-				    "masters \"%s\" not found", listname);
+                                    "masters \"%s\" not found", listname);
 
 				result = tresult;
 				goto cleanup;
@@ -609,7 +598,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
 		if (keys[i] == NULL)
 			goto cleanup;
 		dns_name_init(keys[i], NULL);
-
+		
 		keystr = cfg_obj_asstring(key);
 		isc_buffer_init(&b, keystr, strlen(keystr));
 		isc_buffer_add(&b, strlen(keystr));
@@ -665,7 +654,7 @@ ns_config_getipandkeylist(const cfg_obj_t *config, const cfg_obj_t *list,
 		isc_mem_put(mctx, lists, listcount * sizeof(*lists));
 	if (stack != NULL)
 		isc_mem_put(mctx, stack, stackcount * sizeof(*stack));
-
+	
 	INSIST(keycount == addrcount);
 
 	*addrsp = addrs;

bin/named/control.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2007, 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,17 +15,17 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: control.c,v 1.33.266.4 2010/12/03 23:45:46 tbox Exp $ */
+/* $Id: control.c,v 1.20.10.8 2006/03/10 00:23:20 marka Exp $ */
 
 /*! \file */
 
 #include <config.h>
 
+#include <string.h>
 
 #include <isc/app.h>
 #include <isc/event.h>
 #include <isc/mem.h>
-#include <isc/string.h>
 #include <isc/timer.h>
 #include <isc/util.h>
 
@@ -56,14 +56,13 @@ command_compare(const char *text, const char *command) {
 
 /*%
  * This function is called to process the incoming command
- * when a control channel message is received.
+ * when a control channel message is received.  
  */
 isc_result_t
 ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 	isccc_sexpr_t *data;
 	char *command;
 	isc_result_t result;
-	int log_level;
 #ifdef HAVE_LIBSCF
 	ns_smf_want_disable = 0;
 #endif
@@ -84,20 +83,14 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 		return (result);
 	}
 
-	/*
-	 * Compare the 'command' parameter against all known control commands.
-	 */
-	if (command_compare(command, NS_COMMAND_NULL) ||
-	    command_compare(command, NS_COMMAND_STATUS)) {
-		log_level = ISC_LOG_DEBUG(1);
-	} else {
-		log_level = ISC_LOG_INFO;
-	}
 	isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
-		      NS_LOGMODULE_CONTROL, log_level,
+		      NS_LOGMODULE_CONTROL, ISC_LOG_DEBUG(1),
 		      "received control channel command '%s'",
 		      command);
 
+	/*
+	 * Compare the 'command' parameter against all known control commands.
+	 */
 	if (command_compare(command, NS_COMMAND_RELOAD)) {
 		result = ns_server_reloadcommand(ns_g_server, command, text);
 	} else if (command_compare(command, NS_COMMAND_RECONFIG)) {
@@ -129,16 +122,11 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 		 * isc_app_shutdown below.
 		 */
 #endif
-		/* Do not flush master files */
 		ns_server_flushonshutdown(ns_g_server, ISC_FALSE);
 		ns_os_shutdownmsg(command, text);
 		isc_app_shutdown();
 		result = ISC_R_SUCCESS;
 	} else if (command_compare(command, NS_COMMAND_STOP)) {
-		/*
-		 * "stop" is the same as "halt" except it does
-		 * flush master files.
-		 */
 #ifdef HAVE_LIBSCF
 		if (ns_smf_got_instance == 1 && ns_smf_chroot == 1) {
 			result = ns_smf_add_message(text);
@@ -170,17 +158,11 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 		result = ns_server_flushname(ns_g_server, command);
 	} else if (command_compare(command, NS_COMMAND_STATUS)) {
 		result = ns_server_status(ns_g_server, text);
-	} else if (command_compare(command, NS_COMMAND_TSIGLIST)) {
-		result = ns_server_tsiglist(ns_g_server, text);
-	} else if (command_compare(command, NS_COMMAND_TSIGDELETE)) {
-		result = ns_server_tsigdelete(ns_g_server, command, text);
 	} else if (command_compare(command, NS_COMMAND_FREEZE)) {
-		result = ns_server_freeze(ns_g_server, ISC_TRUE, command,
-					  text);
+		result = ns_server_freeze(ns_g_server, ISC_TRUE, command);
 	} else if (command_compare(command, NS_COMMAND_UNFREEZE) ||
 		   command_compare(command, NS_COMMAND_THAW)) {
-		result = ns_server_freeze(ns_g_server, ISC_FALSE, command,
-					  text);
+		result = ns_server_freeze(ns_g_server, ISC_FALSE, command);
 	} else if (command_compare(command, NS_COMMAND_RECURSING)) {
 		result = ns_server_dumprecursing(ns_g_server);
 	} else if (command_compare(command, NS_COMMAND_TIMERPOKE)) {

bin/named/controlconf.c

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2008, 2011  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: controlconf.c,v 1.60.70.2 2011/03/12 04:57:23 tbox Exp $ */
+/* $Id: controlconf.c,v 1.40.18.9 2006/02/28 03:10:47 marka Exp $ */
 
 /*! \file */
 
@@ -345,9 +345,9 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 	listener = conn->listener;
 	secret.rstart = NULL;
 
-	/* Is the server shutting down? */
-	if (listener->controls->shuttingdown)
-		goto cleanup;
+        /* Is the server shutting down? */
+        if (listener->controls->shuttingdown)
+                goto cleanup;
 
 	if (conn->ccmsg.result != ISC_R_SUCCESS) {
 		if (conn->ccmsg.result != ISC_R_CANCELED &&
@@ -364,6 +364,9 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 	{
 		ccregion.rstart = isc_buffer_base(&conn->ccmsg.buffer);
 		ccregion.rend = isc_buffer_used(&conn->ccmsg.buffer);
+		if (secret.rstart != NULL)
+			isc_mem_put(listener->mctx, secret.rstart,
+				    REGION_SIZE(secret));
 		secret.rstart = isc_mem_get(listener->mctx, key->secret.length);
 		if (secret.rstart == NULL)
 			goto cleanup;
@@ -372,8 +375,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 		result = isccc_cc_fromwire(&ccregion, &request, &secret);
 		if (result == ISC_R_SUCCESS)
 			break;
-		isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
-		if (result == ISCCC_R_BADAUTH) {
+		else if (result == ISCCC_R_BADAUTH) {
 			/*
 			 * For some reason, request is non-NULL when
 			 * isccc_cc_fromwire returns ISCCC_R_BADAUTH.
@@ -394,7 +396,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 	/* We shouldn't be getting a reply. */
 	if (isccc_cc_isreply(request)) {
 		log_invalid(&conn->ccmsg, ISC_R_FAILURE);
-		goto cleanup_request;
+		goto cleanup;
 	}
 
 	isc_stdtime_get(&now);
@@ -405,17 +407,17 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 	_ctrl = isccc_alist_lookup(request, "_ctrl");
 	if (_ctrl == NULL) {
 		log_invalid(&conn->ccmsg, ISC_R_FAILURE);
-		goto cleanup_request;
+		goto cleanup;
 	}
 
 	if (isccc_cc_lookupuint32(_ctrl, "_tim", &sent) == ISC_R_SUCCESS) {
 		if ((sent + CLOCKSKEW) < now || (sent - CLOCKSKEW) > now) {
 			log_invalid(&conn->ccmsg, ISCCC_R_CLOCKSKEW);
-			goto cleanup_request;
+			goto cleanup;
 		}
 	} else {
 		log_invalid(&conn->ccmsg, ISC_R_FAILURE);
-		goto cleanup_request;
+		goto cleanup;
 	}
 
 	/*
@@ -424,7 +426,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 	if (isccc_cc_lookupuint32(_ctrl, "_exp", &exp) == ISC_R_SUCCESS &&
 	    now > exp) {
 		log_invalid(&conn->ccmsg, ISCCC_R_EXPIRED);
-		goto cleanup_request;
+		goto cleanup;
 	}
 
 	/*
@@ -434,16 +436,16 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 	result = isccc_cc_checkdup(listener->controls->symtab, request, now);
 	if (result != ISC_R_SUCCESS) {
 		if (result == ISC_R_EXISTS)
-			result = ISCCC_R_DUPLICATE;
+                        result = ISCCC_R_DUPLICATE; 
 		log_invalid(&conn->ccmsg, result);
-		goto cleanup_request;
+		goto cleanup;
 	}
 
 	if (conn->nonce != 0 &&
 	    (isccc_cc_lookupuint32(_ctrl, "_nonce", &nonce) != ISC_R_SUCCESS ||
 	     conn->nonce != nonce)) {
 		log_invalid(&conn->ccmsg, ISCCC_R_BADAUTH);
-		goto cleanup_request;
+		goto cleanup;
 	}
 
 	/*
@@ -457,7 +459,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 
 	result = isccc_cc_createresponse(request, now, now + 60, &response);
 	if (result != ISC_R_SUCCESS)
-		goto cleanup_request;
+		goto cleanup;
 	if (eresult != ISC_R_SUCCESS) {
 		isccc_sexpr_t *data;
 
@@ -465,7 +467,7 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 		if (data != NULL) {
 			const char *estr = isc_result_totext(eresult);
 			if (isccc_cc_definestring(data, "err", estr) == NULL)
-				goto cleanup_response;
+				goto cleanup;
 		}
 	}
 
@@ -476,20 +478,20 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 		if (data != NULL) {
 			char *str = (char *)isc_buffer_base(&text);
 			if (isccc_cc_definestring(data, "text", str) == NULL)
-				goto cleanup_response;
+				goto cleanup;
 		}
 	}
 
 	_ctrl = isccc_alist_lookup(response, "_ctrl");
 	if (_ctrl == NULL ||
 	    isccc_cc_defineuint32(_ctrl, "_nonce", conn->nonce) == NULL)
-		goto cleanup_response;
+		goto cleanup;
 
 	ccregion.rstart = conn->buffer + 4;
 	ccregion.rend = conn->buffer + sizeof(conn->buffer);
 	result = isccc_cc_towire(response, &ccregion, &secret);
 	if (result != ISC_R_SUCCESS)
-		goto cleanup_response;
+		goto cleanup;
 	isc_buffer_init(&b, conn->buffer, 4);
 	len = sizeof(conn->buffer) - REGION_SIZE(ccregion);
 	isc_buffer_putuint32(&b, len - 4);
@@ -498,27 +500,31 @@ control_recvmessage(isc_task_t *task, isc_event_t *event) {
 
 	result = isc_socket_send(conn->sock, &r, task, control_senddone, conn);
 	if (result != ISC_R_SUCCESS)
-		goto cleanup_response;
+		goto cleanup;
 	conn->sending = ISC_TRUE;
 
-	isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
-	isccc_sexpr_free(&request);
-	isccc_sexpr_free(&response);
+	if (secret.rstart != NULL)
+		isc_mem_put(listener->mctx, secret.rstart,
+			    REGION_SIZE(secret));
+	if (request != NULL)
+		isccc_sexpr_free(&request);
+	if (response != NULL)
+		isccc_sexpr_free(&response);
 	return;
 
- cleanup_response:
-	isccc_sexpr_free(&response);
-
- cleanup_request:
-	isccc_sexpr_free(&request);
-	isc_mem_put(listener->mctx, secret.rstart, REGION_SIZE(secret));
-
  cleanup:
+	if (secret.rstart != NULL)
+		isc_mem_put(listener->mctx, secret.rstart,
+			    REGION_SIZE(secret));
 	isc_socket_detach(&conn->sock);
 	isccc_ccmsg_invalidate(&conn->ccmsg);
 	conn->ccmsg_valid = ISC_FALSE;
 	maybe_free_connection(conn);
 	maybe_free_listener(listener);
+	if (request != NULL)
+		isccc_sexpr_free(&request);
+	if (response != NULL)
+		isccc_sexpr_free(&response);
 }
 
 static void
@@ -542,7 +548,7 @@ newconnection(controllistener_t *listener, isc_socket_t *sock) {
 	conn = isc_mem_get(listener->mctx, sizeof(*conn));
 	if (conn == NULL)
 		return (ISC_R_NOMEMORY);
-
+	
 	conn->sock = sock;
 	isccc_ccmsg_init(listener->mctx, sock, &conn->ccmsg);
 	conn->ccmsg_valid = ISC_TRUE;
@@ -597,7 +603,6 @@ control_newconn(isc_task_t *task, isc_event_t *event) {
 	}
 
 	sock = nevent->newsocket;
-	isc_socket_setname(sock, "control", NULL);
 	(void)isc_socket_getpeername(sock, &peeraddr);
 	if (listener->type == isc_sockettype_tcp &&
 	    !address_ok(&peeraddr, listener->acl)) {
@@ -655,7 +660,7 @@ ns_controls_shutdown(ns_controls_t *controls) {
 
 static isc_result_t
 cfgkeylist_find(const cfg_obj_t *keylist, const char *keyname,
-		const cfg_obj_t **objp)
+	        const cfg_obj_t **objp)
 {
 	const cfg_listelt_t *element;
 	const char *str;
@@ -685,7 +690,7 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
 	char *newstr = NULL;
 	const char *str;
 	const cfg_obj_t *obj;
-	controlkey_t *key;
+	controlkey_t *key = NULL;
 
 	for (element = cfg_list_first(keylist);
 	     element != NULL;
@@ -704,6 +709,7 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
 		key->secret.length = 0;
 		ISC_LINK_INIT(key, link);
 		ISC_LIST_APPEND(*keyids, key, link);
+		key = NULL;
 		newstr = NULL;
 	}
 	return (ISC_R_SUCCESS);
@@ -711,6 +717,8 @@ controlkeylist_fromcfg(const cfg_obj_t *keylist, isc_mem_t *mctx,
  cleanup:
 	if (newstr != NULL)
 		isc_mem_free(mctx, newstr);
+	if (key != NULL)
+		isc_mem_put(mctx, key, sizeof(*key));
 	free_controlkeylist(keyids, mctx);
 	return (ISC_R_NOMEMORY);
 }
@@ -803,7 +811,7 @@ register_keys(const cfg_obj_t *control, const cfg_obj_t *keylist,
 		 if (result != ISC_R_SUCCESS) \
 			goto cleanup; \
 	} while (0)
-
+		
 static isc_result_t
 get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
 	isc_result_t result;
@@ -823,14 +831,14 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
 	CHECK(cfg_map_get(config, "key", &key));
 
 	keyid = isc_mem_get(mctx, sizeof(*keyid));
-	if (keyid == NULL)
+	if (keyid == NULL) 
 		CHECK(ISC_R_NOMEMORY);
 	keyid->keyname = isc_mem_strdup(mctx,
 					cfg_obj_asstring(cfg_map_getname(key)));
 	keyid->secret.base = NULL;
 	keyid->secret.length = 0;
 	ISC_LINK_INIT(keyid, link);
-	if (keyid->keyname == NULL)
+	if (keyid->keyname == NULL) 
 		CHECK(ISC_R_NOMEMORY);
 
 	CHECK(bind9_check_key(key, ns_g_lctx));
@@ -859,7 +867,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
 		cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
 			    "secret for key '%s' on command channel: %s",
 			    keyid->keyname, isc_result_totext(result));
-		goto cleanup;
+		CHECK(result);
 	}
 
 	keyid->secret.length = isc_buffer_usedlength(&b);
@@ -886,7 +894,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
 		cfg_parser_destroy(&pctx);
 	return (result);
 }
-
+			
 /*
  * Ensures that both '*global_keylistp' and '*control_keylistp' are
  * valid or both are NULL.
@@ -920,7 +928,7 @@ static void
 update_listener(ns_controls_t *cp, controllistener_t **listenerp,
 		const cfg_obj_t *control, const cfg_obj_t *config,
 		isc_sockaddr_t *addr, cfg_aclconfctx_t *aclconfctx,
-		const char *socktext, isc_sockettype_t type)
+	        const char *socktext, isc_sockettype_t type)
 {
 	controllistener_t *listener;
 	const cfg_obj_t *allow;
@@ -940,7 +948,7 @@ update_listener(ns_controls_t *cp, controllistener_t **listenerp,
 		*listenerp = NULL;
 		return;
 	}
-
+		
 	/*
 	 * There is already a listener for this sockaddr.
 	 * Update the access list and key information.
@@ -1008,7 +1016,7 @@ update_listener(ns_controls_t *cp, controllistener_t **listenerp,
 	if (control != NULL && type == isc_sockettype_tcp) {
 		allow = cfg_tuple_get(control, "allow");
 		result = cfg_acl_fromconfig(allow, config, ns_g_lctx,
-					    aclconfctx, listener->mctx, 0,
+					    aclconfctx, listener->mctx,
 					    &new_acl);
 	} else {
 		result = dns_acl_any(listener->mctx, &new_acl);
@@ -1095,8 +1103,7 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp,
 		if (control != NULL && type == isc_sockettype_tcp) {
 			allow = cfg_tuple_get(control, "allow");
 			result = cfg_acl_fromconfig(allow, config, ns_g_lctx,
-						    aclconfctx, mctx, 0,
-						    &new_acl);
+						    aclconfctx, mctx, &new_acl);
 		} else {
 			result = dns_acl_any(mctx, &new_acl);
 		}
@@ -1145,12 +1152,10 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp,
 		result = isc_socket_create(ns_g_socketmgr,
 					   isc_sockaddr_pf(&listener->address),
 					   type, &listener->sock);
-	if (result == ISC_R_SUCCESS)
-		isc_socket_setname(listener->sock, "control", NULL);
 
 	if (result == ISC_R_SUCCESS)
-		result = isc_socket_bind(listener->sock, &listener->address,
-					 ISC_SOCKET_REUSEADDRESS);
+		result = isc_socket_bind(listener->sock,
+					 &listener->address);
 
 	if (result == ISC_R_SUCCESS && type == isc_sockettype_unix) {
 		listener->perm = cfg_obj_asuint32(cfg_tuple_get(control,
@@ -1337,7 +1342,7 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
 
 				update_listener(cp, &listener, control, config,
 						&addr, aclconfctx,
-						cfg_obj_asstring(path),
+					        cfg_obj_asstring(path),
 						isc_sockettype_unix);
 
 				if (listener != NULL)
@@ -1383,10 +1388,10 @@ ns_controls_configure(ns_controls_t *cp, const cfg_obj_t *config,
 			isc_sockaddr_setport(&addr, NS_CONTROL_PORT);
 
 			isc_sockaddr_format(&addr, socktext, sizeof(socktext));
-
+			
 			update_listener(cp, &listener, NULL, NULL,
 					&addr, NULL, socktext,
-					isc_sockettype_tcp);
+				        isc_sockettype_tcp);
 
 			if (listener != NULL)
 				/*

bin/named/convertxsl.pl

@@ -1,57 +0,0 @@
-#!/usr/bin/env perl
-#
-# Copyright (C) 2006-2008  Internet Systems Consortium, Inc. ("ISC")
-#
-# Permission to use, copy, modify, and/or distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-
-# $Id: convertxsl.pl,v 1.14 2008/07/17 23:43:26 jinmei Exp $
-
-use strict;
-use warnings;
-
-my $rev = '$Id: convertxsl.pl,v 1.14 2008/07/17 23:43:26 jinmei Exp $';
-$rev =~ s/\$//g;
-$rev =~ s/,v//g;
-$rev =~ s/Id: //;
-
-my $xsl = "unknown";
-my $lines = '';
-
-while (<>) {
-    chomp;
-    # pickout the id for comment.
-    $xsl = $_ if (/<!-- .Id:.* -->/);
-    # convert Id string to a form not recognisable by cvs.
-    $_ =~ s/<!-- .Id:(.*). -->/<!-- \\045Id: $1\\045 -->/;
-    s/[\ \t]+/ /g;
-    s/\>\ \</\>\</g;
-    s/\"/\\\"/g;
-    s/^/\t\"/;
-    s/$/\\n\"/;
-    if ($lines eq "") {
-	    $lines .= $_;
-    } else {
-	    $lines .= "\n" . $_;
-    }
-}
-
-$xsl =~ s/\$//g;
-$xsl =~ s/<!-- Id: //;
-$xsl =~ s/ -->.*//;
-$xsl =~ s/,v//;
-
-print "/*\n * Generated by $rev \n * From $xsl\n */\n";
-print 'static char xslmsg[] =',"\n";
-print $lines;
-
-print ';', "\n";

bin/named/include/named/builtin.h

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: builtin.h,v 1.6 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: builtin.h,v 1.2.18.2 2005/04/29 00:15:34 marka Exp $ */
 
 #ifndef NAMED_BUILTIN_H
 #define NAMED_BUILTIN_H 1

bin/named/include/named/client.h

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.h,v 1.86.120.2 2009/01/18 23:47:34 tbox Exp $ */
+/* $Id: client.h,v 1.69.18.9 2006/06/06 00:11:41 marka Exp $ */
 
 #ifndef NAMED_CLIENT_H
 #define NAMED_CLIENT_H 1
@@ -24,7 +24,7 @@
  ***** Module Info
  *****/
 
-/*! \file
+/*! \file 
  * \brief
  * This module defines two objects, ns_client_t and ns_clientmgr_t.
  *
@@ -97,13 +97,6 @@ struct ns_client {
 	int			nupdates;
 	int			nctls;
 	int			references;
-	isc_boolean_t		needshutdown; 	/*
-						 * Used by clienttest to get
-						 * the client to go from
-						 * inactive to free state
-						 * by shutting down the
-						 * client's task.
-						 */
 	unsigned int		attributes;
 	isc_task_t *		task;
 	dns_view_t *		view;
@@ -162,11 +155,10 @@ struct ns_client {
 #define NS_CLIENT_VALID(c)		ISC_MAGIC_VALID(c, NS_CLIENT_MAGIC)
 
 #define NS_CLIENTATTR_TCP		0x01
-#define NS_CLIENTATTR_RA		0x02 /*%< Client gets recursive service */
+#define NS_CLIENTATTR_RA		0x02 /*%< Client gets recusive service */
 #define NS_CLIENTATTR_PKTINFO		0x04 /*%< pktinfo is valid */
 #define NS_CLIENTATTR_MULTICAST		0x08 /*%< recv'd from multicast */
 #define NS_CLIENTATTR_WANTDNSSEC	0x10 /*%< include dnssec records */
-#define NS_CLIENTATTR_WANTNSID          0x20 /*%< include nameserver ID */
 
 extern unsigned int ns_client_requests;
 
@@ -274,9 +266,7 @@ ns_client_getsockaddr(ns_client_t *client);
  */
 
 isc_result_t
-ns_client_checkaclsilent(ns_client_t *client,
-			 isc_sockaddr_t *sockaddr,
-			 dns_acl_t *acl,
+ns_client_checkaclsilent(ns_client_t  *client,dns_acl_t *acl,
 			 isc_boolean_t default_allow);
 
 /*%
@@ -284,8 +274,6 @@ ns_client_checkaclsilent(ns_client_t *client,
  *
  * Check the current client request against 'acl'.  If 'acl'
  * is NULL, allow the request iff 'default_allow' is ISC_TRUE.
- * If netaddr is NULL, check the ACL against client->peeraddr;
- * otherwise check it against netaddr.
  *
  * Notes:
  *\li	This is appropriate for checking allow-update,
@@ -296,7 +284,6 @@ ns_client_checkaclsilent(ns_client_t *client,
  *
  * Requires:
  *\li	'client' points to a valid client.
- *\li	'sockaddr' points to a valid address, or is NULL.
  *\li	'acl' points to a valid ACL, or is NULL.
  *
  * Returns:
@@ -307,19 +294,18 @@ ns_client_checkaclsilent(ns_client_t *client,
 
 isc_result_t
 ns_client_checkacl(ns_client_t  *client,
-		   isc_sockaddr_t *sockaddr,
 		   const char *opname, dns_acl_t *acl,
 		   isc_boolean_t default_allow,
 		   int log_level);
 /*%
- * Like ns_client_checkaclsilent, except the outcome of the check is
- * logged at log level 'log_level' if denied, and at debug 3 if approved.
- * Log messages will refer to the request as an 'opname' request.
+ * Like ns_client_checkacl, but also logs the outcome of the
+ * check at log level 'log_level' if denied, and at debug 3
+ * if approved.  Log messages will refer to the request as
+ * an 'opname' request.
  *
  * Requires:
- *\li	'client' points to a valid client.
- *\li	'sockaddr' points to a valid address, or is NULL.
- *\li	'acl' points to a valid ACL, or is NULL.
+ *\li	Those of ns_client_checkaclsilent(), and:
+ *
  *\li	'opname' points to a null-terminated string.
  */
 
@@ -366,8 +352,8 @@ ns_client_qnamereplace(ns_client_t *client, dns_name_t *name);
 
 isc_boolean_t
 ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
-		 isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr,
-		 dns_rdataclass_t rdclass, void *arg);
+                 isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr,
+                 dns_rdataclass_t rdclass, void *arg);
 /*%
  * Isself callback.
  */

bin/named/include/named/config.h

@@ -1,8 +1,8 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001, 2002  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.h,v 1.14 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: config.h,v 1.6.18.6 2006/02/28 03:10:47 marka Exp $ */
 
 #ifndef NAMED_CONFIG_H
 #define NAMED_CONFIG_H 1