This commit was manufactured by cvs2git to create tag 'v9_0_1'.

- update openssl-0.9.8s-patch to francis's version

.cvsignore

@@ -5,5 +5,3 @@ config.cache
 config.status
 libtool
 isc-config.sh
-configure.lineno
-autom4te.cache

Atffile

@@ -0,0 +1,5 @@
+Content-Type: application/X-atf-atffile; version="1"
+
+prop: test-suite = bind9
+
+tp: lib

COPYRIGHT

@@ -1,30 +1,14 @@
-Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
-Copyright (C) 1996-2003  Internet Software Consortium.
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-
-$Id: COPYRIGHT,v 1.16 2010/01/04 23:48:51 tbox Exp $
-
-Portions Copyright (C) 1996-2001  Nominum, Inc.
+Copyright (C) 1996-2000  Internet Software Consortium.
 
 Permission to use, copy, modify, and distribute this software for any
 purpose with or without fee is hereby granted, provided that the above
 copyright notice and this permission notice appear in all copies.
 
-THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
-OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
+THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+SOFTWARE.

Makefile.in

@@ -1,19 +1,19 @@
-# Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 1998-2002  Internet Software Consortium.
-#
-# Permission to use, copy, modify, and/or distribute this software for any
+# Copyright (C) 1998-2000  Internet Software Consortium.
+# 
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+# SOFTWARE.
 
-# $Id: Makefile.in,v 1.58 2009/11/26 20:52:44 marka Exp $
+# $Id: Makefile.in,v 1.21.2.6 2000/07/27 01:48:49 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,55 +21,49 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-SUBDIRS =	make lib bin doc @LIBEXPORT@
+SUBDIRS =	make lib bin
 TARGETS =
-
-MANPAGES =	isc-config.sh.1
-
-HTMLPAGES =	isc-config.sh.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
+DISTFILES =	CHANGES COPYRIGHT Makefile.in README \
+		acconfig.h aclocal.m4 config.guess config.h.in config.h.win32 \
+		config.status.win32 config.sub configure configure.in \
+		isc-config.sh.in install-sh libtool.m4 ltconfig ltmain.sh \
+		lib make contrib \
+		version
+DOCDISTFILES =	arm draft misc rfc
+DOCMANDISTFILES = bin dnssec
+BINDISTFILES =	Makefile.in dig dnssec named nsupdate rndc tests
 
 @BIND9_MAKE_RULES@
 
 distclean::
 	rm -f config.cache config.h config.log config.status TAGS
-	rm -f libtool isc-config.sh configure.lineno
-	rm -f util/conf.sh docutil/docbook2man-wrapper.sh
+	rm -f libtool isc-config.sh
+	rm -f util/conf.sh
 
-# XXX we should clean libtool stuff too.  Only do this after we add rules
-# to make it.
-maintainer-clean::
-	rm -f configure
+cleandir: distclean
 
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
+install:: isc-config.sh
+	${INSTALL_PROGRAM} isc-config.sh ${DESTDIR}${bindir}
 
-doc man:: ${MANOBJS}
+kit: kitclean
+	mkdir bind-${VERSION}
+	@(cd bind-${VERSION}; for i in ${DISTFILES}; do ln -s ../$$i $$i; done)
+	mkdir bind-${VERSION}/doc
+	@(cd bind-${VERSION}/doc; for i in ${DOCDISTFILES}; do \
+		ln -s ../../doc/$$i $$i; done)
+	mkdir bind-${VERSION}/doc/man
+	@(cd bind-${VERSION}/doc/man; for i in ${DOCMANDISTFILES}; do \
+		ln -s ../../../doc/man/$$i $$i; done)
+	mkdir bind-${VERSION}/bin
+	@(cd bind-${VERSION}/bin; for i in ${BINDISTFILES}; do \
+		ln -s ../../bin/$$i $$i; done)
+	gtar -c -v -z -h --exclude '*CVS*' -f bind-${VERSION}.tar.gz \
+		bind-${VERSION}
+	rm -rf bind-${VERSION}
 
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \
-	${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
-
-install:: isc-config.sh installdirs
-	${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}
-	${INSTALL_DATA} ${top_srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1
-	${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir}
+kitclean: distclean
+	rm -rf bind-${VERSION}
 
 tags:
 	rm -f TAGS
 	find lib bin -name "*.[ch]" -print | @ETAGS@ -
-
-check: test
-
-test:
-	(cd bin/tests && ${MAKE} ${MAKEDEFS} test)
-
-FAQ: FAQ.xml
-	${XSLTPROC} doc/xsl/isc-docbook-text.xsl FAQ.xml | \
-	LC_ALL=C ${W3M} -T text/html -dump -cols 72 >$@.tmp
-	mv $@.tmp $@
-
-clean::
-	rm -f FAQ.tmp

README

@@ -1,3 +1,4 @@
+
 BIND 9
 
 	BIND version 9 is a major rewrite of nearly all aspects of the
@@ -10,7 +11,8 @@ BIND 9
 
 		- IP version 6
 			Answers DNS queries on IPv6 sockets
-			IPv6 resource records (AAAA)
+			IPv6 resource records (A6, DNAME, etc.)
+			Bitstring Labels
 			Experimental IPv6 Resolver Library
 
 		- DNS Protocol Enhancements
@@ -40,125 +42,99 @@ BIND 9
 		U.S. Defense Information Systems Agency
 		USENIX Association
 		Stichting NLnet - NLnet Foundation
-		Nominum, Inc.
 
-	For a summary of functional enhancements in previous
-	releases, see the HISTORY file.
 
-	For a detailed list of user-visible changes from
-	previous releases, see the CHANGES file.
+BIND 9.0.1
 
-BIND 9.7.0
+	BIND 9.0.1 is a maintenance release, containing fixes for a 
+	number of bugs in BIND 9.0.0 but no new features (with the 
+	exception of a few minor features added to dig, host, and 
+	nslookup).
 
-	BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
-	releases.  Most are intended to simplify DNSSEC configuration.
+	Like BIND 9.0.0, BIND 9.0.1 is primarily a name server software
+	distribution.  In addition to the name server, it also includes 
+	a new lightweight stub resolver library and associated resolver
+	daemon that fully support forward and reverse lookups of both
+	IPv4 and IPv6 addresses.  This library is still considered
+	experimental and is not a complete replacement for the BIND 8
+	resolver library.  In particular, applications that use the
+	BIND 8 res_* functions to perform DNS queries or dynamic
+	updates still need to be linked against the BIND 8 libraries.
 
-	New features include:
+	BIND 9.0.1 is capable of acting as an authoritative server
+	for DNSSEC secured zones.  This functionality is believed to
+	be stable and complete except for lacking support for wildcard
+	records in secure zones.
 
-	- Fully automatic signing of zones by "named".
-	- Simplified configuration of DNSSEC Lookaside Validation (DLV).
-	- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
-	  command line tool or the "local" update-policy option.  (As a side
-	  effect, this also makes it easier to configure automatic zone
-	  re-signing.)
-	- New named option "attach-cache" that allows multiple views to
-	  share a single cache.
-	- DNS rebinding attack prevention.
-	- New default values for dnssec-keygen parameters.
-	- Support for RFC 5011 automated trust anchor maintenance
-	- Smart signing: simplified tools for zone signing and key
-	  maintenance.
-	- The "statistics-channels" option is now available on Windows.
-	- A new DNSSEC-aware libdns API for use by non-BIND9 applications
-	- On some platforms, named and other binaries can now print out
-	  a stack backtrace on assertion failure, to aid in debugging.
-	- A "tools only" installation mode on Windows, which only installs
-	  dig, host, nslookup and nsupdate.
-	- Improved PKCS#11 support, including Keyper support and explicit
-	  OpenSSL engine selection.
+	When acting as a caching server, BIND 9.0.1 can be configured
+	to perform DNSSEC secure resolution on behalf of its clients.
+	This part of the DNSSEC implementation is still considered
+	experimental.  For detailed information about the state of the
+	DNSSEC implementation, see the file doc/misc/dnssec.
 
-	Known issues in this release:
+	There are a few known bugs:
 
-	- In rare cases, DNSSEC validation can leak memory.  When this 
-	  happens, it will cause an assertion failure when named exits,
-	  but is otherwise harmless.  A fix exists, but was too late for
-	  this release; it will be included in BIND 9.7.1.
+		The option "query-source * port 53;" will not work as
+		expected.  Instead of the wildcard address "*", you need 
+		to use an explicit source IP address.
 
-	Compatibility notes:
+		On some systems, IPv6 and IPv4 sockets interact in
+		unexpected ways.  For details, see doc/misc/ipv6.
+		To reduce the impact of these problems, the server
+		no longer listens for requests on IPv6 addresses
+		by default.  If you need to accept DNS queries over
+		IPv6, you must specify "listen-on-v6 { any; };"
+		in the named.conf options statement.
 
-	- If you had built BIND 9.6 with any of ALLOW_NSEC3PARAM_UPDATE,
-	  ALLOW_SECURE_TO_INSECURE or ALLOW_INSECURE_TO_SECURE defined, then
-	  you should ensure that all changes that are in progress have
-	  completed prior to upgrading to BIND 9.7.  BIND 9.7 implements
-	  those features in a way which is not backwards compatible.
+		There are known problems with thread signal handling 
+		under Solaris 2.6.
 
-	- Prior releases had a bug which caused HMAC-SHA* keys with long
-	  secrets to be used incorrectly.  Fixing this bug means that older
-	  versions of BIND 9 may fail to interoperate with this version
-	  when using TSIG keys.  If this occurs, the new "isc-hmac-fixup"
-	  tool will convert a key with a long secret into a form that works
-	  correctly with all versions of BIND 9.  See the "isc-hmac-fixup"
-	  man page for additional details.
+		The "isc_timer_reset" test sometimes fails on HP-UX 11
+		for unknown reasons, but the server itself seems to
+		run fine.
 
-	- Revoking a DNSSEC key with "dnssec-revoke" changes its key ID.
-	  It is possible for the new key ID to collide with that of a
-	  different key.  Newly generated keys will not have this problem,
-	  as "dnssec-keygen" looks for potential collisions before
-	  generating keys, but exercise caution if using key revokation
-	  with keys that were generated by older versions of BIND 9.  See
-	  the Administrator's Reference Manual, section 4.10 ("Dynamic
-	  Trust Anchor Management") for more details.
+		On FreeBSD systems, the server logs error messages
+		like "fcntl(8, F_SETFL, 4): Inappropriate ioctl for
+		device".  This is due to a bug in the FreeBSD
+		/dev/random device.  The bug has been reported
+		to the FreeBSD maintainers.  Versions of OpenBSD
+		prior to 2.8 have a similar problem.
 
-	- A bug was fixed in which a key's scheduled inactivity date was
-	  stored incorectly.  Users who participated in the 9.7.0 BETA test
-	  and had DNSSEC keys with scheduled inactivity dates will need to
-	  reset those keys' dates using "dnssec-settime -I".
+		The configure option --disable-ipv6 is not functional.
+
+		--with-libtool does not work on AIX.
+
+		Due to bugs in the dnssafe library, RSA keys longer
+		than 2000 bits are not supported.
 
 Building
 
 	BIND 9 currently requires a UNIX system with an ANSI C compiler,
-	basic POSIX support, and a 64 bit integer type.
+	basic POSIX support, and a good pthreads implementation.
 
 	We've had successful builds and tests on the following systems:
 
-		COMPAQ Tru64 UNIX 5.1B
-		Fedora Core 6
-		FreeBSD 4.10, 5.2.1, 6.2
-		HP-UX 11.11
-		Mac OS X 10.5
-		NetBSD 3.x, 4.0-beta, 5.0-beta
-		OpenBSD 3.3 and up
-		Solaris 8, 9, 9 (x86), 10
-		Ubuntu 7.04, 7.10
-		Windows XP/2003/2008
+		AIX 4.3
+		COMPAQ Tru64 UNIX 4.0D
+		COMPAQ Tru64 UNIX 5 (with IPv6 EAK)
+		FreeBSD 3.4-STABLE
+		HP-UX 11
+		IRIX64 6.5
+		NetBSD-current (with unproven-pthreads-0.17)
+		Red Hat Linux 6.0, 6.1, 6.2
+		Solaris 2.6, 7, 8
 
-        NOTE:  As of BIND 9.5.1, 9.4.3, and 9.3.6, older versions of
-        Windows, including Windows NT and Windows 2000, are no longer
-        supported.
+	Additionally, we have unverified reports of success from users
+	of the following systems:
 
-	We have recent reports from the user community that a supported
-	version of BIND will build and run on the following systems:
-
-		AIX 4.3, 5L
-		CentOS 4, 4.5, 5
-		Darwin 9.0.0d1/ARM
-		Debian 4
-		Fedora Core 5, 7
-		FreeBSD 6.1
-		HP-UX 11.23 PA
-		MacOS X 10.4, 10.5
-		Red Hat Enterprise Linux 4, 5
-		SCO OpenServer 5.0.6
-		Slackware 9, 10
-		SuSE 9, 10
+		Slackware Linux 7.0 with 2.4.0-test6 kernel and glibc 2.1.3
+		OpenBSD 2.6, 2.8, -current
 
 	To build, just
 
 		./configure
 		make
 
-	Do not use a parallel "make".
-
 	Several environment variables that can be set before running
 	configure will affect compilation:
 
@@ -168,7 +144,7 @@ Building
 
 	    CFLAGS
 		C compiler flags.  Defaults to include -g and/or -O2
-		as supported by the compiler.  
+		as supported by the compiler.
 
 	    STD_CINCLUDES
 		System header file directories.	 Can be used to specify
@@ -179,111 +155,29 @@ Building
 		Any additional preprocessor symbols you want defined.
 		Defaults to empty string.
 
-		Possible settings:
-		Change the default syslog facility of named/lwresd.
-		  -DISC_FACILITY=LOG_LOCAL0	
-		Enable DNSSEC signature chasing support in dig.
-		  -DDIG_SIGCHASE=1 (sets -DDIG_SIGCHASE_TD=1 and
-				    -DDIG_SIGCHASE_BU=1)
-		Disable dropping queries from particular well known ports.
-		  -DNS_CLIENT_DROPPORT=0
-	        Sibling glue checking in named-checkzone is enabled by default.
-		To disable the default check set.  -DCHECK_SIBLING=0
-		named-checkzone checks out-of-zone addresses by default.
-		To disable this default set.  -DCHECK_LOCAL=0
-		To create the default pid files in ${localstatedir}/run rather
-		than ${localstatedir}/run/{named,lwresd}/ set.
-		  -DNS_RUN_PID_DIR=0
-		Enable workaround for Solaris kernel bug about /dev/poll
-		  -DISC_SOCKET_USE_POLLWATCH=1
-		  The watch timeout is also configurable, e.g.,
-		  -DISC_SOCKET_POLLWATCH_TIMEOUT=20
-
-	    LDFLAGS
-		Linker flags. Defaults to empty string.
-
-	The following need to be set when cross compiling.
-
-	    BUILD_CC
-		The native C compiler.
-	    BUILD_CFLAGS (optional)
-	    BUILD_CPPFLAGS (optional)
-		Possible Settings:
-		-DNEED_OPTARG=1		(optarg is not declared in <unistd.h>)
-	    BUILD_LDFLAGS (optional)
-	    BUILD_LIBS (optional)
-
 	To build shared libraries, specify "--with-libtool" on the
 	configure command line.
 
-	For the server to support DNSSEC, you need to build it
-	with crypto support.  You must have OpenSSL 0.9.5a
-	or newer installed and specify "--with-openssl" on the
-	configure command line.  If OpenSSL is installed under
-	a nonstandard prefix, you can tell configure where to
-	look for it using "--with-openssl=/prefix".
-
-	On some platforms it is necessary to explictly request large
-	file support to handle files bigger than 2GB.  This can be
-	done by "--enable-largefile" on the configure command line.
-
-	On some platforms, BIND 9 can be built with multithreading
-	support, allowing it to take advantage of multiple CPUs.
-	You can specify whether to build a multithreaded BIND 9 
-	by specifying "--enable-threads" or "--disable-threads"
-	on the configure command line.  The default is operating
-	system dependent.
-
-        Support for the "fixed" rrset-order option can be enabled
-        or disabled by specifying "--enable-fixed-rrset" or
-        "--disable-fixed-rrset" on the configure command line.
-        The default is "disabled", to reduce memory footprint.
-
 	If your operating system has integrated support for IPv6, it
 	will be used automatically.  If you have installed KAME IPv6
 	separately, use "--with-kame[=PATH]" to specify its location.
+	
+	To see additional configure options, run "configure --help".
 
 	"make install" will install "named" and the various BIND 9 libraries.
 	By default, installation is into /usr/local, but this can be changed
 	with the "--prefix" option when running "configure".
 
-	You may specify the option "--sysconfdir" to set the directory 
-	where configuration files like "named.conf" go by default,
-	and "--localstatedir" to set the default parent directory
-	of "run/named.pid".   For backwards compatibility with BIND 8,
-	--sysconfdir defaults to "/etc" and --localstatedir defaults to
-	"/var" if no --prefix option is given.  If there is a --prefix
-	option, sysconfdir defaults to "$prefix/etc" and localstatedir
-	defaults to "$prefix/var".
-
-	To see additional configure options, run "configure --help".
-	Note that the help message does not reflect the BIND 8 
-	compatibility defaults for sysconfdir and localstatedir.
-
 	If you're planning on making changes to the BIND 9 source, you
 	should also "make depend".  If you're using Emacs, you might find
 	"make tags" helpful.
 
-	If you need to re-run configure please run "make distclean" first.
-	This will ensure that all the option changes take.
-
 	Building with gcc is not supported, unless gcc is the vendor's usual
 	compiler (e.g. the various BSD systems, Linux).
-	
-	Known compiler issues:
-	* gcc-3.2.1 and gcc-3.1.1 is known to cause problems with solaris-x86.
-	* gcc prior to gcc-3.2.3 ultrasparc generates incorrect code at -02.
-	* gcc-3.3.5 powerpc generates incorrect code at -02.
-	* Irix, MipsPRO 7.4.1m is known to cause problems.
 
-	A limited test suite can be run with "make test".  Many of
-	the tests require you to configure a set of virtual IP addresses
-	on your system, and some require Perl; see bin/tests/system/README
-	for details.
+	Parts of the library can be tested by running "make test" from the
+	bin/tests subdirectory.
 
-	SunOS 4 requires "printf" to be installed to make the shared
-	libraries.  sh-utils-1.16 provides a "printf" which compiles
-	on SunOS 4.
 
 Documentation
 
@@ -292,19 +186,14 @@ Documentation
 	doc/arm directory.
 
 	Some of the programs in the BIND 9 distribution have man pages
-	in their directories.  In particular, the command line
-	options of "named" are documented in /bin/named/named.8.
-	There is now also a set of man pages for the lwres library.
+	under the doc/man directory.  In particular, the command line
+	options of "named" are documented in doc/man/bind/named.8.
+
+	The man pages are currently not installed automatically by
+	"make install".
 
 	If you are upgrading from BIND 8, please read the migration
-	notes in doc/misc/migration.  If you are upgrading from
-	BIND 4, read doc/misc/migration-4to9.
-
-	Frequently asked questions and their answers can be found in
-	FAQ.
-
-        Additional information on various subjects can be found
-        in the other README files.
+	notes in doc/misc/migration.
 
 
 Bug Reports and Mailing Lists
@@ -313,18 +202,13 @@ Bug Reports and Mailing Lists
 
 		bind9-bugs@isc.org
 
-	To join the BIND Users mailing list, send mail to
+	To join the BIND 9 Users mailing list, send mail to
 
-		bind-users-request@isc.org
-
-	archives of which can be found via
-
-		http://www.isc.org/ops/lists/
+		bind9-users-request@isc.org
 
 	If you're planning on making changes to the BIND 9 source
-	code, you might want to join the BIND Workers mailing list.
+	code, you might want to join the BIND 9 Workers mailing list.
 	Send mail to
 
-		bind-workers-request@isc.org
-
+		bind9-workers-request@isc.org
 

REDIRECT-NOTES

@@ -0,0 +1,35 @@
+Redirect zones are used to find answers to queries when normal resolution
+would result in NXDOMAIN being returned.  Only one redirect zone per view
+is currently supported.
+
+To redirect to 100.100.100.2 and 2001:ffff:ffff::100.100.100.2 on NXDOMAIN
+one would configure the redirect zone like this.
+
+zone "." {
+	type redirect;
+	file "redirect.db";
+};
+
+redirect.db:
+$TTL 300
+@ IN SOA ns.example.net hostmaster.example.net 0 0 0 0 0
+@ IN NS ns.example.net
+;
+; NS records do not need address records in this zone as it is not in the
+; normal namespace.
+;
+*. IN A 100.100.100.2
+*. IN AAAA 2001:ffff:ffff::100.100.100.2
+
+To redirect all Spanish names (under .ES) one would use entries like these:
+
+*.ES. IN A 100.100.100.3
+*.ES. IN AAAA 2001:ffff:ffff::100.100.100.3
+
+To redirect all commercial Spanish names (under COM.ES) one would use
+entries like these:
+*.COM.ES. IN A 100.100.100.4
+*.COM.ES. IN AAAA 2001:ffff:ffff::100.100.100.4
+
+The redirect zone supports all possible types.  It is not limited to
+A and AAAA record.

TODO

@@ -0,0 +1,18 @@
+
+1.	Rdataset/Rdatalist Union
+2.	ev_ prefix for ISC_EVENT_COMMON
+3.	Finish mempool conversion of message.c
+4.	Improve buffer & region APIs (inline?)
+5.	isc/util.h publish or perish
+6.	magic number listing
+7.	Eliminate dns_result_t and old DNS_R_ codes
+8.	Check base 64 code; does it have the problems that
+	the BIND 8 code does?
+9.	Authority is optional if we have answers?
+10.	AD bit setting.
+11.	KEY duplication (answer + additional) in any query
+12.	Fix rdata META flag to be set for TSIG, TKEY, OPT
+13.	Intergrate (replace?) old per zone SOA timers with zomemgr
+14.	RWlock for zonemgr zone list
+15.	CHAOS A's
+16.	implement "doc" checks out of zonemgr.

acconfig.h

@@ -1,23 +1,21 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2008  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: acconfig.h,v 1.53 2008/12/01 23:47:44 tbox Exp $ */
-
-/*! \file */
+/* $Id: acconfig.h,v 1.23 2000/06/22 21:48:56 tale Exp $ */
 
 /***
  *** This file is not to be included by any public header files, because
@@ -25,91 +23,76 @@
  ***/
 @TOP@
 
-/** define on DEC OSF to enable 4.4BSD style sa_len support */
+/* define on DEC OSF to enable 4.4BSD style sa_len support */
 #undef _SOCKADDR_LEN
 
-/** define if your system needs pthread_init() before using pthreads */
+/* define if your system needs pthread_init() before using pthreads */
 #undef NEED_PTHREAD_INIT
 
-/** define if your system has sigwait() */
+/* define if your system has sigwait() */
 #undef HAVE_SIGWAIT
 
-/** define if sigwait() is the UnixWare flavor */
+/* define if sigwait() is the UnixWare flavor */
 #undef HAVE_UNIXWARE_SIGWAIT
 
-/** define on Solaris to get sigwait() to work using pthreads semantics */
+/* define on Solaris to get sigwait() to work using pthreads semantics */
 #undef _POSIX_PTHREAD_SEMANTICS
 
-/** define if LinuxThreads is in use */
+/* define if LinuxThreads is in use */
 #undef HAVE_LINUXTHREADS
 
-/** define if sysconf() is available */
+/* define if sysconf() is available */
 #undef HAVE_SYSCONF
 
-/** define if sysctlbyname() is available */
-#undef HAVE_SYSCTLBYNAME
-
-/** define if catgets() is available */
+/* define if catgets() is available */
 #undef HAVE_CATGETS
 
-/** define if getifaddrs() exists */
-#undef HAVE_GETIFADDRS
-
-/** define if you have the NET_RT_IFLIST sysctl variable and sys/sysctl.h */
+/* define if you have the NET_RT_IFLIST sysctl variable. */
 #undef HAVE_IFLIST_SYSCTL
 
-/** define if tzset() is available */
-#undef HAVE_TZSET
+/* define if you need to #define _XPG4_2 before including sys/socket.h */
+#undef NEED_XPG4_2_BEFORE_SOCKET_H
 
-/** define if struct addrinfo exists */
+/* define if you need to #define _XOPEN_SOURCE_ENTENDED before including
+ * sys/socket.h
+ */
+#undef NEED_XSE_BEFORE_SOCKET_H
+
+/* define if chroot() is available */
+#undef HAVE_CHROOT
+
+/* define if struct addrinfo exists */
 #undef HAVE_ADDRINFO
 
-/** define if getaddrinfo() exists */
+/* define is getaddrinfo() exists */
 #undef HAVE_GETADDRINFO
 
-/** define if gai_strerror() exists */
-#undef HAVE_GAISTRERROR
-
-/** define if arc4random() exists */
-#undef HAVE_ARC4RANDOM
-
-/**
- * define if pthread_setconcurrency() should be called to tell the
+/* define if pthread_setconcurrency() should be called to tell the
  * OS how many threads we might want to run.
  */
 #undef CALL_PTHREAD_SETCONCURRENCY
 
-/** define if IPv6 is not disabled */
-#undef WANT_IPV6
-
-/** define if flockfile() is available */
-#undef HAVE_FLOCKFILE
-
-/** define if getc_unlocked() is available */
-#undef HAVE_GETCUNLOCKED
-
-/** Shut up warnings about sputaux in stdio.h on BSD/OS pre-4.1 */
+/* Shut up warnings about sputaux in stdio.h on BSD/OS pre-4.1 */
 #undef SHUTUP_SPUTAUX
 #ifdef SHUTUP_SPUTAUX
 struct __sFILE;
 extern __inline int __sputaux(int _c, struct __sFILE *_p);
 #endif
 
-/** Shut up warnings about missing sigwait prototype on BSD/OS 4.0* */
+/* Shut up warnings about missing sigwait prototype on BSD/OS 4.0* */
 #undef SHUTUP_SIGWAIT
 #ifdef SHUTUP_SIGWAIT
 int sigwait(const unsigned int *set, int *sig);
 #endif
 
-/** Shut up warnings from gcc -Wcast-qual on BSD/OS 4.1. */
+/* Shut up warnings from gcc -Wcast-qual on BSD/OS 4.1. */
 #undef SHUTUP_STDARG_CAST
 #if defined(SHUTUP_STDARG_CAST) && defined(__GNUC__)
-#include <stdarg.h>		/** Grr.  Must be included *every time*. */
-/**
+#include <stdarg.h>		/* Grr.  Must be included *every time*. */
+/*
  * The silly continuation line is to keep configure from
  * commenting out the #undef.
  */
-
 #undef \
 	va_start
 #define	va_start(ap, last) \
@@ -118,28 +101,4 @@ int sigwait(const unsigned int *set, int *sig);
 		_u.konst = &(last); \
 		ap = (va_list)(_u.var + __va_words(__typeof(last))); \
 	} while (0)
-#endif /** SHUTUP_STDARG_CAST && __GNUC__ */
-
-/** define if the system has a random number generating device */
-#undef PATH_RANDOMDEV
-
-/** define if pthread_attr_getstacksize() is available */
-#undef HAVE_PTHREAD_ATTR_GETSTACKSIZE
-
-/** define if pthread_attr_setstacksize() is available */
-#undef HAVE_PTHREAD_ATTR_SETSTACKSIZE
-
-/** define if you have strerror in the C library. */
-#undef HAVE_STRERROR
-
-/** Define if you are running under Compaq TruCluster. */
-#undef HAVE_TRUCLUSTER
-
-/* Define if OpenSSL includes DSA support */
-#undef HAVE_OPENSSL_DSA
-
-/* Define to the length type used by the socket API (socklen_t, size_t, int). */
-#undef ISC_SOCKADDR_LEN_T
-
-/* Define if threads need PTHREAD_SCOPE_SYSTEM */
-#undef NEED_PTHREAD_SCOPE_SYSTEM
+#endif /* SHUTUP_STDARG_CAST && __GNUC__ */

bin/Makefile.in

@@ -1,26 +1,25 @@
-# Copyright (C) 2004, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 1998-2001  Internet Software Consortium.
-#
-# Permission to use, copy, modify, and/or distribute this software for any
+# Copyright (C) 1998-2000  Internet Software Consortium.
+# 
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+# SOFTWARE.
 
-# $Id: Makefile.in,v 1.29 2009/10/05 12:07:08 fdupont Exp $
+# $Id: Makefile.in,v 1.15.2.2 2000/06/29 00:05:25 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
-SUBDIRS =	named rndc dig dnssec tests tools nsupdate \
-		check confgen @PKCS11_TOOLS@
+SUBDIRS =	named rndc dig dnssec tests nsupdate
 TARGETS =
 
 @BIND9_MAKE_RULES@

bin/check/check-tool.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.39 2009/09/01 00:22:24 jinmei Exp $ */
+/* $Id: check-tool.c,v 1.44 2011/12/22 07:32:39 each Exp $ */
 
 /*! \file */
 
@@ -23,6 +23,10 @@
 
 #include <stdio.h>
 
+#ifdef _WIN32
+#include <Winsock2.h>
+#endif
+
 #include "check-tool.h"
 #include <isc/buffer.h>
 #include <isc/log.h>
@@ -631,7 +635,8 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 /*% dump the zone */
 isc_result_t
 dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
-	  dns_masterformat_t fileformat, const dns_master_style_t *style)
+	  dns_masterformat_t fileformat, const dns_master_style_t *style,
+	  const isc_uint32_t rawversion)
 {
 	isc_result_t result;
 	FILE *output = stdout;
@@ -654,10 +659,33 @@ dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
 		}
 	}
 
-	result = dns_zone_dumptostream2(zone, output, fileformat, style);
-
+	result = dns_zone_dumptostream3(zone, output, fileformat, style,
+					rawversion);
 	if (output != stdout)
 		(void)isc_stdio_close(output);
 
 	return (result);
 }
+
+#ifdef _WIN32
+void
+InitSockets(void) {
+	WORD wVersionRequested;
+	WSADATA wsaData;
+	int err;
+
+	wVersionRequested = MAKEWORD(2, 0);
+
+	err = WSAStartup( wVersionRequested, &wsaData );
+	if (err != 0) {
+		fprintf(stderr, "WSAStartup() failed: %d\n", err);
+		exit(1);
+	}
+}
+
+void
+DestroySockets(void) {
+	WSACleanup();
+}
+#endif
+

bin/check/check-tool.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2010, 2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.h,v 1.14 2007/06/18 23:47:17 tbox Exp $ */
+/* $Id: check-tool.h,v 1.18 2011/12/09 23:47:02 tbox Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H
@@ -41,7 +41,13 @@ load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
 
 isc_result_t
 dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
-	  dns_masterformat_t fileformat, const dns_master_style_t *style);
+	  dns_masterformat_t fileformat, const dns_master_style_t *style,
+	  const isc_uint32_t rawversion);
+
+#ifdef _WIN32
+void InitSockets(void);
+void DestroySockets(void);
+#endif
 
 extern int debug;
 extern isc_boolean_t nomerge;

bin/check/named-checkconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007, 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.53 2010/03/09 23:51:06 tbox Exp $ */
+/* $Id: named-checkconf.c,v 1.56 2011/03/12 04:59:46 tbox Exp $ */
 
 /*! \file */
 
@@ -190,7 +190,7 @@ configure_zone(const char *vclass, const char *view,
 		if (obj != NULL)
 			maps[i++] = obj;
 	}
-	maps[i++] = NULL;
+	maps[i] = NULL;
 
 	cfg_map_get(zoptions, "type", &typeobj);
 	if (typeobj == NULL)
@@ -488,6 +488,10 @@ main(int argc, char **argv) {
 	if (conffile == NULL || conffile[0] == '\0')
 		conffile = NAMED_CONFFILE;
 
+#ifdef _WIN32
+	InitSockets();
+#endif
+
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 
 	RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
@@ -531,5 +535,9 @@ main(int argc, char **argv) {
 
 	isc_mem_destroy(&mctx);
 
+#ifdef _WIN32
+	DestroySockets();
+#endif
+
 	return (exit_status);
 }

bin/check/named-checkzone.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkzone.8,v 1.47 2010/01/17 01:14:02 tbox Exp $
+.\" $Id: named-checkzone.8,v 1.49 2011/12/22 18:10:10 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -33,9 +33,9 @@
 named\-checkzone, named\-compilezone \- zone file validity checking or converting tool
 .SH "SYNOPSIS"
 .HP 16
-\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
+\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
 .HP 18
-\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
+\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
 .SH "DESCRIPTION"
 .PP
 \fBnamed\-checkzone\fR
@@ -139,11 +139,19 @@ Specify the format of the zone file. Possible formats are
 .PP
 \-F \fIformat\fR
 .RS 4
-Specify the format of the output file specified. Possible formats are
+Specify the format of the output file specified. For
+\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
+.sp
+Possible formats are
 \fB"text"\fR
 (default) and
-\fB"raw"\fR. For
-\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
+\fB"raw"\fR
+or
+\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
+\fBnamed\fR.
+\fB"raw=N"\fR
+specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
+\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1.
 .RE
 .PP
 \-k \fImode\fR
@@ -160,6 +168,11 @@ checks with the specified failure mode. Possible modes are
 \fB"ignore"\fR.
 .RE
 .PP
+\-L \fIserial\fR
+.RS 4
+When compiling a zone to 'raw' format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
+.RE
+.PP
 \-m \fImode\fR
 .RS 4
 Specify whether MX records should be checked to see if they are addresses. Possible modes are
@@ -281,7 +294,7 @@ BIND 9 Administrator Reference Manual.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2007, 2009\-2011 Internet Systems Consortium, Inc. ("ISC")
 .br
 Copyright \(co 2000\-2002 Internet Software Consortium.
 .br

bin/check/named-checkzone.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.59 2009/12/04 22:06:37 tbox Exp $ */
+/* $Id: named-checkzone.c,v 1.65 2011/12/22 17:29:22 each Exp $ */
 
 /*! \file */
 
@@ -39,6 +39,7 @@
 #include <dns/db.h>
 #include <dns/fixedname.h>
 #include <dns/log.h>
+#include <dns/master.h>
 #include <dns/masterdump.h>
 #include <dns/name.h>
 #include <dns/rdataclass.h>
@@ -112,7 +113,12 @@ main(int argc, char **argv) {
 	const char *outputformatstr = NULL;
 	dns_masterformat_t inputformat = dns_masterformat_text;
 	dns_masterformat_t outputformat = dns_masterformat_text;
+	dns_masterrawheader_t header;
+	isc_uint32_t rawversion = 1, serialnum = 0;
+	isc_boolean_t snset = ISC_FALSE;
+	isc_boolean_t logdump = ISC_FALSE;
 	FILE *errout = stdout;
+	char *endp;
 
 	outputstyle = &dns_master_style_full;
 
@@ -156,7 +162,7 @@ main(int argc, char **argv) {
 	isc_commandline_errprint = ISC_FALSE;
 
 	while ((c = isc_commandline_parse(argc, argv,
-				       "c:df:hi:jk:m:n:qr:s:t:o:vw:DF:M:S:W:"))
+			       "c:df:hi:jk:L:m:n:qr:s:t:o:vw:DF:M:S:W:"))
 	       != EOF) {
 		switch (c) {
 		case 'c':
@@ -234,6 +240,17 @@ main(int argc, char **argv) {
 			}
 			break;
 
+		case 'L':
+			snset = ISC_TRUE;
+			endp = NULL;
+			serialnum = strtol(isc_commandline_argument, &endp, 0);
+			if (*endp != '\0') {
+				fprintf(stderr, "source serial number "
+						"must be numeric");
+				exit(1);
+			}
+			break;
+
 		case 'n':
 			if (ARGCMP("ignore")) {
 				zone_options &= ~(DNS_ZONEOPT_CHECKNS|
@@ -397,7 +414,11 @@ main(int argc, char **argv) {
 			inputformat = dns_masterformat_text;
 		else if (strcasecmp(inputformatstr, "raw") == 0)
 			inputformat = dns_masterformat_raw;
-		else {
+		else if (strncasecmp(inputformatstr, "raw=", 4) == 0) {
+			inputformat = dns_masterformat_raw;
+			fprintf(stderr,
+				"WARNING: input format raw, version ignored\n");
+		} else {
 			fprintf(stderr, "unknown file format: %s\n",
 			    inputformatstr);
 			exit(1);
@@ -405,11 +426,22 @@ main(int argc, char **argv) {
 	}
 
 	if (outputformatstr != NULL) {
-		if (strcasecmp(outputformatstr, "text") == 0)
+		if (strcasecmp(outputformatstr, "text") == 0) {
 			outputformat = dns_masterformat_text;
-		else if (strcasecmp(outputformatstr, "raw") == 0)
+		} else if (strcasecmp(outputformatstr, "raw") == 0) {
 			outputformat = dns_masterformat_raw;
-		else {
+		} else if (strncasecmp(outputformatstr, "raw=", 4) == 0) {
+			char *end;
+
+			outputformat = dns_masterformat_raw;
+			rawversion = strtol(outputformatstr + 4, &end, 10);
+			if (end == outputformatstr + 4 || *end != '\0' ||
+			    rawversion > 1U) {
+				fprintf(stderr,
+					"unknown raw format version\n");
+				exit(1);
+			}
+		} else {
 			fprintf(stderr, "unknown file format: %s\n",
 				outputformatstr);
 			exit(1);
@@ -418,6 +450,7 @@ main(int argc, char **argv) {
 
 	if (progmode == progmode_compile) {
 		dumpzone = 1;	/* always dump */
+		logdump = !quiet;
 		if (output_filename == NULL) {
 			fprintf(stderr,
 				"output file required, but not specified\n");
@@ -436,12 +469,18 @@ main(int argc, char **argv) {
 	    (output_filename == NULL ||
 	     strcmp(output_filename, "-") == 0 ||
 	     strcmp(output_filename, "/dev/fd/1") == 0 ||
-	     strcmp(output_filename, "/dev/stdout") == 0))
+	     strcmp(output_filename, "/dev/stdout") == 0)) {
 		errout = stderr;
+		logdump = ISC_FALSE;
+	}
 
 	if (isc_commandline_index + 2 != argc)
 		usage();
 
+#ifdef _WIN32
+	InitSockets();
+#endif
+
 	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
 	if (!quiet)
 		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
@@ -457,14 +496,21 @@ main(int argc, char **argv) {
 	result = load_zone(mctx, origin, filename, inputformat, classname,
 			   &zone);
 
+	if (snset) {
+		dns_master_initrawheader(&header);
+		header.flags = DNS_MASTERRAW_SOURCESERIALSET;
+		header.sourceserial = serialnum;
+		dns_zone_setrawdata(zone, &header);
+	}
+
 	if (result == ISC_R_SUCCESS && dumpzone) {
-		if (!quiet && progmode == progmode_compile) {
+		if (logdump) {
 			fprintf(errout, "dump zone to %s...", output_filename);
 			fflush(errout);
 		}
 		result = dump_zone(origin, zone, output_filename,
-				   outputformat, outputstyle);
-		if (!quiet && progmode == progmode_compile)
+				   outputformat, outputstyle, rawversion);
+		if (logdump)
 			fprintf(errout, "done\n");
 	}
 
@@ -476,5 +522,8 @@ main(int argc, char **argv) {
 	isc_hash_destroy();
 	isc_entropy_detach(&ectx);
 	isc_mem_destroy(&mctx);
+#ifdef _WIN32
+	DestroySockets();
+#endif
 	return ((result == ISC_R_SUCCESS) ? 0 : 1);
 }

bin/check/named-checkzone.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007, 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009-2011  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkzone.docbook,v 1.40 2010/01/16 23:48:15 tbox Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.44 2011/12/22 07:32:39 each Exp $ -->
 <refentry id="man.named-checkzone">
   <refentryinfo>
     <date>June 13, 2000</date>
@@ -38,6 +38,7 @@
       <year>2007</year>
       <year>2009</year>
       <year>2010</year>
+      <year>2011</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -70,6 +71,7 @@
       <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
+      <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
       <arg><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
       <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
@@ -95,6 +97,7 @@
       <arg><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
+      <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
       <arg><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">style</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
@@ -247,12 +250,20 @@
 	<listitem>
 	  <para>
 	    Specify the format of the output file specified.
-	    Possible formats are <command>"text"</command> (default)
-	    and <command>"raw"</command>.
 	    For <command>named-checkzone</command>,
 	    this does not cause any effects unless it dumps the zone
 	    contents.
 	  </para>
+	  <para>
+	    Possible formats are <command>"text"</command> (default)
+	    and <command>"raw"</command> or <command>"raw=N"</command>,
+            which store the zone in a binary format for rapid loading
+            by <command>named</command>.  <command>"raw=N"</command>
+            specifies the format version of the raw zone file: if N
+            is 0, the raw file can be read by any version of
+            <command>named</command>; if N is 1, the file can be read
+            by release 9.9.0 or higher.  The default is 1.
+	  </para>
 	</listitem>
       </varlistentry>
 
@@ -271,6 +282,17 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-L <replaceable class="parameter">serial</replaceable></term>
+        <listitem>
+          <para>
+            When compiling a zone to 'raw' format, set the "source serial" 
+            value in the header to the specified serial number.  (This is
+            expected to be used primarily for testing purposes.)
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-m <replaceable class="parameter">mode</replaceable></term>
         <listitem>

bin/check/named-checkzone.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004-2007, 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2007, 2009-2011 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: named-checkzone.html,v 1.47 2010/01/17 01:14:02 tbox Exp $ -->
+<!-- $Id: named-checkzone.html,v 1.49 2011/12/22 18:10:10 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,11 +29,11 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
-<div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-checkzone</code>  [<code class="option">-d</code>] [<code class="option">-h</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
+<div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>} {zonename} {filename}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543694"></a><h2>DESCRIPTION</h2>
+<a name="id2543715"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       checks the syntax and integrity of a zone file.  It performs the
       same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -53,7 +53,7 @@
      </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543730"></a><h2>OPTIONS</h2>
+<a name="id2543750"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-d</span></dt>
 <dd><p>
@@ -128,14 +128,24 @@
 	    and <span><strong class="command">"raw"</strong></span>.
 	  </p></dd>
 <dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt>
-<dd><p>
+<dd>
+<p>
 	    Specify the format of the output file specified.
-	    Possible formats are <span><strong class="command">"text"</strong></span> (default)
-	    and <span><strong class="command">"raw"</strong></span>.
 	    For <span><strong class="command">named-checkzone</strong></span>,
 	    this does not cause any effects unless it dumps the zone
 	    contents.
-	  </p></dd>
+	  </p>
+<p>
+	    Possible formats are <span><strong class="command">"text"</strong></span> (default)
+	    and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
+            which store the zone in a binary format for rapid loading
+            by <span><strong class="command">named</strong></span>.  <span><strong class="command">"raw=N"</strong></span>
+            specifies the format version of the raw zone file: if N
+            is 0, the raw file can be read by any version of
+            <span><strong class="command">named</strong></span>; if N is 1, the file can be read
+            by release 9.9.0 or higher.  The default is 1.
+	  </p>
+</dd>
 <dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
 <dd><p>
             Perform <span><strong class="command">"check-names"</strong></span> checks with the
@@ -146,6 +156,12 @@
 	    (default for <span><strong class="command">named-checkzone</strong></span>) and
             <span><strong class="command">"ignore"</strong></span>.
           </p></dd>
+<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
+<dd><p>
+            When compiling a zone to 'raw' format, set the "source serial" 
+            value in the header to the specified serial number.  (This is
+            expected to be used primarily for testing purposes.)
+          </p></dd>
 <dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt>
 <dd><p>
             Specify whether MX records should be checked to see if they
@@ -247,14 +263,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544377"></a><h2>RETURN VALUES</h2>
+<a name="id2544499"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544389"></a><h2>SEE ALSO</h2>
+<a name="id2544579"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">named-checkconf</span>(8)</span>,
       <em class="citetitle">RFC 1035</em>,
@@ -262,7 +278,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544422"></a><h2>AUTHOR</h2>
+<a name="id2544612"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/confgen/ddns-confgen.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009, 2011  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: ddns-confgen.c,v 1.9 2009/09/29 15:06:05 fdupont Exp $ */
+/* $Id: ddns-confgen.c,v 1.11 2011/03/12 04:59:46 tbox Exp $ */
 
 /*! \file */
 
@@ -160,6 +160,7 @@ main(int argc, char **argv) {
 
 	argc -= isc_commandline_index;
 	argv += isc_commandline_index;
+	POST(argv);
 
 	if (self_domain != NULL && zone != NULL)
 		usage(1);	/* -s and -z cannot coexist */

bin/confgen/rndc-confgen.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2007-2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007-2009, 2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001, 2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: rndc-confgen.c,v 1.5 2009/09/29 15:06:05 fdupont Exp $ */
+/* $Id: rndc-confgen.c,v 1.7 2011/03/12 04:59:46 tbox Exp $ */
 
 /*! \file */
 
@@ -200,6 +200,7 @@ main(int argc, char **argv) {
 
 	argc -= isc_commandline_index;
 	argv += isc_commandline_index;
+	POST(argv);
 
 	if (argc > 0)
 		usage(1);

bin/dig/.cvsignore

@@ -2,5 +2,3 @@ Makefile
 dig
 host
 nslookup
-*.lo
-.libs

bin/dig/Makefile.in

@@ -1,19 +1,19 @@
-# Copyright (C) 2004, 2005, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2000-2002  Internet Software Consortium.
+# Copyright (C) 2000  Internet Software Consortium.
 #
-# Permission to use, copy, modify, and/or distribute this software for any
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
 #
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
+# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+# DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+# INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+# FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+# NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+# WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.47 2009/12/05 23:31:40 each Exp $
+# $Id: Makefile.in,v 1.10.2.4 2000/10/21 01:35:17 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,39 +21,26 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-@BIND9_MAKE_INCLUDES@
+@BIND9_INCLUDES@
 
-CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${BIND9_INCLUDES} \
-		${ISC_INCLUDES} ${LWRES_INCLUDES} ${ISCCFG_INCLUDES}
+CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES}
 
 CDEFINES =	-DVERSION=\"${VERSION}\"
 CWARNINGS =
 
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-BIND9LIBS =	../../lib/bind9/libbind9.@A@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@
 ISCLIBS =	../../lib/isc/libisc.@A@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
-LWRESLIBS =	../../lib/lwres/liblwres.@A@
 
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
-BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
-LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@
 
-DEPLIBS =	${DNSDEPLIBS} ${BIND9DEPLIBS} ${ISCDEPLIBS} ${ISCCFGDEPLIBS} \
-		${LWRESDEPLIBS}
+DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
 
-LIBS =		${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
-		${ISCLIBS} @IDNLIBS@ @LIBS@
-
-NOSYMLIBS =	${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
-		${ISCNOSYMLIBS} @IDNLIBS@ @LIBS@
+LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
 
 SUBDIRS =
 
-TARGETS =	dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@
+TARGETS =	dig host nslookup
 
 OBJS =		dig.@O@ dighost.@O@ host.@O@ nslookup.@O@
 
@@ -61,45 +48,26 @@ UOBJS =
 
 SRCS =		dig.c dighost.c host.c nslookup.c
 
-MANPAGES =	dig.1 host.1 nslookup.1
-
-HTMLPAGES =	dig.html host.html nslookup.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
-
 @BIND9_MAKE_RULES@
 
-dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \
-	${FINALBUILDCMD}
+dig: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dig.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
-host@EXEEXT@: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	export BASEOBJS="host.@O@ dighost.@O@ ${UOBJS}"; \
-	${FINALBUILDCMD}
+host: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ host.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
-nslookup@EXEEXT@: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	export BASEOBJS="nslookup.@O@ dighost.@O@ ${UOBJS}"; \
-	${FINALBUILDCMD}
+nslookup: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ nslookup.@O@ dighost.@O@ ${UOBJS} ${LIBS}
 
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-clean distclean maintainer-clean::
+clean distclean::
 	rm -f ${TARGETS}
 
 installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
+	if [ ! -d ${DESTDIR}${bindir} ]; then \
+		mkdir ${DESTDIR}${bindir}; \
+	fi
 
-install:: dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
-		dig@EXEEXT@ ${DESTDIR}${bindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
-		host@EXEEXT@ ${DESTDIR}${bindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
-		nslookup@EXEEXT@ ${DESTDIR}${bindir}
-	for m in ${MANPAGES}; do \
-		${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1; \
-		done
+install:: dig host nslookup installdirs
+	${LIBTOOL} ${INSTALL_PROGRAM} dig ${DESTDIR}${bindir}
+	${LIBTOOL} ${INSTALL_PROGRAM} host ${DESTDIR}${bindir}
+	${LIBTOOL} ${INSTALL_PROGRAM} nslookup ${DESTDIR}${bindir}

bin/dig/dig.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dig.1,v 1.54 2010/03/05 01:14:15 tbox Exp $
+.\" $Id: dig.1,v 1.56 2011/11/05 01:14:48 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -291,7 +291,7 @@ A synonym for
 .PP
 \fB+[no]adflag\fR
 .RS 4
-Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated.
+Set [do not set] the AD (authentic data) bit in the query. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range. AD=0 indicate that some part of the answer was insecure or not validated. This bit is set by default.
 .RE
 .PP
 \fB+[no]cdflag\fR
@@ -332,6 +332,9 @@ attempts to find the authoritative name servers for the zone containing the name
 Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
 \fBdig\fR
 makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
+.sp
+\fB+dnssec\fR
+is also set when +trace is set to better emulate the default queries from a nameserver.
 .RE
 .PP
 \fB+[no]cmd\fR
@@ -358,6 +361,24 @@ option is enabled. If short form answers are requested, the default is not to sh
 Toggle the display of comment lines in the output. The default is to print comments.
 .RE
 .PP
+\fB+[no]rrcomments\fR
+.RS 4
+Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records). The default is not to print record comments unless multiline mode is active.
+.RE
+.PP
+\fB+split=W\fR
+.RS 4
+Split long hex\- or base64\-formatted fields in resource records into chunks of
+\fIW\fR
+characters (where
+\fIW\fR
+is rounded up to the nearest multiple of 4).
+\fI+nosplit\fR
+or
+\fI+split=0\fR
+causes fields not to be split at all. The default is 56 characters, or 44 characters when multiline mode is active.
+.RE
+.PP
 \fB+[no]stats\fR
 .RS 4
 This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
@@ -445,7 +466,7 @@ bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively
 .RS 4
 Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
 \fB+noedns\fR
-clears the remembered EDNS version.
+clears the remembered EDNS version. EDNS is set to 0 by default.
 .RE
 .PP
 \fB+[no]multiline\fR
@@ -567,7 +588,7 @@ RFC1035.
 .PP
 There are probably too many query options.
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2011 Internet Systems Consortium, Inc. ("ISC")
 .br
 Copyright \(co 2000\-2003 Internet Software Consortium.
 .br

bin/dig/dig.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2011  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dig.docbook,v 1.47 2010/03/04 23:50:34 tbox Exp $ -->
+<!-- $Id: dig.docbook,v 1.51 2011/11/04 11:02:50 jreed Exp $ -->
 <refentry id="man.dig">
 
   <refentryinfo>
@@ -45,6 +45,7 @@
       <year>2008</year>
       <year>2009</year>
       <year>2010</year>
+      <year>2011</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -460,7 +461,8 @@
 	      policy of the server.  AD=1 indicates that all records
 	      have been validated as secure and the answer is not
 	      from a OPT-OUT range.  AD=0 indicate that some part
-	      of the answer was insecure or not validated.
+	      of the answer was insecure or not validated.  This
+	      bit is set by default.
 	    </para>
 	  </listitem>
 	</varlistentry>
@@ -497,19 +499,17 @@
 
         <varlistentry>
           <term><option>+[no]recurse</option></term>
-          <listitem>
-            <para>
-              Toggle the setting of the RD (recursion desired) bit in the
-              query.
-              This bit is set by default, which means <command>dig</command>
-              normally sends recursive queries.  Recursion is automatically
-              disabled
-              when the <parameter>+nssearch</parameter> or
-              <parameter>+trace</parameter> query options are
-              used.
-            </para>
-          </listitem>
-        </varlistentry>
+	  <listitem>
+	    <para>
+	      Toggle the setting of the RD (recursion desired) bit
+	      in the query.  This bit is set by default, which means
+	      <command>dig</command> normally sends recursive
+	      queries.  Recursion is automatically disabled when
+	      the <parameter>+nssearch</parameter> or
+	      <parameter>+trace</parameter> query options are used.
+	    </para>
+	  </listitem>
+	</varlistentry>
 
         <varlistentry>
           <term><option>+[no]nssearch</option></term>
@@ -529,20 +529,21 @@
         <varlistentry>
           <term><option>+[no]trace</option></term>
           <listitem>
-            <para>
-              Toggle tracing of the delegation path from the root name servers
-              for
-              the name being looked up.  Tracing is disabled by default.  When
-              tracing is enabled, <command>dig</command> makes
-              iterative queries to
-              resolve the name being looked up.  It will follow referrals from
-              the
-              root servers, showing the answer from each server that was used
-              to
-              resolve the lookup.
-            </para>
-          </listitem>
-        </varlistentry>
+	    <para>
+	      Toggle tracing of the delegation path from the root
+	      name servers for the name being looked up.  Tracing
+	      is disabled by default.  When tracing is enabled,
+	      <command>dig</command> makes iterative queries to
+	      resolve the name being looked up.  It will follow
+	      referrals from the root servers, showing the answer
+	      from each server that was used to resolve the lookup.
+	    </para>
+	    <para>
+	      <command>+dnssec</command> is also set when +trace is
+	      set to better emulate the default queries from a nameserver.
+	    </para>
+	  </listitem>
+	</varlistentry>
 
         <varlistentry>
           <term><option>+[no]cmd</option></term>
@@ -587,8 +588,35 @@
           <listitem>
             <para>
               Toggle the display of comment lines in the output.  The default
-              is to
-              print comments.
+              is to print comments.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><option>+[no]rrcomments</option></term>
+          <listitem>
+            <para>
+              Toggle the display of per-record comments in the output (for
+              example, human-readable key information about DNSKEY records).
+              The default is not to print record comments unless multiline
+              mode is active.
+            </para>
+          </listitem>
+        </varlistentry>
+
+        <varlistentry>
+          <term><option>+split=W</option></term>
+          <listitem>
+            <para>
+              Split long hex- or base64-formatted fields in resource
+              records into chunks of <parameter>W</parameter> characters
+              (where <parameter>W</parameter> is rounded up to the nearest
+              multiple of 4).
+              <parameter>+nosplit</parameter> or
+              <parameter>+split=0</parameter> causes fields not to be
+              split at all.  The default is 56 characters, or 44 characters
+              when multiline mode is active.
             </para>
           </listitem>
         </varlistentry>
@@ -748,9 +776,10 @@
 	  <listitem>
 	    <para>
 	       Specify the EDNS version to query with.  Valid values
-	       are 0 to 255.  Setting the EDNS version will cause a
-	       EDNS query to be sent.  <option>+noedns</option> clears the
-	       remembered EDNS version.
+	       are 0 to 255.  Setting the EDNS version will cause
+	       a EDNS query to be sent.  <option>+noedns</option>
+	       clears the remembered EDNS version.  EDNS is set to
+	       0 by default.
 	    </para>
 	  </listitem>
 	</varlistentry>

bin/dig/dig.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2011 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dig.html,v 1.49 2010/03/05 01:14:15 tbox Exp $ -->
+<!-- $Id: dig.html,v 1.51 2011/11/05 01:14:48 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -34,7 +34,7 @@
 <div class="cmdsynopsis"><p><code class="command">dig</code>  [global-queryopt...] [query...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543522"></a><h2>DESCRIPTION</h2>
+<a name="id2543525"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dig</strong></span>
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -80,7 +80,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543595"></a><h2>SIMPLE USAGE</h2>
+<a name="id2543598"></a><h2>SIMPLE USAGE</h2>
 <p>
       A typical invocation of <span><strong class="command">dig</strong></span> looks like:
       </p>
@@ -126,7 +126,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543686"></a><h2>OPTIONS</h2>
+<a name="id2543689"></a><h2>OPTIONS</h2>
 <p>
       The <code class="option">-b</code> option sets the source IP address of the query
       to <em class="parameter"><code>address</code></em>.  This must be a valid
@@ -230,7 +230,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544035"></a><h2>QUERY OPTIONS</h2>
+<a name="id2544038"></a><h2>QUERY OPTIONS</h2>
 <p><span><strong class="command">dig</strong></span>
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -315,7 +315,8 @@
 	      policy of the server.  AD=1 indicates that all records
 	      have been validated as secure and the answer is not
 	      from a OPT-OUT range.  AD=0 indicate that some part
-	      of the answer was insecure or not validated.
+	      of the answer was insecure or not validated.  This
+	      bit is set by default.
 	    </p></dd>
 <dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
 <dd><p>
@@ -334,15 +335,13 @@
             </p></dd>
 <dt><span class="term"><code class="option">+[no]recurse</code></span></dt>
 <dd><p>
-              Toggle the setting of the RD (recursion desired) bit in the
-              query.
-              This bit is set by default, which means <span><strong class="command">dig</strong></span>
-              normally sends recursive queries.  Recursion is automatically
-              disabled
-              when the <em class="parameter"><code>+nssearch</code></em> or
-              <em class="parameter"><code>+trace</code></em> query options are
-              used.
-            </p></dd>
+	      Toggle the setting of the RD (recursion desired) bit
+	      in the query.  This bit is set by default, which means
+	      <span><strong class="command">dig</strong></span> normally sends recursive
+	      queries.  Recursion is automatically disabled when
+	      the <em class="parameter"><code>+nssearch</code></em> or
+	      <em class="parameter"><code>+trace</code></em> query options are used.
+	    </p></dd>
 <dt><span class="term"><code class="option">+[no]nssearch</code></span></dt>
 <dd><p>
               When this option is set, <span><strong class="command">dig</strong></span>
@@ -354,18 +353,21 @@
               zone.
             </p></dd>
 <dt><span class="term"><code class="option">+[no]trace</code></span></dt>
-<dd><p>
-              Toggle tracing of the delegation path from the root name servers
-              for
-              the name being looked up.  Tracing is disabled by default.  When
-              tracing is enabled, <span><strong class="command">dig</strong></span> makes
-              iterative queries to
-              resolve the name being looked up.  It will follow referrals from
-              the
-              root servers, showing the answer from each server that was used
-              to
-              resolve the lookup.
-            </p></dd>
+<dd>
+<p>
+	      Toggle tracing of the delegation path from the root
+	      name servers for the name being looked up.  Tracing
+	      is disabled by default.  When tracing is enabled,
+	      <span><strong class="command">dig</strong></span> makes iterative queries to
+	      resolve the name being looked up.  It will follow
+	      referrals from the root servers, showing the answer
+	      from each server that was used to resolve the lookup.
+	    </p>
+<p>
+	      <span><strong class="command">+dnssec</strong></span> is also set when +trace is
+	      set to better emulate the default queries from a nameserver.
+	    </p>
+</dd>
 <dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
 <dd><p>
               Toggles the printing of the initial comment in the output
@@ -392,8 +394,25 @@
 <dt><span class="term"><code class="option">+[no]comments</code></span></dt>
 <dd><p>
               Toggle the display of comment lines in the output.  The default
-              is to
-              print comments.
+              is to print comments.
+            </p></dd>
+<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
+<dd><p>
+              Toggle the display of per-record comments in the output (for
+              example, human-readable key information about DNSKEY records).
+              The default is not to print record comments unless multiline
+              mode is active.
+            </p></dd>
+<dt><span class="term"><code class="option">+split=W</code></span></dt>
+<dd><p>
+              Split long hex- or base64-formatted fields in resource
+              records into chunks of <em class="parameter"><code>W</code></em> characters
+              (where <em class="parameter"><code>W</code></em> is rounded up to the nearest
+              multiple of 4).
+              <em class="parameter"><code>+nosplit</code></em> or
+              <em class="parameter"><code>+split=0</code></em> causes fields not to be
+              split at all.  The default is 56 characters, or 44 characters
+              when multiline mode is active.
             </p></dd>
 <dt><span class="term"><code class="option">+[no]stats</code></span></dt>
 <dd><p>
@@ -488,9 +507,10 @@
 <dt><span class="term"><code class="option">+edns=#</code></span></dt>
 <dd><p>
 	       Specify the EDNS version to query with.  Valid values
-	       are 0 to 255.  Setting the EDNS version will cause a
-	       EDNS query to be sent.  <code class="option">+noedns</code> clears the
-	       remembered EDNS version.
+	       are 0 to 255.  Setting the EDNS version will cause
+	       a EDNS query to be sent.  <code class="option">+noedns</code>
+	       clears the remembered EDNS version.  EDNS is set to
+	       0 by default.
 	    </p></dd>
 <dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
 <dd><p>
@@ -561,7 +581,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545184"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2545301"></a><h2>MULTIPLE QUERIES</h2>
 <p>
       The BIND 9 implementation of <span><strong class="command">dig </strong></span>
       supports
@@ -607,7 +627,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545245"></a><h2>IDN SUPPORT</h2>
+<a name="id2545363"></a><h2>IDN SUPPORT</h2>
 <p>
       If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -621,14 +641,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545336"></a><h2>FILES</h2>
+<a name="id2545385"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 <p><code class="filename">${HOME}/.digrc</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545353"></a><h2>SEE ALSO</h2>
+<a name="id2545402"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@@ -636,7 +656,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545390"></a><h2>BUGS</h2>
+<a name="id2545440"></a><h2>BUGS</h2>
 <p>
       There are probably too many query options.
     </p>

bin/dig/host.c

@@ -1,47 +1,34 @@
 /*
- * Copyright (C) 2004-2007, 2009  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000-2003  Internet Software Consortium.
+ * Copyright (C) 2000  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: host.c,v 1.120 2009/09/29 15:06:05 fdupont Exp $ */
-
-/*! \file */
+/* $Id: host.c,v 1.29.2.8 2000/10/20 21:54:11 gson Exp $ */
 
 #include <config.h>
 #include <stdlib.h>
 #include <limits.h>
 
-#ifdef HAVE_LOCALE_H
-#include <locale.h>
-#endif
-
-#ifdef WITH_IDN
-#include <idn/result.h>
-#include <idn/log.h>
-#include <idn/resconf.h>
-#include <idn/api.h>
-#endif
+extern int h_errno;
 
 #include <isc/app.h>
 #include <isc/commandline.h>
 #include <isc/netaddr.h>
-#include <isc/print.h>
 #include <isc/string.h>
 #include <isc/util.h>
 #include <isc/task.h>
-#include <isc/stdlib.h>
 
 #include <dns/byaddr.h>
 #include <dns/fixedname.h>
@@ -51,16 +38,24 @@
 #include <dns/rdataclass.h>
 #include <dns/rdataset.h>
 #include <dns/rdatatype.h>
-#include <dns/rdatastruct.h>
 
 #include <dig/dig.h>
 
-static isc_boolean_t short_form = ISC_TRUE, listed_server = ISC_FALSE;
-static isc_boolean_t default_lookups = ISC_TRUE;
-static int seen_error = -1;
-static isc_boolean_t list_addresses = ISC_TRUE;
-static dns_rdatatype_t list_type = dns_rdatatype_a;
-static isc_boolean_t printed_server = ISC_FALSE;
+extern ISC_LIST(dig_lookup_t) lookup_list;
+extern ISC_LIST(dig_server_t) server_list;
+extern ISC_LIST(dig_searchlist_t) search_list;
+
+extern isc_boolean_t debugging;
+extern unsigned int timeout;
+extern isc_mem_t *mctx;
+extern int ndots;
+extern int tries;
+extern isc_boolean_t usesearch;
+extern int lookup_counter;
+extern char *progname;
+extern isc_task_t *global_task;
+
+isc_boolean_t short_form = ISC_TRUE, listed_server = ISC_FALSE;
 
 static const char *opcodetext[] = {
 	"QUERY",
@@ -86,7 +81,7 @@ static const char *rcodetext[] = {
 	"FORMERR",
 	"SERVFAIL",
 	"NXDOMAIN",
-	"NOTIMP",
+	"NOTIMPL",
 	"REFUSED",
 	"YXDOMAIN",
 	"YXRRSET",
@@ -101,72 +96,131 @@ static const char *rcodetext[] = {
 	"BADVERS"
 };
 
-struct rtype {
-	unsigned int type;
-	const char *text;
-};
+static const char *rtypetext[] = {
+	"zero",				/* 0 */
+	"has address",			/* 1 */
+	"name server",			/* 2 */
+	"MD",				/* 3 */
+	"MF",				/* 4 */
+	"is an alias for",		/* 5 */
+	"SOA",				/* 6 */
+	"MB",				/* 7 */
+	"MG",				/* 8 */
+	"MR",				/* 9 */
+	"NULL",				/* 10 */
+	"has well known services",	/* 11 */
+	"domain name pointer",		/* 12 */
+	"host information",		/* 13 */
+	"MINFO",			/* 14 */
+	"mail is handled by",	       	/* 15 */
+	"text",				/* 16 */
+	"RP",				/* 17 */
+	"AFSDB",			/* 18 */
+	"x25 address",			/* 19 */
+	"isdn address",			/* 20 */
+	"RT",				/* 21 */
+	"NSAP",				/* 22 */
+	"NSAP_PTR",			/* 23 */
+	"has signature",		/* 24 */
+	"has key",			/* 25 */
+	"PX",				/* 26 */
+	"GPOS",				/* 27 */
+	"has AAAA address",		/* 28 */
+	"LOC",				/* 29 */
+	"has next record",		/* 30 */
+	"EID",				/* 31 */
+	"NIMLOC",			/* 32 */
+	"SRV",				/* 33 */
+	"ATMA",				/* 34 */
+	"NAPTR",			/* 35 */
+	"KX",				/* 36 */
+	"CERT",				/* 37 */
+	"has v6 address",		/* 38 */
+	"DNAME",			/* 39 */
+	"has optional information",	/* 41 */
+	"has 42 record",       		/* 42 */
+	"has 43 record",       		/* 43 */
+	"has 44 record",       		/* 44 */
+	"has 45 record",       		/* 45 */
+	"has 46 record",       		/* 46 */
+	"has 47 record",       		/* 47 */
+	"has 48 record",       		/* 48 */
+	"has 49 record",       		/* 49 */
+	"has 50 record",       		/* 50 */
+	"has 51 record",       		/* 51 */
+	"has 52 record",       		/* 52 */
+	"has 53 record",       		/* 53 */
+	"has 54 record",       		/* 54 */
+	"has 55 record",       		/* 55 */
+	"has 56 record",       		/* 56 */
+	"has 57 record",       		/* 57 */
+	"has 58 record",       		/* 58 */
+	"has 59 record",       		/* 59 */
+	"has 60 record",       		/* 60 */
+	"has 61 record",       		/* 61 */
+	"has 62 record",       		/* 62 */
+	"has 63 record",       		/* 63 */
+	"has 64 record",       		/* 64 */
+	"has 65 record",       		/* 65 */
+	"has 66 record",       		/* 66 */
+	"has 67 record",       		/* 67 */
+	"has 68 record",       		/* 68 */
+	"has 69 record",       		/* 69 */
+	"has 70 record",       		/* 70 */
+	"has 71 record",       		/* 71 */
+	"has 72 record",       		/* 72 */
+	"has 73 record",       		/* 73 */
+	"has 74 record",       		/* 74 */
+	"has 75 record",       		/* 75 */
+	"has 76 record",       		/* 76 */
+	"has 77 record",       		/* 77 */
+	"has 78 record",       		/* 78 */
+	"has 79 record",       		/* 79 */
+	"has 80 record",       		/* 80 */
+	"has 81 record",       		/* 81 */
+	"has 82 record",       		/* 82 */
+	"has 83 record",       		/* 83 */
+	"has 84 record",       		/* 84 */
+	"has 85 record",       		/* 85 */
+	"has 86 record",       		/* 86 */
+	"has 87 record",       		/* 87 */
+	"has 88 record",       		/* 88 */
+	"has 89 record",       		/* 89 */
+	"has 90 record",       		/* 90 */
+	"has 91 record",       		/* 91 */
+	"has 92 record",       		/* 92 */
+	"has 93 record",       		/* 93 */
+	"has 94 record",       		/* 94 */
+	"has 95 record",       		/* 95 */
+	"has 96 record",       		/* 96 */
+	"has 97 record",       		/* 97 */
+	"has 98 record",       		/* 98 */
+	"has 99 record",       		/* 99 */
+	"UINFO",			/* 100 */
+	"UID",				/* 101 */
+	"GID",				/* 102 */
+	"UNSPEC"};			/* 103 */
 
-struct rtype rtypes[] = {
-	{ 1, 	"has address" },
-	{ 2, 	"name server" },
-	{ 5, 	"is an alias for" },
-	{ 11,	"has well known services" },
-	{ 12,	"domain name pointer" },
-	{ 13,	"host information" },
-	{ 15,	"mail is handled by" },
-	{ 16,	"descriptive text" },
-	{ 19,	"x25 address" },
-	{ 20,	"ISDN address" },
-	{ 24,	"has signature" },
-	{ 25,	"has key" },
-	{ 28,	"has IPv6 address" },
-	{ 29,	"location" },
-	{ 0, NULL }
-};
-
-static char *
-rcode_totext(dns_rcode_t rcode)
-{
-	static char buf[sizeof("?65535")];
-	union {
-		const char *consttext;
-		char *deconsttext;
-	} totext;
-
-	if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
-		snprintf(buf, sizeof(buf), "?%u", rcode);
-		totext.deconsttext = buf;
-	} else
-		totext.consttext = rcodetext[rcode];
-	return totext.deconsttext;
-}
-
-ISC_PLATFORM_NORETURN_PRE static void
-show_usage(void) ISC_PLATFORM_NORETURN_POST;
 
 static void
 show_usage(void) {
 	fputs(
-"Usage: host [-aCdlriTwv] [-c class] [-N ndots] [-t type] [-W time]\n"
-"            [-R number] [-m flag] hostname [server]\n"
-"       -a is equivalent to -v -t ANY\n"
+"Usage: host [-aCdlrTwv] [-c class] [-n] [-N ndots] [-t type] [-W time]\n"
+"            [-R number] hostname [server]\n"
+"       -a is equivalent to -v -t *\n"
 "       -c specifies query class for non-IN data\n"
-"       -C compares SOA records on authoritative nameservers\n"
+"       -C compares SOA records on authorative nameservers\n"
 "       -d is equivalent to -v\n"
 "       -l lists all hosts in a domain, using AXFR\n"
-"       -i IP6.INT reverse lookups\n"
+"       -n Use the nibble form of IPv6 reverse lookup\n"
 "       -N changes the number of dots allowed before root lookup is done\n"
 "       -r disables recursive processing\n"
 "       -R specifies number of retries for UDP packets\n"
-"       -s a SERVFAIL response should stop query\n"
 "       -t specifies the query type\n"
 "       -T enables TCP/IP mode\n"
 "       -v enables verbose output\n"
 "       -w specifies to wait forever for a reply\n"
-"       -W specifies how long to wait for a reply\n"
-"       -4 use IPv4 query transport only\n"
-"       -6 use IPv6 query transport only\n"
-"       -m set memory debugging flag (trace|record|usage)\n", stderr);
+"       -W specifies how long to wait for a reply\n", stderr);
 	exit(1);
 }
 
@@ -176,74 +230,57 @@ dighost_shutdown(void) {
 }
 
 void
-received(int bytes, isc_sockaddr_t *from, dig_query_t *query) {
+received(int bytes, int frmsize, char *frm, dig_query_t *query) {
 	isc_time_t now;
+	isc_result_t result;
 	int diff;
 
 	if (!short_form) {
-		char fromtext[ISC_SOCKADDR_FORMATSIZE];
-		isc_sockaddr_format(from, fromtext, sizeof(fromtext));
-		TIME_NOW(&now);
-		diff = (int) isc_time_microdiff(&now, &query->time_sent);
-		printf("Received %u bytes from %s in %d ms\n",
-		       bytes, fromtext, diff/1000);
+		result = isc_time_now(&now);
+		check_result(result, "isc_time_now");
+		diff = isc_time_microdiff(&now, &query->time_sent);
+		printf("Received %u bytes from %.*s in %d ms\n",
+		       bytes, frmsize, frm, diff/1000);
 	}
 }
 
 void
-trying(char *frm, dig_lookup_t *lookup) {
+trying(int frmsize, char *frm, dig_lookup_t *lookup) {
 	UNUSED(lookup);
 
 	if (!short_form)
-		printf("Trying \"%s\"\n", frm);
+		printf ("Trying \"%.*s\"\n", frmsize, frm);
 }
 
 static void
 say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
 	    dig_query_t *query)
 {
-	isc_buffer_t *b = NULL;
-	char namestr[DNS_NAME_FORMATSIZE];
-	isc_region_t r;
+	isc_buffer_t *b = NULL, *b2 = NULL;
+	isc_region_t r, r2;
 	isc_result_t result;
-	unsigned int bufsize = BUFSIZ;
 
-	dns_name_format(name, namestr, sizeof(namestr));
- retry:
-	result = isc_buffer_allocate(mctx, &b, bufsize);
+	result = isc_buffer_allocate(mctx, &b, BUFSIZE);
 	check_result(result, "isc_buffer_allocate");
-	result = dns_rdata_totext(rdata, NULL, b);
-	if (result == ISC_R_NOSPACE) {
-		isc_buffer_free(&b);
-		bufsize *= 2;
-		goto retry;
-	}
-	check_result(result, "dns_rdata_totext");
+	result = isc_buffer_allocate(mctx, &b2, BUFSIZE);
+	check_result(result, "isc_buffer_allocate");
+	result = dns_name_totext(name, ISC_FALSE, b);
+	check_result(result, "dns_name_totext");
 	isc_buffer_usedregion(b, &r);
-	if (query->lookup->identify_previous_line) {
-		printf("Nameserver %s:\n\t",
-			query->servname);
-	}
-	printf("%s %s %.*s", namestr,
-	       msg, (int)r.length, (char *)r.base);
+	result = dns_rdata_totext(rdata, NULL, b2);
+	check_result(result, "dns_rdata_totext");
+	isc_buffer_usedregion(b2, &r2);
+	printf ( "%.*s %s %.*s", (int)r.length, (char *)r.base,
+		 msg, (int)r2.length, (char *)r2.base);
 	if (query->lookup->identify) {
-		printf(" on server %s", query->servname);
+		printf (" on server %s", query->servname);
 	}
-	printf("\n");
+	printf ("\n");
 	isc_buffer_free(&b);
+	isc_buffer_free(&b2);
 }
-#ifdef DIG_SIGCHASE
-/* Just for compatibility : not use in host program */
-isc_result_t
-printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
-	      isc_buffer_t *target)
-{
-  UNUSED(owner_name);
-  UNUSED(rdataset);
-  UNUSED(target);
-  return(ISC_FALSE);
-}
-#endif
+
+
 static isc_result_t
 printsection(dns_message_t *msg, dns_section_t sectionid,
 	     const char *section_name, isc_boolean_t headers,
@@ -251,7 +288,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 {
 	dns_name_t *name, *print_name;
 	dns_rdataset_t *rdataset;
-	dns_rdata_t rdata = DNS_RDATA_INIT;
+	dns_rdata_t rdata;
 	isc_buffer_t target;
 	isc_result_t result, loopresult;
 	isc_region_t r;
@@ -259,6 +296,7 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 	char t[4096];
 	isc_boolean_t first;
 	isc_boolean_t no_rdata;
+	const char *rtt;
 
 	if (sectionid == DNS_SECTION_QUESTION)
 		no_rdata = ISC_TRUE;
@@ -287,16 +325,6 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 		for (rdataset = ISC_LIST_HEAD(name->list);
 		     rdataset != NULL;
 		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
-			if (query->lookup->rdtype == dns_rdatatype_axfr &&
-			    !((!list_addresses &&
-			       (list_type == dns_rdatatype_any ||
-				rdataset->type == list_type)) ||
-			      (list_addresses &&
-			       (rdataset->type == dns_rdatatype_a ||
-				rdataset->type == dns_rdatatype_aaaa ||
-				rdataset->type == dns_rdatatype_ns ||
-				rdataset->type == dns_rdatatype_ptr))))
-				continue;
 			if (!short_form) {
 				result = dns_rdataset_totext(rdataset,
 							     print_name,
@@ -316,30 +344,17 @@ printsection(dns_message_t *msg, dns_section_t sectionid,
 			} else {
 				loopresult = dns_rdataset_first(rdataset);
 				while (loopresult == ISC_R_SUCCESS) {
-					struct rtype *t;
-					const char *rtt;
-					char typebuf[DNS_RDATATYPE_FORMATSIZE];
-					char typebuf2[DNS_RDATATYPE_FORMATSIZE
-						     + 20];
 					dns_rdataset_current(rdataset, &rdata);
-
-					for (t = rtypes; t->text != NULL; t++) {
-						if (t->type == rdata.type) {
-							rtt = t->text;
-							goto found;
-						}
-					}
-
-					dns_rdatatype_format(rdata.type,
-							     typebuf,
-							     sizeof(typebuf));
-					snprintf(typebuf2, sizeof(typebuf2),
-						 "has %s record", typebuf);
-					rtt = typebuf2;
-				found:
+					if (rdata.type <= 103)
+						rtt=rtypetext[rdata.type];
+					else if (rdata.type == 249)
+						rtt = "key";
+					else if (rdata.type == 250)
+						rtt = "signature";
+					else
+						rtt = "unknown";
 					say_message(print_name, rtt,
 						    &rdata, query);
-					dns_rdata_reset(&rdata);
 					loopresult =
 						dns_rdataset_next(rdataset);
 				}
@@ -389,109 +404,47 @@ printrdata(dns_message_t *msg, dns_rdataset_t *rdataset, dns_name_t *owner,
 	return (ISC_R_SUCCESS);
 }
 
-static void
-chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
-	isc_result_t result;
-	dns_rdataset_t *rdataset;
-	dns_rdata_cname_t cname;
-	dns_rdata_t rdata = DNS_RDATA_INIT;
-	unsigned int i = msg->counts[DNS_SECTION_ANSWER];
-
-	while (i-- > 0) {
-		rdataset = NULL;
-		result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
-					      dns_rdatatype_cname, 0, NULL,
-					      &rdataset);
-		if (result != ISC_R_SUCCESS)
-			return;
-		result = dns_rdataset_first(rdataset);
-		check_result(result, "dns_rdataset_first");
-		dns_rdata_reset(&rdata);
-		dns_rdataset_current(rdataset, &rdata);
-		result = dns_rdata_tostruct(&rdata, &cname, NULL);
-		check_result(result, "dns_rdata_tostruct");
-		dns_name_copy(&cname.cname, qname, NULL);
-		dns_rdata_freestruct(&cname);
-	}
-}
-
 isc_result_t
 printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	isc_boolean_t did_flag = ISC_FALSE;
 	dns_rdataset_t *opt, *tsig = NULL;
 	dns_name_t *tsigname;
 	isc_result_t result = ISC_R_SUCCESS;
-	int force_error;
+	isc_buffer_t *b = NULL;
+	isc_region_t r;
 
 	UNUSED(headers);
 
-	/*
-	 * We get called multiple times.
-	 * Preserve any existing error status.
-	 */
-	force_error = (seen_error == 1) ? 1 : 0;
-	seen_error = 1;
-	if (listed_server && !printed_server) {
-		char sockstr[ISC_SOCKADDR_FORMATSIZE];
-
+	if (listed_server) {
 		printf("Using domain server:\n");
-		printf("Name: %s\n", query->userarg);
-		isc_sockaddr_format(&query->sockaddr, sockstr,
-				    sizeof(sockstr));
-		printf("Address: %s\n", sockstr);
+		printf("Name: %s\n", query->servname);
+		result = isc_buffer_allocate(mctx, &b, MXNAME);
+		check_result(result, "isc_buffer_allocate");
+		result = isc_sockaddr_totext(&query->sockaddr, b);
+		check_result(result, "isc_sockaddr_totext");
+		printf("Address: %.*s\n",
+		       (int)isc_buffer_usedlength(b),
+		       (char*)isc_buffer_base(b));
+		isc_buffer_free(&b);
 		printf("Aliases: \n\n");
-		printed_server = ISC_TRUE;
 	}
 
 	if (msg->rcode != 0) {
-		char namestr[DNS_NAME_FORMATSIZE];
-		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
-		printf("Host %s not found: %d(%s)\n",
-		       (msg->rcode != dns_rcode_nxdomain) ? namestr :
-		       query->lookup->textname, msg->rcode,
-		       rcode_totext(msg->rcode));
+		result = isc_buffer_allocate(mctx, &b, MXNAME);
+		check_result(result, "isc_buffer_allocate");
+		result = dns_name_totext(query->lookup->name, ISC_FALSE,
+					 b);
+		check_result(result, "dns_name_totext");
+		isc_buffer_usedregion(b, &r);
+		printf("Host %.*s not found: %d(%s)\n",
+		       (int)r.length, (char *)r.base,
+		       msg->rcode, rcodetext[msg->rcode]);
+		isc_buffer_free(&b);
 		return (ISC_R_SUCCESS);
 	}
-
-	if (default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
-		char namestr[DNS_NAME_FORMATSIZE];
-		dig_lookup_t *lookup;
-		dns_fixedname_t fixed;
-		dns_name_t *name;
-
-		/* Add AAAA and MX lookups. */
-		dns_fixedname_init(&fixed);
-		name = dns_fixedname_name(&fixed);
-		dns_name_copy(query->lookup->name, name, NULL);
-		chase_cnamechain(msg, name);
-		dns_name_format(name, namestr, sizeof(namestr));
-		lookup = clone_lookup(query->lookup, ISC_FALSE);
-		if (lookup != NULL) {
-			strncpy(lookup->textname, namestr,
-				sizeof(lookup->textname));
-			lookup->textname[sizeof(lookup->textname)-1] = 0;
-			lookup->rdtype = dns_rdatatype_aaaa;
-			lookup->rdtypeset = ISC_TRUE;
-			lookup->origin = NULL;
-			lookup->retries = tries;
-			ISC_LIST_APPEND(lookup_list, lookup, link);
-		}
-		lookup = clone_lookup(query->lookup, ISC_FALSE);
-		if (lookup != NULL) {
-			strncpy(lookup->textname, namestr,
-				sizeof(lookup->textname));
-			lookup->textname[sizeof(lookup->textname)-1] = 0;
-			lookup->rdtype = dns_rdatatype_mx;
-			lookup->rdtypeset = ISC_TRUE;
-			lookup->origin = NULL;
-			lookup->retries = tries;
-			ISC_LIST_APPEND(lookup_list, lookup, link);
-		}
-	}
-
 	if (!short_form) {
 		printf(";; ->>HEADER<<- opcode: %s, status: %s, id: %u\n",
-		       opcodetext[msg->opcode], rcode_totext(msg->rcode),
+		       opcodetext[msg->opcode], rcodetext[msg->rcode],
 		       msg->id);
 		printf(";; flags: ");
 		if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) {
@@ -581,92 +534,31 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	if (!short_form)
 		printf("\n");
 
-	if (short_form && !default_lookups &&
-	    ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
-		char namestr[DNS_NAME_FORMATSIZE];
-		char typestr[DNS_RDATATYPE_FORMATSIZE];
-		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
-		dns_rdatatype_format(query->lookup->rdtype, typestr,
-				     sizeof(typestr));
-		printf("%s has no %s record\n", namestr, typestr);
-	}
-	seen_error = force_error;
 	return (result);
 }
 
-static const char * optstring = "46ac:dilnm:rst:vwCDN:R:TW:";
-
-static void
-pre_parse_args(int argc, char **argv) {
-	int c;
-
-	while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
-		switch (c) {
-		case 'm':
-			memdebugging = ISC_TRUE;
-			if (strcasecmp("trace", isc_commandline_argument) == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
-			else if (!strcasecmp("record",
-					     isc_commandline_argument) == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
-			else if (strcasecmp("usage",
-					    isc_commandline_argument) == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
-			break;
-
-		case '4': break;
-		case '6': break;
-		case 'a': break;
-		case 'c': break;
-		case 'd': break;
-		case 'i': break;
-		case 'l': break;
-		case 'n': break;
-		case 'r': break;
-		case 's': break;
-		case 't': break;
-		case 'v': break;
-		case 'w': break;
-		case 'C': break;
-		case 'D': break;
-		case 'N': break;
-		case 'R': break;
-		case 'T': break;
-		case 'W': break;
-		default:
-			show_usage();
-		}
-	}
-	isc_commandline_reset = ISC_TRUE;
-	isc_commandline_index = 1;
-}
-
 static void
 parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 	char hostname[MXNAME];
+	dig_server_t *srv;
 	dig_lookup_t *lookup;
-	int c;
+	int i, c, n, adrs[4];
 	char store[MXNAME];
 	isc_textregion_t tr;
-	isc_result_t result = ISC_R_SUCCESS;
+	isc_result_t result;
 	dns_rdatatype_t rdtype;
 	dns_rdataclass_t rdclass;
-	isc_uint32_t serial = 0;
 
 	UNUSED(is_batchfile);
 
 	lookup = make_empty_lookup();
 
-	lookup->servfail_stops = ISC_FALSE;
-	lookup->comments = ISC_FALSE;
-
-	while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
+	while ((c = isc_commandline_parse(argc, argv, "lvwrdt:c:aTCN:R:W:Dn"))
+	       != EOF) {
 		switch (c) {
 		case 'l':
 			lookup->tcp_mode = ISC_TRUE;
 			lookup->rdtype = dns_rdatatype_axfr;
-			lookup->rdtypeset = ISC_TRUE;
-			fatalexit = 3;
 			break;
 		case 'v':
 		case 'd':
@@ -676,52 +568,16 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			lookup->recurse = ISC_FALSE;
 			break;
 		case 't':
-			if (strncasecmp(isc_commandline_argument,
-					"ixfr=", 5) == 0) {
-				rdtype = dns_rdatatype_ixfr;
-				/* XXXMPA add error checking */
-				serial = strtoul(isc_commandline_argument + 5,
-						 NULL, 10);
-				result = ISC_R_SUCCESS;
-			} else {
-				tr.base = isc_commandline_argument;
-				tr.length = strlen(isc_commandline_argument);
-				result = dns_rdatatype_fromtext(&rdtype,
+			tr.base = isc_commandline_argument;
+			tr.length = strlen(isc_commandline_argument);
+			result = dns_rdatatype_fromtext(&rdtype,
 						   (isc_textregion_t *)&tr);
-			}
 
-			if (result != ISC_R_SUCCESS) {
-				fatalexit = 2;
-				fatal("invalid type: %s\n",
-				      isc_commandline_argument);
-			}
-			if (!lookup->rdtypeset ||
-			    lookup->rdtype != dns_rdatatype_axfr)
+			if (result != ISC_R_SUCCESS)
+				fprintf (stderr,"Warning: invalid type: %s\n",
+					 isc_commandline_argument);
+			else
 				lookup->rdtype = rdtype;
-			lookup->rdtypeset = ISC_TRUE;
-#ifdef WITH_IDN
-			idnoptions = 0;
-#endif
-			if (rdtype == dns_rdatatype_axfr) {
-				/* -l -t any -v */
-				list_type = dns_rdatatype_any;
-				short_form = ISC_FALSE;
-				lookup->tcp_mode = ISC_TRUE;
-			} else if (rdtype == dns_rdatatype_ixfr) {
-				lookup->ixfr_serial = serial;
-				lookup->tcp_mode = ISC_TRUE;
-				list_type = rdtype;
-#ifdef WITH_IDN
-			} else if (rdtype == dns_rdatatype_a ||
-				   rdtype == dns_rdatatype_aaaa ||
-				   rdtype == dns_rdatatype_mx) {
-				idnoptions = IDN_ASCCHECK;
-				list_type = rdtype;
-#endif
-			} else
-				list_type = rdtype;
-			list_addresses = ISC_FALSE;
-			default_lookups = ISC_FALSE;
 			break;
 		case 'c':
 			tr.base = isc_commandline_argument;
@@ -729,34 +585,18 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			result = dns_rdataclass_fromtext(&rdclass,
 						   (isc_textregion_t *)&tr);
 
-			if (result != ISC_R_SUCCESS) {
-				fatalexit = 2;
-				fatal("invalid class: %s\n",
-				      isc_commandline_argument);
-			} else {
+			if (result != ISC_R_SUCCESS)
+				fprintf (stderr,"Warning: invalid class: %s\n",
+					 isc_commandline_argument);
+			else
 				lookup->rdclass = rdclass;
-				lookup->rdclassset = ISC_TRUE;
-			}
-			default_lookups = ISC_FALSE;
 			break;
 		case 'a':
-			if (!lookup->rdtypeset ||
-			    lookup->rdtype != dns_rdatatype_axfr)
-				lookup->rdtype = dns_rdatatype_any;
-			list_type = dns_rdatatype_any;
-			list_addresses = ISC_FALSE;
-			lookup->rdtypeset = ISC_TRUE;
+			lookup->rdtype = dns_rdatatype_any;
 			short_form = ISC_FALSE;
-			default_lookups = ISC_FALSE;
-			break;
-		case 'i':
-			lookup->ip6_int = ISC_TRUE;
 			break;
 		case 'n':
-			/* deprecated */
-			break;
-		case 'm':
-			/* Handled by pre_parse_args(). */
+			lookup->nibble = ISC_TRUE;
 			break;
 		case 'w':
 			/*
@@ -771,23 +611,19 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 				timeout = 1;
 			break;
 		case 'R':
-			tries = atoi(isc_commandline_argument) + 1;
-			if (tries < 2)
-				tries = 2;
+			tries = atoi(isc_commandline_argument);
+			if (tries < 1)
+				tries = 1;
 			break;
 		case 'T':
 			lookup->tcp_mode = ISC_TRUE;
 			break;
 		case 'C':
 			debug("showing all SOAs");
-			lookup->rdtype = dns_rdatatype_ns;
-			lookup->rdtypeset = ISC_TRUE;
+			lookup->rdtype = dns_rdatatype_soa;
 			lookup->rdclass = dns_rdataclass_in;
-			lookup->rdclassset = ISC_TRUE;
 			lookup->ns_search_only = ISC_TRUE;
 			lookup->trace_root = ISC_TRUE;
-			lookup->identify_previous_line = ISC_TRUE;
-			default_lookups = ISC_FALSE;
 			break;
 		case 'N':
 			debug("setting NDOTS to %s",
@@ -797,75 +633,78 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 		case 'D':
 			debugging = ISC_TRUE;
 			break;
-		case '4':
-			if (have_ipv4) {
-				isc_net_disableipv6();
-				have_ipv6 = ISC_FALSE;
-			} else
-				fatal("can't find IPv4 networking");
-			break;
-		case '6':
-			if (have_ipv6) {
-				isc_net_disableipv4();
-				have_ipv4 = ISC_FALSE;
-			} else
-				fatal("can't find IPv6 networking");
-			break;
-		case 's':
-			lookup->servfail_stops = ISC_TRUE;
-			break;
 		}
 	}
-
-	lookup->retries = tries;
-
-	if (isc_commandline_index >= argc)
+	if (isc_commandline_index >= argc) {
 		show_usage();
-
+	}
 	strncpy(hostname, argv[isc_commandline_index], sizeof(hostname));
 	hostname[sizeof(hostname)-1]=0;
 	if (argc > isc_commandline_index + 1) {
-		set_nameserver(argv[isc_commandline_index+1]);
-		debug("server is %s", argv[isc_commandline_index+1]);
+		srv = make_server(argv[isc_commandline_index+1]);
+		debug("server is %s", srv->servername);
+		ISC_LIST_APPEND(server_list, srv, link);
 		listed_server = ISC_TRUE;
-	} else
-		check_ra = ISC_TRUE;
+	}
 
 	lookup->pending = ISC_FALSE;
-	if (get_reverse(store, sizeof(store), hostname,
-			lookup->ip6_int, ISC_TRUE) == ISC_R_SUCCESS) {
-		strncpy(lookup->textname, store, sizeof(lookup->textname));
-		lookup->textname[sizeof(lookup->textname)-1] = 0;
+	if (strspn(hostname, "0123456789.") == strlen(hostname)) {
+		lookup->textname[0] = 0;
+		n = sscanf(hostname, "%d.%d.%d.%d", &adrs[0], &adrs[1],
+				   &adrs[2], &adrs[3]);
+		if (n == 0) {
+			show_usage();
+		}
+		for (i = n - 1; i >= 0; i--) {
+			snprintf(store, MXNAME/8, "%d.",
+				 adrs[i]);
+			strncat(lookup->textname, store, MXNAME);
+		}
+		strncat(lookup->textname, "in-addr.arpa.", MXNAME);
+		lookup->rdtype = dns_rdatatype_ptr;
+	} else if (strspn(hostname, "0123456789abcdef.:") == strlen(hostname))
+	{
+		isc_netaddr_t addr;
+		dns_fixedname_t fname;
+		isc_buffer_t b;
+
+		addr.family = AF_INET6;
+		n = inet_pton(AF_INET6, hostname, &addr.type.in6);
+		if (n <= 0)
+			goto notv6;
+		dns_fixedname_init(&fname);
+		result = dns_byaddr_createptrname(&addr, lookup->nibble,
+						  dns_fixedname_name(&fname));
+		if (result != ISC_R_SUCCESS)
+			show_usage();
+		isc_buffer_init(&b, lookup->textname, sizeof lookup->textname);
+		result = dns_name_totext(dns_fixedname_name(&fname),
+					 ISC_FALSE, &b);
+		isc_buffer_putuint8(&b, 0);
+		if (result != ISC_R_SUCCESS)
+			show_usage();
 		lookup->rdtype = dns_rdatatype_ptr;
-		lookup->rdtypeset = ISC_TRUE;
-		default_lookups = ISC_FALSE;
 	} else {
+ notv6:
 		strncpy(lookup->textname, hostname, sizeof(lookup->textname));
 		lookup->textname[sizeof(lookup->textname)-1]=0;
-		usesearch = ISC_TRUE;
 	}
 	lookup->new_search = ISC_TRUE;
 	ISC_LIST_APPEND(lookup_list, lookup, link);
+
+	usesearch = ISC_TRUE;
 }
 
 int
 main(int argc, char **argv) {
 	isc_result_t result;
 
-	tries = 2;
-
 	ISC_LIST_INIT(lookup_list);
 	ISC_LIST_INIT(server_list);
 	ISC_LIST_INIT(search_list);
 
-	fatalexit = 1;
-#ifdef WITH_IDN
-	idnoptions = IDN_ASCCHECK;
-#endif
-
 	debug("main()");
 	progname = argv[0];
-	pre_parse_args(argc, argv);
 	result = isc_app_start();
 	check_result(result, "isc_app_start");
 	setup_libs();
@@ -877,5 +716,6 @@ main(int argc, char **argv) {
 	cancel_all();
 	destroy_libs();
 	isc_app_finish();
-	return ((seen_error == 0) ? 0 : 1);
+	return (0);
 }
+

bin/dig/include/dig/dig.h

@@ -1,35 +1,30 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000-2003  Internet Software Consortium.
+ * Copyright (C) 2000  Internet Software Consortium.
  *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
  *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM
+ * DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
+ * IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
+ * INTERNET SOFTWARE CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING
+ * FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT,
+ * NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION
+ * WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.h,v 1.111 2009/09/29 15:06:06 fdupont Exp $ */
+/* $Id: dig.h,v 1.25.2.5 2000/10/06 19:08:08 mws Exp $ */
 
 #ifndef DIG_H
 #define DIG_H
 
-/*! \file */
-
 #include <dns/rdatalist.h>
-
 #include <dst/dst.h>
-
 #include <isc/boolean.h>
 #include <isc/buffer.h>
 #include <isc/bufferlist.h>
-#include <isc/formatcheck.h>
 #include <isc/lang.h>
 #include <isc/list.h>
 #include <isc/mem.h>
@@ -37,87 +32,62 @@
 #include <isc/sockaddr.h>
 #include <isc/socket.h>
 
-#define MXSERV 20
-#define MXNAME (DNS_NAME_MAXTEXT+1)
+#define MXSERV 6
+#define MXNAME (1024)
 #define MXRD 32
-/*% Buffer Size */
 #define BUFSIZE 512
 #define COMMSIZE 0xffff
-#ifndef RESOLV_CONF
-/*% location of resolve.conf */
-#define RESOLV_CONF "/etc/resolv.conf"
-#endif
-/*% output buffer */
+#define RESOLVCONF "/etc/resolv.conf"
 #define OUTPUTBUF 32767
-/*% Max RR Limit */
-#define MAXRRLIMIT 0xffffffff
-#define MAXTIMEOUT 0xffff
-/*% Max number of tries */
-#define MAXTRIES 0xffffffff
-/*% Max number of dots */
-#define MAXNDOTS 0xffff
-/*% Max number of ports */
-#define MAXPORT 0xffff
-/*% Max serial number */
-#define MAXSERIAL 0xffffffff
 
-/*% Default TCP Timeout */
+/*
+ * Default timeout values
+ */
 #define TCP_TIMEOUT 10
-/*% Default UDP Timeout */
 #define UDP_TIMEOUT 5
 
 #define SERVER_TIMEOUT 1
 
 #define LOOKUP_LIMIT 64
-/*%
+/*
  * Lookup_limit is just a limiter, keeping too many lookups from being
  * created.  It's job is mainly to prevent the program from running away
  * in a tight loop of constant lookups.  It's value is arbitrary.
  */
 
+#define ROOTNS 1
 /*
- * Defaults for the sigchase suboptions.  Consolidated here because
- * these control the layout of dig_lookup_t (among other things).
+ * Set the number of root servers to ask for information when running in
+ * trace mode.
+ * XXXMWS -- trace mode is currently semi-broken, and this number *MUST*
+ * be 1.
  */
-#ifdef DIG_SIGCHASE
-#ifndef DIG_SIGCHASE_BU
-#define DIG_SIGCHASE_BU 1
-#endif
-#ifndef DIG_SIGCHASE_TD
-#define DIG_SIGCHASE_TD 1
-#endif
-#endif
 
 ISC_LANG_BEGINDECLS
 
 typedef struct dig_lookup dig_lookup_t;
 typedef struct dig_query dig_query_t;
 typedef struct dig_server dig_server_t;
-#ifdef DIG_SIGCHASE
-typedef struct dig_message dig_message_t;
-#endif
 typedef ISC_LIST(dig_server_t) dig_serverlist_t;
 typedef struct dig_searchlist dig_searchlist_t;
 
-/*% The dig_lookup structure */
 struct dig_lookup {
 	isc_boolean_t
-		pending, /*%< Pending a successful answer */
+	        pending, /* Pending a successful answer */
 		waiting_connect,
 		doing_xfr,
-		ns_search_only, /*%< dig +nssearch, host -C */
-		identify, /*%< Append an "on server <foo>" message */
-		identify_previous_line, /*% Prepend a "Nameserver <foo>:"
-					   message, with newline and tab */
+		ns_search_only,
+		identify,
 		ignore,
 		recurse,
 		aaonly,
 		adflag,
 		cdflag,
-		trace, /*% dig +trace */
-		trace_root, /*% initial query for either +trace or +nssearch */
+		trace,
+		trace_root,
+		defname,
 		tcp_mode,
-		ip6_int,
+		nibble,
 		comments,
 		stats,
 		section_question,
@@ -125,41 +95,16 @@ struct dig_lookup {
 		section_authority,
 		section_additional,
 		servfail_stops,
-		new_search,
-		need_search,
-		done_as_is,
-		besteffort,
-		dnssec,
-		nsid;   /*% Name Server ID (RFC 5001) */
-#ifdef DIG_SIGCHASE
-isc_boolean_t	sigchase;
-#if DIG_SIGCHASE_TD
-	isc_boolean_t do_topdown,
-		trace_root_sigchase,
-		rdtype_sigchaseset,
-		rdclass_sigchaseset;
-	/* Name we are going to validate RRset */
-	char textnamesigchase[MXNAME];
-#endif
-#endif
-
-	char textname[MXNAME]; /*% Name we're going to be looking up */
+		new_search;
+	char textname[MXNAME]; /* Name we're going to be looking up */
 	char cmdline[MXNAME];
 	dns_rdatatype_t rdtype;
-	dns_rdatatype_t qrdtype;
-#if DIG_SIGCHASE_TD
-	dns_rdatatype_t rdtype_sigchase;
-	dns_rdatatype_t qrdtype_sigchase;
-	dns_rdataclass_t rdclass_sigchase;
-#endif
 	dns_rdataclass_t rdclass;
-	isc_boolean_t rdtypeset;
-	isc_boolean_t rdclassset;
 	char namespace[BUFSIZE];
 	char onamespace[BUFSIZE];
 	isc_buffer_t namebuf;
 	isc_buffer_t onamebuf;
-	isc_buffer_t renderbuf;
+	isc_buffer_t sendbuf;
 	char *sendspace;
 	dns_name_t *name;
 	isc_timer_t *timer;
@@ -172,37 +117,30 @@ isc_boolean_t	sigchase;
 	dig_serverlist_t my_server_list;
 	dig_searchlist_t *origin;
 	dig_query_t *xfr_q;
-	isc_uint32_t retries;
+	int retries;
 	int nsfound;
 	isc_uint16_t udpsize;
-	isc_int16_t edns;
 	isc_uint32_t ixfr_serial;
 	isc_buffer_t rdatabuf;
 	char rdatastore[MXNAME];
 	dst_context_t *tsigctx;
 	isc_buffer_t *querysig;
 	isc_uint32_t msgcounter;
-	dns_fixedname_t fdomain;
 };
 
-/*% The dig_query structure */
 struct dig_query {
 	dig_lookup_t *lookup;
 	isc_boolean_t waiting_connect,
-		pending_free,
-		waiting_senddone,
 		first_pass,
 		first_soa_rcvd,
 		second_rr_rcvd,
 		first_repeat_rcvd,
-		recv_made,
-		warn_id;
+		recv_made;
 	isc_uint32_t first_rr_serial;
 	isc_uint32_t second_rr_serial;
-	isc_uint32_t msg_count;
 	isc_uint32_t rr_count;
+	isc_uint32_t name_count;
 	char *servname;
-	char *userarg;
 	isc_bufferlist_t sendlist,
 		recvlist,
 		lengthlist;
@@ -216,13 +154,10 @@ struct dig_query {
 	ISC_LINK(dig_query_t) link;
 	isc_sockaddr_t sockaddr;
 	isc_time_t time_sent;
-	isc_uint64_t byte_count;
-	isc_buffer_t sendbuf;
 };
 
 struct dig_server {
 	char servername[MXNAME];
-	char userarg[MXNAME];
 	ISC_LINK(dig_server_t) link;
 };
 
@@ -230,74 +165,18 @@ struct dig_searchlist {
 	char origin[MXNAME];
 	ISC_LINK(dig_searchlist_t) link;
 };
-#ifdef DIG_SIGCHASE
-struct dig_message {
-		dns_message_t *msg;
-		ISC_LINK(dig_message_t) link;
-};
-#endif
-
-typedef ISC_LIST(dig_searchlist_t) dig_searchlistlist_t;
-typedef ISC_LIST(dig_lookup_t) dig_lookuplist_t;
-
-/*
- * Externals from dighost.c
- */
-
-extern dig_lookuplist_t lookup_list;
-extern dig_serverlist_t server_list;
-extern dig_searchlistlist_t search_list;
-extern unsigned int extrabytes;
-
-extern isc_boolean_t check_ra, have_ipv4, have_ipv6, specified_source,
-	usesearch, showsearch, qr;
-extern in_port_t port;
-extern unsigned int timeout;
-extern isc_mem_t *mctx;
-extern dns_messageid_t id;
-extern int sendcount;
-extern int ndots;
-extern int lookup_counter;
-extern int exitcode;
-extern isc_sockaddr_t bind_address;
-extern char keynametext[MXNAME];
-extern char keyfile[MXNAME];
-extern char keysecret[MXNAME];
-extern dns_name_t *hmacname;
-extern unsigned int digestbits;
-#ifdef DIG_SIGCHASE
-extern char trustedkey[MXNAME];
-#endif
-extern dns_tsigkey_t *key;
-extern isc_boolean_t validated;
-extern isc_taskmgr_t *taskmgr;
-extern isc_task_t *global_task;
-extern isc_boolean_t free_now;
-extern isc_boolean_t debugging, memdebugging;
-
-extern char *progname;
-extern int tries;
-extern int fatalexit;
-#ifdef WITH_IDN
-extern int idnoptions;
-#endif
 
 /*
  * Routines in dighost.c.
  */
-isc_result_t
+void
 get_address(char *host, in_port_t port, isc_sockaddr_t *sockaddr);
 
-isc_result_t
-get_reverse(char *reverse, size_t len, char *value, isc_boolean_t ip6_int,
-	    isc_boolean_t strict);
-
-ISC_PLATFORM_NORETURN_PRE void
-fatal(const char *format, ...)
-ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
+void
+fatal(const char *format, ...);
 
 void
-debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
+debug(const char *format, ...);
 
 void
 check_result(isc_result_t result, const char *msg);
@@ -305,9 +184,6 @@ check_result(isc_result_t result, const char *msg);
 void
 setup_lookup(dig_lookup_t *lookup);
 
-void
-destroy_lookup(dig_lookup_t *lookup);
-
 void
 do_lookup(dig_lookup_t *lookup);
 
@@ -326,13 +202,6 @@ setup_libs(void);
 void
 setup_system(void);
 
-isc_result_t
-parse_uint(isc_uint32_t *uip, const char *value, isc_uint32_t max,
-	   const char *desc);
-
-void
-parse_hmac(const char *hmacstr);
-
 dig_lookup_t *
 requeue_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
 
@@ -343,13 +212,7 @@ dig_lookup_t *
 clone_lookup(dig_lookup_t *lookold, isc_boolean_t servers);
 
 dig_server_t *
-make_server(const char *servname, const char *userarg);
-
-void
-flush_server_list(void);
-
-void
-set_nameserver(char *opt);
+make_server(const char *servname);
 
 void
 clone_server_list(dig_serverlist_t src,
@@ -361,39 +224,17 @@ cancel_all(void);
 void
 destroy_libs(void);
 
-void
-set_search_domain(char *domain);
-
-#ifdef DIG_SIGCHASE
-void
-clean_trustedkey(void);
-#endif
-
 /*
- * Routines to be defined in dig.c, host.c, and nslookup.c.
+ * Routines needed in dig.c and host.c.
  */
-#ifdef DIG_SIGCHASE
-isc_result_t
-printrdataset(dns_name_t *owner_name, dns_rdataset_t *rdataset,
-	      isc_buffer_t *target);
-#endif
-
 isc_result_t
 printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers);
-/*%<
- * Print the final result of the lookup.
- */
 
 void
-received(int bytes, isc_sockaddr_t *from, dig_query_t *query);
-/*%<
- * Print a message about where and when the response
- * was received from, like the final comment in the
- * output of "dig".
- */
+received(int bytes, int frmsize, char *frm, dig_query_t *query);
 
 void
-trying(char *frm, dig_lookup_t *lookup);
+trying(int frmsize, char *frm, dig_lookup_t *lookup);
 
 void
 dighost_shutdown(void);
@@ -401,14 +242,6 @@ dighost_shutdown(void);
 char *
 next_token(char **stringp, const char *delim);
 
-#ifdef DIG_SIGCHASE
-/* Chasing functions */
-dns_rdataset_t *
-chase_scanname(dns_name_t *name, dns_rdatatype_t type, dns_rdatatype_t covers);
-void
-chase_sig(dns_message_t *msg);
-#endif
-
 ISC_LANG_ENDDECLS
 
 #endif

bin/dnssec/.cvsignore

@@ -1,11 +1,5 @@
 Makefile
-dnssec-dsfromkey
-dnssec-keyfromlabel
 dnssec-keygen
 dnssec-makekeyset
-dnssec-revoke
-dnssec-settime
 dnssec-signkey
 dnssec-signzone
-*.lo
-.libs

bin/dnssec/Makefile.in

@@ -1,36 +1,33 @@
-# Copyright (C) 2004, 2005, 2007-2009  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 2000-2002  Internet Software Consortium.
-#
-# Permission to use, copy, modify, and/or distribute this software for any
+# Copyright (C) 2000  Internet Software Consortium.
+# 
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+# SOFTWARE.
 
-# $Id: Makefile.in,v 1.42 2009/12/05 23:31:40 each Exp $
+# $Id: Makefile.in,v 1.7 2000/06/22 21:49:01 tale Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
-@BIND9_VERSION@
-
-@BIND9_MAKE_INCLUDES@
+@BIND9_INCLUDES@
 
 CINCLUDES =	${DNS_INCLUDES} ${ISC_INCLUDES}
 
-CDEFINES =	-DVERSION=\"${VERSION}\" @USE_PKCS11@
+CDEFINES =
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@
 ISCLIBS =	../../lib/isc/libisc.@A@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
 
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
@@ -39,70 +36,39 @@ DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
 
 LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
 
-NOSYMLIBS =	${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
-
 # Alphabetically
-TARGETS =	dnssec-keygen@EXEEXT@ dnssec-signzone@EXEEXT@ \
-		dnssec-keyfromlabel@EXEEXT@ dnssec-dsfromkey@EXEEXT@ \
-		dnssec-revoke@EXEEXT@ dnssec-settime@EXEEXT@
+TARGETS =	dnssec-keygen \
+		dnssec-makekeyset \
+		dnssec-signkey \
+		dnssec-signzone
 
 OBJS =		dnssectool.@O@
 
-SRCS =		dnssec-dsfromkey.c dnssec-keyfromlabel.c dnssec-keygen.c \
-		dnssec-revoke.c dnssec-settime.c dnssec-signzone.c dnssectool.c
-
-MANPAGES =	dnssec-dsfromkey.8 dnssec-keyfromlabel.8 dnssec-keygen.8 \
-		dnssec-revoke.8 dnssec-settime.8 dnssec-signzone.8
-
-HTMLPAGES =	dnssec-dsfromkey.html dnssec-keyfromlabel.html \
-		dnssec-keygen.html dnssec-revoke.html \
-		dnssec-settime.html dnssec-signzone.html 
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
+SRCS =		dnssec-keygen.c dnssec-makekeyset.c \
+		dnssec-signkey.c dnssec-signzone.c \
+		dnssectool.c
 
 @BIND9_MAKE_RULES@
 
-dnssec-dsfromkey@EXEEXT@: dnssec-dsfromkey.@O@ ${OBJS} ${DEPLIBS}
-	export BASEOBJS="dnssec-dsfromkey.@O@ ${OBJS}"; \
-	${FINALBUILDCMD}
+dnssec-keygen: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-keygen.@O@ ${OBJS} ${LIBS}
 
-dnssec-keyfromlabel@EXEEXT@: dnssec-keyfromlabel.@O@ ${OBJS} ${DEPLIBS}
-	export BASEOBJS="dnssec-keyfromlabel.@O@ ${OBJS}"; \
-	${FINALBUILDCMD}
+dnssec-makekeyset: dnssec-makekeyset.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-makekeyset.@O@ ${OBJS} ${LIBS}
 
-dnssec-keygen@EXEEXT@: dnssec-keygen.@O@ ${OBJS} ${DEPLIBS}
-	export BASEOBJS="dnssec-keygen.@O@ ${OBJS}"; \
-	${FINALBUILDCMD}
+dnssec-signkey: dnssec-signkey.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-signkey.@O@ ${OBJS} ${LIBS}
 
-dnssec-signzone.@O@: dnssec-signzone.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
-		-c ${srcdir}/dnssec-signzone.c
-
-dnssec-signzone@EXEEXT@: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
-	export BASEOBJS="dnssec-signzone.@O@ ${OBJS}"; \
-	${FINALBUILDCMD}
-
-dnssec-revoke@EXEEXT@: dnssec-revoke.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dnssec-revoke.@O@ ${OBJS} ${LIBS}
-
-dnssec-settime@EXEEXT@: dnssec-settime.@O@ ${OBJS} ${DEPLIBS}
-	${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ \
-	dnssec-settime.@O@ ${OBJS} ${LIBS}
-
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
-
-install:: ${TARGETS} installdirs
-	for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done
-	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
+dnssec-signzone: dnssec-signzone.@O@ ${OBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ dnssec-signzone.@O@ ${OBJS} ${LIBS}
 
 clean distclean::
 	rm -f ${TARGETS}
 
+installdirs:
+	if [ ! -d ${DESTDIR}${sbindir} ]; then \
+		mkdir ${DESTDIR}${sbindir}; \
+	fi
+
+install:: ${TARGSTS} installdirs
+	${LIBTOOL} ${INSTALL_PROGRAM} ${TARGETS} ${DESTDIR}${sbindir}

bin/dnssec/dnssec-dsfromkey.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008, 2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-dsfromkey.8,v 1.12 2010/05/19 01:14:14 tbox Exp $
+.\" $Id: dnssec-dsfromkey.8,v 1.15 2011/10/26 01:14:51 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -32,9 +32,9 @@
 dnssec\-dsfromkey \- DNSSEC DS RR generation tool
 .SH "SYNOPSIS"
 .HP 17
-\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] {keyfile}
+\fBdnssec\-dsfromkey\fR [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] {keyfile}
 .HP 17
-\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
+\fBdnssec\-dsfromkey\fR {\-s} [\fB\-1\fR] [\fB\-2\fR] [\fB\-a\ \fR\fB\fIalg\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-s\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-T\ \fR\fB\fITTL\fR\fR] [\fB\-f\ \fR\fB\fIfile\fR\fR] [\fB\-A\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] {dnsname}
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-dsfromkey\fR
@@ -55,7 +55,12 @@ Use SHA\-256 as the digest algorithm.
 .RS 4
 Select the digest algorithm. The value of
 \fBalgorithm\fR
-must be one of SHA\-1 (SHA1) or SHA\-256 (SHA256). These values are case insensitive.
+must be one of SHA\-1 (SHA1), SHA\-256 (SHA256) or GOST. These values are case insensitive.
+.RE
+.PP
+\-T \fITTL\fR
+.RS 4
+Specifies the TTL of the DS records.
 .RE
 .PP
 \-K \fIdirectory\fR
@@ -71,6 +76,15 @@ files) in
 Zone file mode: in place of the keyfile name, the argument is the DNS domain name of a zone master file, which can be read from
 \fBfile\fR. If the zone name is the same as
 \fBfile\fR, then it may be omitted.
+.sp
+If
+\fBfile\fR
+is set to
+"\-", then the zone data is read from the standard input. This makes it possible to use the output of the
+\fBdig\fR
+command as input, as in:
+.sp
+\fBdig dnskey example.com | dnssec\-dsfromkey \-f \- example.com\fR
 .RE
 .PP
 \-A
@@ -139,5 +153,5 @@ RFC 4509.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2008, 2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008\-2011 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-dsfromkey.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2008-2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2008-2011  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-dsfromkey.c,v 1.18 2010/01/11 23:48:37 tbox Exp $ */
+/* $Id: dnssec-dsfromkey.c,v 1.24 2011/10/25 01:54:18 marka Exp $ */
 
 /*! \file */
 
@@ -31,12 +31,13 @@
 #include <isc/string.h>
 #include <isc/util.h>
 
+#include <dns/callbacks.h>
 #include <dns/db.h>
 #include <dns/dbiterator.h>
 #include <dns/ds.h>
 #include <dns/fixedname.h>
-#include <dns/log.h>
 #include <dns/keyvalues.h>
+#include <dns/log.h>
 #include <dns/master.h>
 #include <dns/name.h>
 #include <dns/rdata.h>
@@ -61,6 +62,7 @@ static dns_rdataclass_t rdclass;
 static dns_fixedname_t	fixed;
 static dns_name_t	*name = NULL;
 static isc_mem_t	*mctx = NULL;
+static isc_uint32_t	ttl;
 
 static isc_result_t
 initname(char *setname) {
@@ -76,8 +78,28 @@ initname(char *setname) {
 	return (result);
 }
 
+static void
+db_load_from_stream(dns_db_t *db, FILE *fp) {
+	isc_result_t result;
+	dns_rdatacallbacks_t callbacks;
+
+	dns_rdatacallbacks_init(&callbacks);
+	result = dns_db_beginload(db, &callbacks.add, &callbacks.add_private);
+	if (result != ISC_R_SUCCESS)
+		fatal("dns_db_beginload failed: %s", isc_result_totext(result));
+
+	result = dns_master_loadstream(fp, name, name, rdclass, 0,
+				       &callbacks, mctx);
+	if (result != ISC_R_SUCCESS)
+		fatal("can't load from input: %s", isc_result_totext(result));
+
+	result = dns_db_endload(db, &callbacks.add_private);
+	if (result != ISC_R_SUCCESS)
+		fatal("dns_db_endload failed: %s", isc_result_totext(result));
+}
+
 static isc_result_t
-loadsetfromfile(char *filename, dns_rdataset_t *rdataset) {
+loadset(const char *filename, dns_rdataset_t *rdataset) {
 	isc_result_t	 result;
 	dns_db_t	 *db = NULL;
 	dns_dbnode_t	 *node = NULL;
@@ -90,9 +112,15 @@ loadsetfromfile(char *filename, dns_rdataset_t *rdataset) {
 	if (result != ISC_R_SUCCESS)
 		fatal("can't create database");
 
-	result = dns_db_load(db, filename);
-	if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
-		fatal("can't load %s: %s", filename, isc_result_totext(result));
+	if (strcmp(filename, "-") == 0) {
+		db_load_from_stream(db, stdin);
+		filename = "input";
+	} else {
+		result = dns_db_load(db, filename);
+		if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
+			fatal("can't load %s: %s", filename,
+			      isc_result_totext(result));
+	}
 
 	result = dns_db_findnode(db, name, ISC_FALSE, &node);
 	if (result != ISC_R_SUCCESS)
@@ -141,7 +169,7 @@ loadkeyset(char *dirname, dns_rdataset_t *rdataset) {
 		return (ISC_R_NOSPACE);
 	isc_buffer_putuint8(&buf, 0);
 
-	return (loadsetfromfile(filename, rdataset));
+	return (loadset(filename, rdataset));
 }
 
 static void
@@ -265,12 +293,13 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
 		fatal("can't print class");
 
 	isc_buffer_usedregion(&nameb, &r);
-	isc_util_fwrite(r.base, 1, r.length, stdout);
+	printf("%.*s ", (int)r.length, r.base);
 
-	putchar(' ');
+	if (ttl != 0U)
+		printf("%u ", ttl);
 
 	isc_buffer_usedregion(&classb, &r);
-	isc_util_fwrite(r.base, 1, r.length, stdout);
+	printf("%.*s", (int)r.length, r.base);
 
 	if (lookaside == NULL)
 		printf(" DS ");
@@ -278,8 +307,7 @@ emit(unsigned int dtype, isc_boolean_t showall, char *lookaside,
 		printf(" DLV ");
 
 	isc_buffer_usedregion(&textb, &r);
-	isc_util_fwrite(r.base, 1, r.length, stdout);
-	putchar('\n');
+	printf("%.*s\n", (int)r.length, r.base);
 }
 
 ISC_PLATFORM_NORETURN_PRE static void
@@ -299,12 +327,13 @@ usage(void) {
 	fprintf(stderr, "    -K <directory>: directory in which to find "
 			"key file or keyset file\n");
 	fprintf(stderr, "    -a algorithm: digest algorithm "
-			"(SHA-1 or SHA-256)\n");
+			"(SHA-1, SHA-256 or GOST)\n");
 	fprintf(stderr, "    -1: use SHA-1\n");
 	fprintf(stderr, "    -2: use SHA-256\n");
 	fprintf(stderr, "    -l: add lookaside zone and print DLV records\n");
 	fprintf(stderr, "    -s: read keyset from keyset-<dnsname> file\n");
 	fprintf(stderr, "    -c class: rdata class for DS set (default: IN)\n");
+	fprintf(stderr, "    -T TTL\n");
 	fprintf(stderr, "    -f file: read keyset from zone file\n");
 	fprintf(stderr, "    -A: when used with -f, "
 			"include all keys in DS set, not just KSKs\n");
@@ -344,7 +373,7 @@ main(int argc, char **argv) {
 	isc_commandline_errprint = ISC_FALSE;
 
 	while ((ch = isc_commandline_parse(argc, argv,
-					   "12Aa:c:d:Ff:K:l:sv:h")) != -1) {
+					   "12Aa:c:d:Ff:K:l:sT:v:h")) != -1) {
 		switch (ch) {
 		case '1':
 			dtype = DNS_DSDIGEST_SHA1;
@@ -384,6 +413,9 @@ main(int argc, char **argv) {
 		case 's':
 			usekeyset = ISC_TRUE;
 			break;
+		case 'T':
+			ttl = atol(isc_commandline_argument);
+			break;
 		case 'v':
 			verbose = strtol(isc_commandline_argument, &endp, 0);
 			if (*endp != '\0')
@@ -414,6 +446,10 @@ main(int argc, char **argv) {
 		else if (strcasecmp(algname, "SHA256") == 0 ||
 			 strcasecmp(algname, "SHA-256") == 0)
 			dtype = DNS_DSDIGEST_SHA256;
+#ifdef HAVE_OPENSSL_GOST
+		else if (strcasecmp(algname, "GOST") == 0)
+			dtype = DNS_DSDIGEST_GOST;
+#endif
 		else
 			fatal("unknown algorithm %s", algname);
 	}
@@ -462,7 +498,7 @@ main(int argc, char **argv) {
 		if (usekeyset)
 			result = loadkeyset(dir, &rdataset);
 		else
-			result = loadsetfromfile(filename, &rdataset);
+			result = loadset(filename, &rdataset);
 
 		if (result != ISC_R_SUCCESS)
 			fatal("could not load DNSKEY set: %s\n",

bin/dnssec/dnssec-dsfromkey.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
                [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2008, 2009  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2011  Internet Systems Consortium, Inc. ("ISC")
  -
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-dsfromkey.docbook,v 1.10 2009/08/26 21:56:05 jreed Exp $ -->
+<!-- $Id: dnssec-dsfromkey.docbook,v 1.17 2011/10/25 01:54:18 marka Exp $ -->
 <refentry id="man.dnssec-dsfromkey">
   <refentryinfo>
     <date>August 26, 2009</date>
@@ -38,6 +38,8 @@
     <copyright>
       <year>2008</year>
       <year>2009</year>
+      <year>2010</year>
+      <year>2011</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -50,6 +52,7 @@
       <arg><option>-2</option></arg>
       <arg><option>-a <replaceable class="parameter">alg</replaceable></option></arg>
       <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
+      <arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
       <arg choice="req">keyfile</arg>
     </cmdsynopsis>
     <cmdsynopsis>
@@ -62,6 +65,7 @@
       <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
       <arg><option>-s</option></arg>
       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
+      <arg><option>-T <replaceable class="parameter">TTL</replaceable></option></arg>
       <arg><option>-f <replaceable class="parameter">file</replaceable></option></arg>
       <arg><option>-A</option></arg>
       <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
@@ -105,12 +109,21 @@
         <listitem>
           <para>
             Select the digest algorithm. The value of
-            <option>algorithm</option> must be one of SHA-1 (SHA1) or
-            SHA-256 (SHA256). These values are case insensitive.
+            <option>algorithm</option> must be one of SHA-1 (SHA1),
+            SHA-256 (SHA256) or GOST. These values are case insensitive.
           </para>
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-T <replaceable class="parameter">TTL</replaceable></term>
+        <listitem>
+          <para>
+            Specifies the TTL of the DS records.
+          </para>
+	  </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-K <replaceable class="parameter">directory</replaceable></term>
         <listitem>
@@ -131,6 +144,15 @@
             from <option>file</option>.  If the zone name is the same as
             <option>file</option>, then it may be omitted.
           </para>
+          <para>
+            If <option>file</option> is set to <literal>"-"</literal>, then
+            the zone data is read from the standard input.  This makes it
+            possible to use the output of the <command>dig</command>
+            command as input, as in:
+          </para>
+          <para>
+            <userinput>dig dnskey example.com | dnssec-dsfromkey -f - example.com</userinput>
+          </para>
         </listitem>
       </varlistentry>
 

bin/dnssec/dnssec-dsfromkey.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2008, 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-dsfromkey.html,v 1.12 2010/05/19 01:14:14 tbox Exp $ -->
+<!-- $Id: dnssec-dsfromkey.html,v 1.15 2011/10/26 01:14:50 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -28,18 +28,18 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] {keyfile}</p></div>
-<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] {keyfile}</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-dsfromkey</code>  {-s} [<code class="option">-1</code>] [<code class="option">-2</code>] [<code class="option">-a <em class="replaceable"><code>alg</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-s</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-T <em class="replaceable"><code>TTL</code></em></code>] [<code class="option">-f <em class="replaceable"><code>file</code></em></code>] [<code class="option">-A</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {dnsname}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543461"></a><h2>DESCRIPTION</h2>
+<a name="id2543484"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-dsfromkey</strong></span>
       outputs the Delegation Signer (DS) resource record (RR), as defined in
       RFC 3658 and RFC 4509, for the given key(s).
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543473"></a><h2>OPTIONS</h2>
+<a name="id2543496"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-1</span></dt>
 <dd><p>
@@ -53,8 +53,12 @@
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd><p>
             Select the digest algorithm. The value of
-            <code class="option">algorithm</code> must be one of SHA-1 (SHA1) or
-            SHA-256 (SHA256). These values are case insensitive.
+            <code class="option">algorithm</code> must be one of SHA-1 (SHA1),
+            SHA-256 (SHA256) or GOST. These values are case insensitive.
+          </p></dd>
+<dt><span class="term">-T <em class="replaceable"><code>TTL</code></em></span></dt>
+<dd><p>
+            Specifies the TTL of the DS records.
           </p></dd>
 <dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
@@ -63,12 +67,23 @@
             <code class="option">directory</code>.
           </p></dd>
 <dt><span class="term">-f <em class="replaceable"><code>file</code></em></span></dt>
-<dd><p>
+<dd>
+<p>
             Zone file mode: in place of the keyfile name, the argument is
             the DNS domain name of a zone master file, which can be read
             from <code class="option">file</code>.  If the zone name is the same as
             <code class="option">file</code>, then it may be omitted.
-          </p></dd>
+          </p>
+<p>
+            If <code class="option">file</code> is set to <code class="literal">"-"</code>, then
+            the zone data is read from the standard input.  This makes it
+            possible to use the output of the <span><strong class="command">dig</strong></span>
+            command as input, as in:
+          </p>
+<p>
+            <strong class="userinput"><code>dig dnskey example.com | dnssec-dsfromkey -f - example.com</code></strong>
+          </p>
+</dd>
 <dt><span class="term">-A</span></dt>
 <dd><p>
             Include ZSK's when generating DS records.  Without this option,
@@ -100,7 +115,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543659"></a><h2>EXAMPLE</h2>
+<a name="id2543722"></a><h2>EXAMPLE</h2>
 <p>
       To build the SHA-256 DS RR from the
       <strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
@@ -115,7 +130,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543689"></a><h2>FILES</h2>
+<a name="id2543752"></a><h2>FILES</h2>
 <p>
       The keyfile can be designed by the key identification
       <code class="filename">Knnnn.+aaa+iiiii</code> or the full file name
@@ -129,13 +144,13 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543724"></a><h2>CAVEAT</h2>
+<a name="id2543787"></a><h2>CAVEAT</h2>
 <p>
       A keyfile error can give a "file not found" even if the file exists.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543734"></a><h2>SEE ALSO</h2>
+<a name="id2543797"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -145,7 +160,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543773"></a><h2>AUTHOR</h2>
+<a name="id2543836"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dnssec/dnssec-keyfromlabel.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-keyfromlabel.8,v 1.17 2010/01/20 01:14:19 tbox Exp $
+.\" $Id: dnssec-keyfromlabel.8,v 1.20 2011/03/18 01:14:33 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -32,7 +32,7 @@
 dnssec\-keyfromlabel \- DNSSEC key generation tool
 .SH "SYNOPSIS"
 .HP 20
-\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name}
+\fBdnssec\-keyfromlabel\fR {\-l\ \fIlabel\fR} [\fB\-3\fR] [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-k\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-y\fR] {name}
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-keyfromlabel\fR
@@ -47,7 +47,7 @@ of the key is specified on the command line. This must match the name of the zon
 .RS 4
 Selects the cryptographic algorithm. The value of
 \fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512. These values are case insensitive.
+must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST. These values are case insensitive.
 .sp
 If no algorithm is specified, then RSASHA1 will be used by default, unless the
 \fB\-3\fR
@@ -122,6 +122,15 @@ Sets the directory in which the key files are to be written.
 Generate KEY records rather than DNSKEY records.
 .RE
 .PP
+\-L \fIttl\fR
+.RS 4
+Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
+0
+or
+none
+removes it.
+.RE
+.PP
 \-p \fIprotocol\fR
 .RS 4
 Sets the protocol value for the key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
@@ -162,7 +171,7 @@ Sets the date on which the key is to be activated. After that date, the key will
 Sets the date on which the key is to be revoked. After that date, the key will be flagged as revoked. It will be included in the zone and will be used to sign it.
 .RE
 .PP
-\-U \fIdate/offset\fR
+\-I \fIdate/offset\fR
 .RS 4
 Sets the date on which the key is to be retired. After that date, the key will still be included in the zone, but it will not be used to sign it.
 .RE
@@ -215,5 +224,5 @@ RFC 4034.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2008\-2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2008\-2011 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-keyfromlabel.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2007-2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2007-2011  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keyfromlabel.c,v 1.31 2010/01/19 23:48:55 tbox Exp $ */
+/* $Id: dnssec-keyfromlabel.c,v 1.38 2011/11/30 00:48:51 marka Exp $ */
 
 /*! \file */
 
@@ -55,7 +55,7 @@ int verbose;
 
 static const char *algs = "RSA | RSAMD5 | DH | DSA | RSASHA1 |"
 			  " NSEC3DSA | NSEC3RSASHA1 |"
-			  " RSASHA256 | RSASHA512";
+			  " RSASHA256 | RSASHA512 | ECCGOST";
 
 ISC_PLATFORM_NORETURN_PRE static void
 usage(void) ISC_PLATFORM_NORETURN_POST;
@@ -84,6 +84,7 @@ usage(void) {
 	fprintf(stderr, "    -K directory: directory in which to place "
 			"key files\n");
 	fprintf(stderr, "    -k: generate a TYPE=KEY key\n");
+	fprintf(stderr, "    -L ttl: default key TTL\n");
 	fprintf(stderr, "    -n nametype: ZONE | HOST | ENTITY | USER | OTHER\n");
 	fprintf(stderr, "        (DNSKEY generation defaults to ZONE\n");
 	fprintf(stderr, "    -p protocol: default: 3 [dnssec]\n");
@@ -110,7 +111,8 @@ usage(void) {
 
 int
 main(int argc, char **argv) {
-	char		*algname = NULL, *nametype = NULL, *type = NULL;
+	char		*algname = NULL, *freeit = NULL;
+	char		*nametype = NULL, *type = NULL;
 	const char	*directory = NULL;
 #ifdef USE_PKCS11
 	const char	*engine = "pkcs11";
@@ -137,12 +139,13 @@ main(int argc, char **argv) {
 	dns_rdataclass_t rdclass;
 	int		options = DST_TYPE_PRIVATE | DST_TYPE_PUBLIC;
 	char		*label = NULL;
+	dns_ttl_t	ttl = 0;
 	isc_stdtime_t	publish = 0, activate = 0, revoke = 0;
 	isc_stdtime_t	inactive = 0, delete = 0;
 	isc_stdtime_t	now;
 	isc_boolean_t	setpub = ISC_FALSE, setact = ISC_FALSE;
 	isc_boolean_t	setrev = ISC_FALSE, setinact = ISC_FALSE;
-	isc_boolean_t	setdel = ISC_FALSE;
+	isc_boolean_t	setdel = ISC_FALSE, setttl = ISC_FALSE;
 	isc_boolean_t	unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
 	isc_boolean_t	unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
 	isc_boolean_t	unsetdel = ISC_FALSE;
@@ -164,7 +167,7 @@ main(int argc, char **argv) {
 	isc_stdtime_get(&now);
 
 	while ((ch = isc_commandline_parse(argc, argv,
-				"3a:Cc:E:f:K:kl:n:p:t:v:yFhGP:A:R:I:D:")) != -1)
+			"3a:Cc:E:f:K:kl:L:n:p:t:v:yFhGP:A:R:I:D:")) != -1)
 	{
 	    switch (ch) {
 		case '3':
@@ -202,6 +205,13 @@ main(int argc, char **argv) {
 		case 'k':
 			options |= DST_TYPE_KEY;
 			break;
+		case 'L':
+			if (strcmp(isc_commandline_argument, "none") == 0)
+				ttl = 0;
+			else
+				ttl = strtottl(isc_commandline_argument);
+			setttl = ISC_TRUE;
+			break;
 		case 'l':
 			label = isc_mem_strdup(mctx, isc_commandline_argument);
 			break;
@@ -342,6 +352,9 @@ main(int argc, char **argv) {
 			algname = strdup(DEFAULT_NSEC3_ALGORITHM);
 		else
 			algname = strdup(DEFAULT_ALGORITHM);
+		if (algname == NULL)
+			fatal("strdup failed");
+		freeit = algname;
 		if (verbose > 0)
 			fprintf(stderr, "no algorithm specified; "
 				"defaulting to %s\n", algname);
@@ -364,7 +377,8 @@ main(int argc, char **argv) {
 
 	if (use_nsec3 &&
 	    alg != DST_ALG_NSEC3DSA && alg != DST_ALG_NSEC3RSASHA1 &&
-	    alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512) {
+	    alg != DST_ALG_RSASHA256 && alg != DST_ALG_RSASHA512 &&
+	    alg != DST_ALG_ECCGOST) {
 		fatal("%s is incompatible with NSEC3; "
 		      "do not use the -3 option", algname);
 	}
@@ -508,15 +522,21 @@ main(int argc, char **argv) {
 		dst_key_setprivateformat(key, 1, 2);
 	}
 
+	/* Set default key TTL */
+	if (setttl)
+		dst_key_setttl(key, ttl);
+
 	/*
 	 * Do not overwrite an existing key.  Warn LOUDLY if there
 	 * is a risk of ID collision due to this key or another key
 	 * being revoked.
 	 */
-	if (key_collision(dst_key_id(key), name, directory, alg, mctx, &exact))
-	{
+	if (key_collision(key, name, directory, mctx, &exact)) {
 		isc_buffer_clear(&buf);
 		ret = dst_key_buildfilename(key, 0, directory, &buf);
+		if (ret != ISC_R_SUCCESS)
+			fatal("dst_key_buildfilename returned: %s\n",
+			      isc_result_totext(ret));
 		if (exact)
 			fatal("%s: %s already exists\n", program, filename);
 
@@ -541,6 +561,9 @@ main(int argc, char **argv) {
 
 	isc_buffer_clear(&buf);
 	ret = dst_key_buildfilename(key, 0, NULL, &buf);
+	if (ret != ISC_R_SUCCESS)
+		fatal("dst_key_buildfilename returned: %s\n",
+		      isc_result_totext(ret));
 	printf("%s\n", filename);
 	dst_key_free(&key);
 
@@ -553,5 +576,8 @@ main(int argc, char **argv) {
 	isc_mem_free(mctx, label);
 	isc_mem_destroy(&mctx);
 
+	if (freeit != NULL)
+		free(freeit);
+
 	return (0);
 }

bin/dnssec/dnssec-keyfromlabel.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2008-2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2011  Internet Systems Consortium, Inc. ("ISC")
  -
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-keyfromlabel.docbook,v 1.17 2010/01/19 23:48:55 tbox Exp $ -->
+<!-- $Id: dnssec-keyfromlabel.docbook,v 1.21 2011/03/17 01:40:34 each Exp $ -->
 <refentry id="man.dnssec-keyfromlabel">
   <refentryinfo>
     <date>February 8, 2008</date>
@@ -39,6 +39,7 @@
       <year>2008</year>
       <year>2009</year>
       <year>2010</year>
+      <year>2011</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -58,6 +59,7 @@
       <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg><option>-k</option></arg>
       <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
+      <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">nametype</replaceable></option></arg>
       <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
@@ -93,7 +95,7 @@
 	  <para>
 	    Selects the cryptographic algorithm.  The value of
             <option>algorithm</option> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
+	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
 	    These values are case insensitive.
 	  </para>
           <para>
@@ -233,6 +235,20 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-L <replaceable class="parameter">ttl</replaceable></term>
+        <listitem>
+          <para>
+            Sets the default TTL to use for this key when it is converted
+            into a DNSKEY RR.  If the key is imported into a zone,
+            this is the TTL that will be used for it, unless there was
+            already a DNSKEY RRset in place, in which case the existing TTL
+            would take precedence.  Setting the default TTL to
+            <literal>0</literal> or <literal>none</literal> removes it.
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-p <replaceable class="parameter">protocol</replaceable></term>
         <listitem>
@@ -333,7 +349,7 @@
       </varlistentry>
 
       <varlistentry>
-        <term>-U <replaceable class="parameter">date/offset</replaceable></term>
+        <term>-I <replaceable class="parameter">date/offset</replaceable></term>
         <listitem>
           <para>
             Sets the date on which the key is to be retired.  After that

bin/dnssec/dnssec-keyfromlabel.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2008-2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2008-2011 Internet Systems Consortium, Inc. ("ISC")
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-keyfromlabel.html,v 1.16 2010/01/20 01:14:19 tbox Exp $ -->
+<!-- $Id: dnssec-keyfromlabel.html,v 1.19 2011/03/18 01:14:33 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -28,10 +28,10 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code>  {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-keyfromlabel</code>  {-l <em class="replaceable"><code>label</code></em>} [<code class="option">-3</code>] [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-k</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-y</code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543491"></a><h2>DESCRIPTION</h2>
+<a name="id2543502"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keyfromlabel</strong></span>
       gets keys with the given label from a crypto hardware and builds
       key files for DNSSEC (Secure DNS), as defined in RFC 2535
@@ -44,14 +44,14 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543509"></a><h2>OPTIONS</h2>
+<a name="id2543521"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
 <p>
 	    Selects the cryptographic algorithm.  The value of
             <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
+	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
 	    These values are case insensitive.
 	  </p>
 <p>
@@ -134,6 +134,15 @@
 <dd><p>
             Generate KEY records rather than DNSKEY records.
           </p></dd>
+<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
+<dd><p>
+            Sets the default TTL to use for this key when it is converted
+            into a DNSKEY RR.  If the key is imported into a zone,
+            this is the TTL that will be used for it, unless there was
+            already a DNSKEY RRset in place, in which case the existing TTL
+            would take precedence.  Setting the default TTL to
+            <code class="literal">0</code> or <code class="literal">none</code> removes it.
+          </p></dd>
 <dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
 <dd><p>
             Sets the protocol value for the key.  The protocol
@@ -163,7 +172,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543873"></a><h2>TIMING OPTIONS</h2>
+<a name="id2543976"></a><h2>TIMING OPTIONS</h2>
 <p>
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -195,7 +204,7 @@
             date, the key will be flagged as revoked.  It will be included
             in the zone and will be used to sign it.
           </p></dd>
-<dt><span class="term">-U <em class="replaceable"><code>date/offset</code></em></span></dt>
+<dt><span class="term">-I <em class="replaceable"><code>date/offset</code></em></span></dt>
 <dd><p>
             Sets the date on which the key is to be retired.  After that
             date, the key will still be included in the zone, but it
@@ -210,7 +219,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544039"></a><h2>GENERATED KEY FILES</h2>
+<a name="id2544074"></a><h2>GENERATED KEY FILES</h2>
 <p>
       When <span><strong class="command">dnssec-keyfromlabel</strong></span> completes
       successfully,
@@ -249,7 +258,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544112"></a><h2>SEE ALSO</h2>
+<a name="id2544147"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -257,7 +266,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544145"></a><h2>AUTHOR</h2>
+<a name="id2544180"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dnssec/dnssec-keygen.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005, 2007-2011 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-keygen.8,v 1.53 2009/11/03 21:58:30 tbox Exp $
+.\" $Id: dnssec-keygen.8,v 1.56 2011/03/18 01:14:33 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -33,7 +33,7 @@
 dnssec\-keygen \- DNSSEC key generation tool
 .SH "SYNOPSIS"
 .HP 14
-\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
+\fBdnssec\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-n\ \fR\fB\fInametype\fR\fR] [\fB\-3\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-C\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\fR] [\fB\-f\ \fR\fB\fIflag\fR\fR] [\fB\-G\fR] [\fB\-g\ \fR\fB\fIgenerator\fR\fR] [\fB\-h\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-k\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-p\ \fR\fB\fIprotocol\fR\fR] [\fB\-q\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\ \fR\fB\fIkey\fR\fR] [\fB\-s\ \fR\fB\fIstrength\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-z\fR] {name}
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-keygen\fR
@@ -48,7 +48,7 @@ of the key is specified on the command line. For DNSSEC keys, this must match th
 .RS 4
 Selects the cryptographic algorithm. For DNSSEC keys, the value of
 \fBalgorithm\fR
-must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
+must be one of RSAMD5, RSASHA1, DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST. For TSIG/TKEY, the value must be DH (Diffie Hellman), HMAC\-MD5, HMAC\-SHA1, HMAC\-SHA224, HMAC\-SHA256, HMAC\-SHA384, or HMAC\-SHA512. These values are case insensitive.
 .sp
 If no algorithm is specified, then RSASHA1 will be used by default, unless the
 \fB\-3\fR
@@ -81,7 +81,7 @@ must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a
 .PP
 \-3
 .RS 4
-Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default. Note that RSASHA256 and RSASHA512 algorithms are NSEC3\-capable.
+Use an NSEC3\-capable algorithm to generate a DNSSEC key. If this option is used and no algorithm is explicitly set on the command line, NSEC3RSASHA1 will be used by default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms are NSEC3\-capable.
 .RE
 .PP
 \-C
@@ -139,6 +139,15 @@ Sets the directory in which the key files are to be written.
 Deprecated in favor of \-T KEY.
 .RE
 .PP
+\-L \fIttl\fR
+.RS 4
+Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
+0
+or
+none
+removes it.
+.RE
+.PP
 \-p \fIprotocol\fR
 .RS 4
 Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
@@ -164,6 +173,11 @@ specifies the name of a character device or file containing random data to be us
 indicates that keyboard input should be used.
 .RE
 .PP
+\-S \fIkey\fR
+.RS 4
+Create a new key which is an explicit successor to an existing key. The name, algorithm, size, and type of the key will be set to match the existing key. The activation date of the new key will be set to the inactivation date of the existing one. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days.
+.RE
+.PP
 \-s \fIstrength\fR
 .RS 4
 Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
@@ -216,6 +230,15 @@ Sets the date on which the key is to be retired. After that date, the key will s
 .RS 4
 Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.)
 .RE
+.PP
+\-i \fIinterval\fR
+.RS 4
+Sets the prepublication interval for a key. If set, then the publication and activation dates must be separated by at least this much time. If the activation date is specified but the publication date isn't, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn't, then activation will be set to this much time after publication.
+.sp
+If the key is being created as an explicit successor to another key, then the default prepublication interval is 30 days; otherwise it is zero.
+.sp
+As with date offsets, if the argument is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the interval is measured in years, months, weeks, days, hours, or minutes, respectively. Without a suffix, the interval is measured in seconds.
+.RE
 .SH "GENERATED KEYS"
 .PP
 When
@@ -284,7 +307,7 @@ RFC 4034.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007\-2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004, 2005, 2007\-2011 Internet Systems Consortium, Inc. ("ISC")
 .br
 Copyright \(co 2000\-2003 Internet Software Consortium.
 .br

bin/dnssec/dnssec-keygen.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007-2009  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2011  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-keygen.docbook,v 1.33 2009/11/03 21:44:46 each Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.38 2011/03/17 23:47:29 tbox Exp $ -->
 <refentry id="man.dnssec-keygen">
   <refentryinfo>
     <date>June 30, 2000</date>
@@ -42,6 +42,8 @@
       <year>2007</year>
       <year>2008</year>
       <year>2009</year>
+      <year>2010</year>
+      <year>2011</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -71,13 +73,16 @@
       <arg><option>-g <replaceable class="parameter">generator</replaceable></option></arg>
       <arg><option>-h</option></arg>
       <arg><option>-I <replaceable class="parameter">date/offset</replaceable></option></arg>
+      <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
       <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
+      <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
       <arg><option>-k</option></arg>
       <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
       <arg><option>-q</option></arg>
       <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
+      <arg><option>-S <replaceable class="parameter">key</replaceable></option></arg>
       <arg><option>-s <replaceable class="parameter">strength</replaceable></option></arg>
       <arg><option>-t <replaceable class="parameter">type</replaceable></option></arg>
       <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
@@ -111,7 +116,7 @@
           <para>
             Selects the cryptographic algorithm.  For DNSSEC keys, the value
             of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
+	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
 	    For TSIG/TKEY, the value must
             be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
             HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
@@ -181,7 +186,7 @@
 	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
             If this option is used and no algorithm is explicitly
             set on the command line, NSEC3RSASHA1 will be used by
-            default. Note that RSASHA256 and RSASHA512 algorithms
+            default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms
 	    are NSEC3-capable.
           </para>
         </listitem>
@@ -293,6 +298,20 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-L <replaceable class="parameter">ttl</replaceable></term>
+        <listitem>
+          <para>
+            Sets the default TTL to use for this key when it is converted
+            into a DNSKEY RR.  If the key is imported into a zone,
+            this is the TTL that will be used for it, unless there was
+            already a DNSKEY RRset in place, in which case the existing TTL
+            would take precedence.  Setting the default TTL to
+            <literal>0</literal> or <literal>none</literal> removes it.
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-p <replaceable class="parameter">protocol</replaceable></term>
         <listitem>
@@ -341,6 +360,21 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-S <replaceable class="parameter">key</replaceable></term>
+        <listitem>
+          <para>
+            Create a new key which is an explicit successor to an
+            existing key.  The name, algorithm, size, and type of the
+            key will be set to match the existing key.  The activation
+            date of the new key will be set to the inactivation date of
+            the existing one.  The publication date will be set to the
+            activation date minus the prepublication interval, which
+            defaults to 30 days.
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-s <replaceable class="parameter">strength</replaceable></term>
         <listitem>
@@ -463,6 +497,34 @@
           </para>
         </listitem>
       </varlistentry>
+
+      <varlistentry>
+        <term>-i <replaceable class="parameter">interval</replaceable></term>
+        <listitem>
+          <para>
+            Sets the prepublication interval for a key.  If set, then
+            the publication and activation dates must be separated by at least
+            this much time.  If the activation date is specified but the
+            publication date isn't, then the publication date will default
+            to this much time before the activation date; conversely, if
+            the publication date is specified but activation date isn't,
+            then activation will be set to this much time after publication.
+          </para>
+          <para>
+            If the key is being created as an explicit successor to another
+            key, then the default prepublication interval is 30 days; 
+            otherwise it is zero.
+          </para>
+          <para>
+            As with date offsets, if the argument is followed by one of
+            the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the
+            interval is measured in years, months, weeks, days, hours,
+            or minutes, respectively.  Without a suffix, the interval is
+            measured in seconds.
+          </para>
+        </listitem>
+      </varlistentry>
+
     </variablelist>
   </refsect1>
 

bin/dnssec/dnssec-keygen.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004, 2005, 2007-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005, 2007-2011 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-keygen.html,v 1.45 2009/11/03 21:58:30 tbox Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.48 2011/03/18 01:14:33 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,10 +29,10 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>] [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>] [<code class="option">-n <em class="replaceable"><code>nametype</code></em></code>] [<code class="option">-3</code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-C</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-G</code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-k</code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-q</code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S <em class="replaceable"><code>key</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543558"></a><h2>DESCRIPTION</h2>
+<a name="id2543590"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keygen</strong></span>
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
       and RFC 4034.  It can also generate keys for use with
@@ -46,14 +46,14 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543576"></a><h2>OPTIONS</h2>
+<a name="id2543608"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
 <p>
             Selects the cryptographic algorithm.  For DNSSEC keys, the value
             of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
-	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256 or RSASHA512.
+	    DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512 or ECCGOST.
 	    For TSIG/TKEY, the value must
             be DH (Diffie Hellman), HMAC-MD5, HMAC-SHA1, HMAC-SHA224,
             HMAC-SHA256, HMAC-SHA384, or HMAC-SHA512.  These values are
@@ -111,7 +111,7 @@
 	    Use an NSEC3-capable algorithm to generate a DNSSEC key.
             If this option is used and no algorithm is explicitly
             set on the command line, NSEC3RSASHA1 will be used by
-            default. Note that RSASHA256 and RSASHA512 algorithms
+            default. Note that RSASHA256, RSASHA512 and ECCGOST algorithms
 	    are NSEC3-capable.
           </p></dd>
 <dt><span class="term">-C</span></dt>
@@ -170,6 +170,15 @@
 <dd><p>
             Deprecated in favor of -T KEY.
           </p></dd>
+<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
+<dd><p>
+            Sets the default TTL to use for this key when it is converted
+            into a DNSKEY RR.  If the key is imported into a zone,
+            this is the TTL that will be used for it, unless there was
+            already a DNSKEY RRset in place, in which case the existing TTL
+            would take precedence.  Setting the default TTL to
+            <code class="literal">0</code> or <code class="literal">none</code> removes it.
+          </p></dd>
 <dt><span class="term">-p <em class="replaceable"><code>protocol</code></em></span></dt>
 <dd><p>
             Sets the protocol value for the generated key.  The protocol
@@ -203,6 +212,16 @@
             <code class="filename">keyboard</code> indicates that keyboard
             input should be used.
           </p></dd>
+<dt><span class="term">-S <em class="replaceable"><code>key</code></em></span></dt>
+<dd><p>
+            Create a new key which is an explicit successor to an
+            existing key.  The name, algorithm, size, and type of the
+            key will be set to match the existing key.  The activation
+            date of the new key will be set to the inactivation date of
+            the existing one.  The publication date will be set to the
+            activation date minus the prepublication interval, which
+            defaults to 30 days.
+          </p></dd>
 <dt><span class="term">-s <em class="replaceable"><code>strength</code></em></span></dt>
 <dd><p>
             Specifies the strength value of the key.  The strength is
@@ -238,7 +257,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544128"></a><h2>TIMING OPTIONS</h2>
+<a name="id2544200"></a><h2>TIMING OPTIONS</h2>
 <p>
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -282,10 +301,34 @@
             date, the key will no longer be included in the zone.  (It
             may remain in the key repository, however.)
           </p></dd>
+<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
+<dd>
+<p>
+            Sets the prepublication interval for a key.  If set, then
+            the publication and activation dates must be separated by at least
+            this much time.  If the activation date is specified but the
+            publication date isn't, then the publication date will default
+            to this much time before the activation date; conversely, if
+            the publication date is specified but activation date isn't,
+            then activation will be set to this much time after publication.
+          </p>
+<p>
+            If the key is being created as an explicit successor to another
+            key, then the default prepublication interval is 30 days; 
+            otherwise it is zero.
+          </p>
+<p>
+            As with date offsets, if the argument is followed by one of
+            the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the
+            interval is measured in years, months, weeks, days, hours,
+            or minutes, respectively.  Without a suffix, the interval is
+            measured in seconds.
+          </p>
+</dd>
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544226"></a><h2>GENERATED KEYS</h2>
+<a name="id2544390"></a><h2>GENERATED KEYS</h2>
 <p>
       When <span><strong class="command">dnssec-keygen</strong></span> completes
       successfully,
@@ -331,7 +374,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544308"></a><h2>EXAMPLE</h2>
+<a name="id2544540"></a><h2>EXAMPLE</h2>
 <p>
       To generate a 768-bit DSA key for the domain
       <strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -352,7 +395,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544352"></a><h2>SEE ALSO</h2>
+<a name="id2544584"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 2539</em>,
@@ -361,7 +404,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544451"></a><h2>AUTHOR</h2>
+<a name="id2544615"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dnssec/dnssec-makekeyset.c

@@ -0,0 +1,424 @@
+/*
+ * Portions Copyright (C) 2000  Internet Software Consortium.
+ * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND
+ * NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
+ * SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK
+ * ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dnssec-makekeyset.c,v 1.28.2.2 2000/08/15 01:20:32 gson Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dnssec.h>
+#include <dns/fixedname.h>
+#include <dns/log.h>
+#include <dns/rdata.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/result.h>
+#include <dns/secalg.h>
+#include <dns/time.h>
+
+#include <dst/dst.h>
+
+#include "dnssectool.h"
+
+#define BUFSIZE 2048
+
+const char *program = "dnssec-makekeyset";
+int verbose;
+
+typedef struct keynode keynode_t;
+struct keynode {
+	dst_key_t *key;
+	ISC_LINK(keynode_t) link;
+};
+typedef ISC_LIST(keynode_t) keylist_t;
+
+static isc_stdtime_t starttime = 0, endtime = 0, now;
+static int ttl = -1;
+
+static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
+
+static keylist_t keylist;
+
+static isc_stdtime_t
+strtotime(char *str, isc_int64_t now, isc_int64_t base) {
+	isc_int64_t val, offset;
+	isc_result_t result;
+	char *endp;
+
+	if (str[0] == '+') {
+		offset = strtol(str + 1, &endp, 0);
+		if (*endp != '\0')
+			fatal("time value %s is invalid", str);
+		val = base + offset;
+	} else if (strncmp(str, "now+", 4) == 0) {
+		offset = strtol(str + 4, &endp, 0);
+		if (*endp != '\0')
+			fatal("time value %s is invalid", str);
+		val = now + offset;
+	} else {
+		result = dns_time64_fromtext(str, &val);
+		if (result != ISC_R_SUCCESS)
+			fatal("time %s must be numeric", str);
+	}
+
+	return ((isc_stdtime_t) val);
+}
+
+static void
+usage(void) {
+	fprintf(stderr, "Usage:\n");
+	fprintf(stderr, "\t%s [options] keys\n", program);
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "Options: (default value in parenthesis) \n");
+	fprintf(stderr, "\t-s YYYYMMDDHHMMSS|+offset:\n");
+	fprintf(stderr, "\t\tSIG start time - absolute|offset (now)\n");
+	fprintf(stderr, "\t-e YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
+	fprintf(stderr, "\t\tSIG end time  - "
+			     "absolute|from start|from now (now + 30 days)\n");
+	fprintf(stderr, "\t-t ttl\n");
+	fprintf(stderr, "\t-r randomdev:\n");
+	fprintf(stderr, "\t\ta file containing random data\n");
+	fprintf(stderr, "\t-v level:\n");
+	fprintf(stderr, "\t\tverbose level (0)\n");
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "keys:\n");
+	fprintf(stderr, "\tkeyfile (Kname+alg+tag)\n");
+	exit(0);
+}
+
+int
+main(int argc, char *argv[]) {
+	int i, ch;
+	char *startstr = NULL, *endstr = NULL;
+	char *randomfile = NULL;
+	dns_fixedname_t fdomain;
+	dns_name_t *domain = NULL;
+	char *output = NULL;
+	char *endp;
+	unsigned char *data;
+	dns_db_t *db;
+	dns_dbnode_t *node;
+	dns_dbversion_t *version;
+	dst_key_t *key = NULL;
+	dns_rdata_t *rdata;
+	dns_rdatalist_t rdatalist, sigrdatalist;
+	dns_rdataset_t rdataset, sigrdataset;
+	isc_result_t result;
+	isc_buffer_t b;
+	isc_region_t r;
+	isc_log_t *log = NULL;
+	keynode_t *keynode;
+	dns_name_t *savedname = NULL;
+
+	result = isc_mem_create(0, 0, &mctx);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to create memory context: %s",
+		      isc_result_totext(result));
+
+	dns_result_register();
+
+	while ((ch = isc_commandline_parse(argc, argv, "s:e:t:r:v:h")) != -1)
+	{
+		switch (ch) {
+		case 's':
+			startstr = isc_mem_strdup(mctx,
+						  isc_commandline_argument);
+			if (startstr == NULL)
+				fatal("out of memory");
+			break;
+
+		case 'e':
+			endstr = isc_mem_strdup(mctx,
+						isc_commandline_argument);
+			if (endstr == NULL)
+				fatal("out of memory");
+			break;
+
+		case 't':
+			endp = NULL;
+			ttl = strtol(isc_commandline_argument, &endp, 0);
+			if (*endp != '\0')
+				fatal("TTL must be numeric");
+			break;
+
+		case 'r':
+			randomfile = isc_mem_strdup(mctx,
+						    isc_commandline_argument);
+			if (randomfile == NULL)
+				fatal("out of memory");
+			break;
+
+		case 'v':
+			endp = NULL;
+			verbose = strtol(isc_commandline_argument, &endp, 0);
+			if (*endp != '\0')
+				fatal("verbose level must be numeric");
+			break;
+
+		case 'h':
+		default:
+			usage();
+
+		}
+	}
+
+	argc -= isc_commandline_index;
+	argv += isc_commandline_index;
+
+	if (argc < 1)
+		usage();
+
+	setup_entropy(mctx, randomfile, &ectx);
+	if (randomfile != NULL)
+		isc_mem_free(mctx, randomfile);
+	result = dst_lib_init(mctx, ectx,
+			      ISC_ENTROPY_BLOCKING | ISC_ENTROPY_GOODONLY);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not initialize dst");
+
+	isc_stdtime_get(&now);
+
+	if (startstr != NULL) {
+		starttime = strtotime(startstr, now, now);
+		isc_mem_free(mctx, startstr);
+	}
+	else
+		starttime = now;
+
+	if (endstr != NULL) {
+		endtime = strtotime(endstr, now, starttime);
+		isc_mem_free(mctx, endstr);
+	}
+	else
+		endtime = starttime + (30 * 24 * 60 * 60);
+
+	if (ttl == -1) {
+		ttl = 3600;
+		fprintf(stderr, "%s: TTL not specified, assuming 3600\n",
+			program);
+	}
+
+	setup_logging(verbose, mctx, &log);
+
+	dns_rdatalist_init(&rdatalist);
+	rdatalist.rdclass = dns_rdataclass_in;
+	rdatalist.type = dns_rdatatype_key;
+	rdatalist.covers = 0;
+	rdatalist.ttl = ttl;
+
+	ISC_LIST_INIT(keylist);
+
+	for (i = 0; i < argc; i++) {
+		char namestr[1025];
+		key = NULL;
+		result = dst_key_fromnamedfile(argv[i], DST_TYPE_PUBLIC,
+					       mctx, &key);
+		if (result != ISC_R_SUCCESS)
+			fatal("error loading key from %s", argv[i]);
+
+		strncpy(namestr, nametostr(dst_key_name(key)),
+			sizeof(namestr) - 1);
+		namestr[sizeof(namestr) - 1] = 0;
+
+		if (savedname == NULL) {
+			savedname = isc_mem_get(mctx, sizeof(dns_name_t));
+			if (savedname == NULL)
+				fatal("out of memory");
+			dns_name_init(savedname, NULL);
+			result = dns_name_dup(dst_key_name(key), mctx,
+					      savedname);
+			if (result != ISC_R_SUCCESS)
+				fatal("out of memory");
+		} else {
+			if (!dns_name_equal(savedname, dst_key_name(key)) != 0)
+				fatal("all keys must have the same owner - %s "
+				      "and %s do not match",
+				      nametostr(savedname), namestr);
+		}
+		if (output == NULL) {
+			output = isc_mem_allocate(mctx,
+						  strlen(namestr) +
+						  strlen("keyset") + 1);
+			if (output == NULL)
+				fatal("out of memory");
+			strcpy(output, namestr);
+			strcat(output, "keyset");
+		}
+		if (domain == NULL) {
+			dns_fixedname_init(&fdomain);
+			domain = dns_fixedname_name(&fdomain);
+			isc_buffer_init(&b, namestr, strlen(namestr));
+			isc_buffer_add(&b, strlen(namestr));
+			result = dns_name_fromtext(domain, &b, dns_rootname,
+						   ISC_FALSE, NULL);
+			if (result != ISC_R_SUCCESS)
+				fatal("%s is not a valid name: %s",
+				      namestr, isc_result_totext(result));
+		}
+		if (dst_key_iszonekey(key)) {
+			dst_key_t *zonekey = NULL;
+			result = dst_key_fromnamedfile(argv[i],
+						       DST_TYPE_PRIVATE,
+						       mctx, &zonekey);
+			if (result != ISC_R_SUCCESS)
+				fatal("failed to read key %s: %s",
+				      argv[i], isc_result_totext(result));
+			keynode = isc_mem_get(mctx, sizeof (keynode_t));
+			if (keynode == NULL)
+				fatal("out of memory");
+			keynode->key = zonekey;
+			ISC_LINK_INIT(keynode, link);
+			ISC_LIST_APPEND(keylist, keynode, link);
+		}
+		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
+		if (rdata == NULL)
+			fatal("out of memory");
+		data = isc_mem_get(mctx, BUFSIZE);
+		if (data == NULL)
+			fatal("out of memory");
+		isc_buffer_init(&b, data, BUFSIZE);
+		result = dst_key_todns(key, &b);
+		if (result != ISC_R_SUCCESS)
+			fatal("failed to convert key %s to a DNS KEY: %s",
+			      argv[i], isc_result_totext(result));
+		isc_buffer_usedregion(&b, &r);
+		dns_rdata_fromregion(rdata, dns_rdataclass_in,
+				     dns_rdatatype_key, &r);
+		ISC_LIST_APPEND(rdatalist.rdata, rdata, link);
+		dst_key_free(&key);
+	}
+
+	dns_rdataset_init(&rdataset);
+	result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
+	check_result(result, "dns_rdatalist_tordataset()");
+
+	dns_rdatalist_init(&sigrdatalist);
+	sigrdatalist.rdclass = dns_rdataclass_in;
+	sigrdatalist.type = dns_rdatatype_sig;
+	sigrdatalist.covers = dns_rdatatype_key;
+	sigrdatalist.ttl = ttl;
+
+	if (ISC_LIST_EMPTY(keylist))
+		fprintf(stderr,
+			"%s: no private zone key found; not self-signing\n",
+			program);
+	for (keynode = ISC_LIST_HEAD(keylist);
+	     keynode != NULL;
+	     keynode = ISC_LIST_NEXT(keynode, link))
+	{
+		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
+		if (rdata == NULL)
+			fatal("out of memory");
+		data = isc_mem_get(mctx, BUFSIZE);
+		if (data == NULL)
+			fatal("out of memory");
+		isc_buffer_init(&b, data, BUFSIZE);
+		result = dns_dnssec_sign(domain, &rdataset, keynode->key,
+					 &starttime, &endtime, mctx, &b,
+					 rdata);
+		isc_entropy_stopcallbacksources(ectx);
+		if (result != ISC_R_SUCCESS)
+			fatal("failed to sign keyset with key %s/%s/%d: %s",
+			      nametostr(dst_key_name(keynode->key)),
+			      algtostr(dst_key_alg(keynode->key)),
+			      dst_key_id(keynode->key),
+			      isc_result_totext(result));
+		ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link);
+		dns_rdataset_init(&sigrdataset);
+		result = dns_rdatalist_tordataset(&sigrdatalist, &sigrdataset);
+		check_result(result, "dns_rdatalist_tordataset()");
+	}
+
+	db = NULL;
+	result = dns_db_create(mctx, "rbt", domain, dns_dbtype_zone,
+			       dns_rdataclass_in, 0, NULL, &db);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to create a database for %s", nametostr(domain));
+
+	version = NULL;
+	dns_db_newversion(db, &version);
+
+	node = NULL;
+	result = dns_db_findnode(db, domain, ISC_TRUE, &node);
+	check_result(result, "dns_db_findnode()");
+
+	dns_db_addrdataset(db, node, version, 0, &rdataset, 0, NULL);
+	if (!ISC_LIST_EMPTY(keylist))
+		dns_db_addrdataset(db, node, version, 0, &sigrdataset, 0,
+				   NULL);
+
+	dns_db_detachnode(db, &node);
+	dns_db_closeversion(db, &version, ISC_TRUE);
+	result = dns_db_dump(db, version, output);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to write database for %s to %s",
+		      nametostr(domain), output);
+
+	dns_db_detach(&db);
+
+	dns_rdataset_disassociate(&rdataset);
+	while (!ISC_LIST_EMPTY(rdatalist.rdata)) {
+		rdata = ISC_LIST_HEAD(rdatalist.rdata);
+		ISC_LIST_UNLINK(rdatalist.rdata, rdata, link);
+		isc_mem_put(mctx, rdata->data, BUFSIZE);
+		isc_mem_put(mctx, rdata, sizeof *rdata);
+	}
+	while (!ISC_LIST_EMPTY(sigrdatalist.rdata)) {
+		rdata = ISC_LIST_HEAD(sigrdatalist.rdata);
+		ISC_LIST_UNLINK(sigrdatalist.rdata, rdata, link);
+		isc_mem_put(mctx, rdata->data, BUFSIZE);
+		isc_mem_put(mctx, rdata, sizeof *rdata);
+	}
+
+	while (!ISC_LIST_EMPTY(keylist)) {
+		keynode = ISC_LIST_HEAD(keylist);
+		ISC_LIST_UNLINK(keylist, keynode, link);
+		dst_key_free(&keynode->key);
+		isc_mem_put(mctx, keynode, sizeof(keynode_t));
+	}
+
+	if (savedname != NULL) {
+		dns_name_free(savedname, mctx);
+		isc_mem_put(mctx, savedname, sizeof(dns_name_t));
+	}
+
+	if (log != NULL)
+		isc_log_destroy(&log);
+	cleanup_entropy(&ectx);
+
+	isc_mem_free(mctx, output);
+	dst_lib_destroy();
+	if (verbose > 10)
+		isc_mem_stats(mctx, stdout);
+	isc_mem_destroy(&mctx);
+	return (0);
+}

bin/dnssec/dnssec-revoke.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-revoke.8,v 1.9 2010/05/19 01:14:14 tbox Exp $
+.\" $Id: dnssec-revoke.8,v 1.10 2011/10/21 01:14:50 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -32,7 +32,7 @@
 dnssec\-revoke \- Set the REVOKED bit on a DNSSEC key
 .SH "SYNOPSIS"
 .HP 14
-\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] {keyfile}
+\fBdnssec\-revoke\fR [\fB\-hr\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-f\fR] [\fB\-R\fR] {keyfile}
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-revoke\fR
@@ -70,6 +70,11 @@ Force overwrite: Causes
 \fBdnssec\-revoke\fR
 to write the new key pair even if a file already exists matching the algorithm and key ID of the revoked key.
 .RE
+.PP
+\-R
+.RS 4
+Print the key tag of the key with the REVOKE bit set but do not revoke the key.
+.RE
 .SH "SEE ALSO"
 .PP
 \fBdnssec\-keygen\fR(8),
@@ -79,5 +84,5 @@ RFC 5011.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-revoke.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2011  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-revoke.c,v 1.22 2010/05/06 23:50:56 tbox Exp $ */
+/* $Id: dnssec-revoke.c,v 1.24 2011/10/20 23:46:51 tbox Exp $ */
 
 /*! \file */
 
@@ -92,6 +92,7 @@ main(int argc, char **argv) {
 	isc_buffer_t buf;
 	isc_boolean_t force = ISC_FALSE;
 	isc_boolean_t remove = ISC_FALSE;
+	isc_boolean_t id = ISC_FALSE;
 
 	if (argc == 1)
 		usage();
@@ -104,7 +105,7 @@ main(int argc, char **argv) {
 
 	isc_commandline_errprint = ISC_FALSE;
 
-	while ((ch = isc_commandline_parse(argc, argv, "E:fK:rhv:")) != -1) {
+	while ((ch = isc_commandline_parse(argc, argv, "E:fK:rRhv:")) != -1) {
 		switch (ch) {
 		    case 'E':
 			engine = isc_commandline_argument;
@@ -126,6 +127,9 @@ main(int argc, char **argv) {
 		    case 'r':
 			remove = ISC_TRUE;
 			break;
+		    case 'R':
+			id = ISC_TRUE;
+			break;
 		    case 'v':
 			verbose = strtol(isc_commandline_argument, &endp, 0);
 			if (*endp != '\0')
@@ -186,6 +190,10 @@ main(int argc, char **argv) {
 		fatal("Invalid keyfile name %s: %s",
 		      filename, isc_result_totext(result));
 
+	if (id) {
+		fprintf(stdout, "%u\n", dst_key_rid(key));
+		goto cleanup;
+	}
 	dst_key_format(key, keystr, sizeof(keystr));
 
 	if (verbose > 2)

bin/dnssec/dnssec-revoke.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
                [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2011  Internet Systems Consortium, Inc. ("ISC")
  -
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-revoke.docbook,v 1.7 2009/11/03 21:44:46 each Exp $ -->
+<!-- $Id: dnssec-revoke.docbook,v 1.9 2011/10/20 23:46:51 tbox Exp $ -->
 <refentry id="man.dnssec-revoke">
   <refentryinfo>
     <date>June 1, 2009</date>
@@ -37,6 +37,7 @@
   <docinfo>
     <copyright>
       <year>2009</year>
+      <year>2011</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -49,6 +50,7 @@
       <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
       <arg><option>-f</option></arg>
+      <arg><option>-R</option></arg>
       <arg choice="req">keyfile</arg>
     </cmdsynopsis>
   </refsynopsisdiv>
@@ -123,6 +125,16 @@
           </para>
         </listitem>
       </varlistentry>
+
+      <varlistentry>
+        <term>-R</term>
+        <listitem>
+          <para>
+	    Print the key tag of the key with the REVOKE bit set but do
+	    not revoke the key.
+          </para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 

bin/dnssec/dnssec-revoke.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009, 2011 Internet Systems Consortium, Inc. ("ISC")
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-revoke.html,v 1.9 2010/05/19 01:14:14 tbox Exp $ -->
+<!-- $Id: dnssec-revoke.html,v 1.10 2011/10/21 01:14:50 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -28,10 +28,10 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code>  [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] {keyfile}</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-revoke</code>  [<code class="option">-hr</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-f</code>] [<code class="option">-R</code>] {keyfile}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543373"></a><h2>DESCRIPTION</h2>
+<a name="id2543381"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-revoke</strong></span>
       reads a DNSSEC key file, sets the REVOKED bit on the key as defined
       in RFC 5011, and creates a new pair of key files containing the
@@ -39,7 +39,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543385"></a><h2>OPTIONS</h2>
+<a name="id2543393"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-h</span></dt>
 <dd><p>
@@ -69,17 +69,22 @@
             write the new key pair even if a file already exists matching
             the algorithm and key ID of the revoked key.
           </p></dd>
+<dt><span class="term">-R</span></dt>
+<dd><p>
+	    Print the key tag of the key with the REVOKE bit set but do
+	    not revoke the key.
+          </p></dd>
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543491"></a><h2>SEE ALSO</h2>
+<a name="id2543511"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 5011</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543515"></a><h2>AUTHOR</h2>
+<a name="id2543536"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dnssec/dnssec-settime.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -12,7 +12,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-settime.8,v 1.13 2010/05/19 01:14:14 tbox Exp $
+.\" $Id: dnssec-settime.8,v 1.17 2011/11/05 01:14:48 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -32,7 +32,7 @@
 dnssec\-settime \- Set the key timing metadata for a DNSSEC key
 .SH "SYNOPSIS"
 .HP 15
-\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
+\fBdnssec\-settime\fR [\fB\-f\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-L\ \fR\fB\fIttl\fR\fR] [\fB\-P\ \fR\fB\fIdate/offset\fR\fR] [\fB\-A\ \fR\fB\fIdate/offset\fR\fR] [\fB\-R\ \fR\fB\fIdate/offset\fR\fR] [\fB\-I\ \fR\fB\fIdate/offset\fR\fR] [\fB\-D\ \fR\fB\fIdate/offset\fR\fR] [\fB\-h\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] {keyfile}
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-settime\fR
@@ -52,14 +52,14 @@ simply prints the key timing metadata already stored in the key.
 .PP
 When key metadata fields are changed, both files of a key pair (\fIKnnnn.+aaa+iiiii.key\fR
 and
-\fIKnnnn.+aaa+iiiii.private\fR) are regenerated. Metadata fields are stored in the private file. A human\-readable description of the metadata is also placed in comments in the key file.
+\fIKnnnn.+aaa+iiiii.private\fR) are regenerated. Metadata fields are stored in the private file. A human\-readable description of the metadata is also placed in comments in the key file. The private file's permissions are always set to be inaccessible to anyone other than the owner (mode 0600).
 .SH "OPTIONS"
 .PP
 \-f
 .RS 4
 Force an update of an old\-format key with no metadata fields. Without this option,
 \fBdnssec\-settime\fR
-will fail when attempting to update a legacy key. With this option, the key will be recreated in the new format, but with the original key data retained. The key's creation date will be set to the present time.
+will fail when attempting to update a legacy key. With this option, the key will be recreated in the new format, but with the original key data retained. The key's creation date will be set to the present time. If no other values are specified, then the key's publication and activation dates will also be set to the present time.
 .RE
 .PP
 \-K \fIdirectory\fR
@@ -67,6 +67,15 @@ will fail when attempting to update a legacy key. With this option, the key will
 Sets the directory in which the key files are to reside.
 .RE
 .PP
+\-L \fIttl\fR
+.RS 4
+Sets the default TTL to use for this key when it is converted into a DNSKEY RR. If the key is imported into a zone, this is the TTL that will be used for it, unless there was already a DNSKEY RRset in place, in which case the existing TTL would take precedence. Setting the default TTL to
+0
+or
+none
+removes it.
+.RE
+.PP
 \-h
 .RS 4
 Emit usage message and exit.
@@ -109,6 +118,20 @@ Sets the date on which the key is to be retired. After that date, the key will s
 .RS 4
 Sets the date on which the key is to be deleted. After that date, the key will no longer be included in the zone. (It may remain in the key repository, however.)
 .RE
+.PP
+\-S \fIpredecessor key\fR
+.RS 4
+Select a key for which the key being modified will be an explicit successor. The name, algorithm, size, and type of the predecessor key must exactly match those of the key being modified. The activation date of the successor key will be set to the inactivation date of the predecessor. The publication date will be set to the activation date minus the prepublication interval, which defaults to 30 days.
+.RE
+.PP
+\-i \fIinterval\fR
+.RS 4
+Sets the prepublication interval for a key. If set, then the publication and activation dates must be separated by at least this much time. If the activation date is specified but the publication date isn't, then the publication date will default to this much time before the activation date; conversely, if the publication date is specified but activation date isn't, then activation will be set to this much time after publication.
+.sp
+If the key is being set to be an explicit successor to another key, then the default prepublication interval is 30 days; otherwise it is zero.
+.sp
+As with date offsets, if the argument is followed by one of the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the interval is measured in years, months, weeks, days, hours, or minutes, respectively. Without a suffix, the interval is measured in seconds.
+.RE
 .SH "PRINTING OPTIONS"
 .PP
 \fBdnssec\-settime\fR
@@ -148,5 +171,5 @@ RFC 5011.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2009\-2011 Internet Systems Consortium, Inc. ("ISC")
 .br

bin/dnssec/dnssec-settime.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2009-2011  Internet Systems Consortium, Inc. ("ISC")
  *
  * Permission to use, copy, modify, and/or distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-settime.c,v 1.25 2010/02/03 01:02:37 each Exp $ */
+/* $Id: dnssec-settime.c,v 1.32 2011/06/02 20:24:45 each Exp $ */
 
 /*! \file */
 
@@ -66,6 +66,7 @@ usage(void) {
 	fprintf(stderr, "    -f:                 force update of old-style "
 						 "keys\n");
 	fprintf(stderr, "    -K directory:       set key file location\n");
+	fprintf(stderr, "    -L ttl:             set default key TTL\n");
 	fprintf(stderr, "    -v level:           set level of verbosity\n");
 	fprintf(stderr, "    -h:                 help\n");
 	fprintf(stderr, "Timing options:\n");
@@ -81,8 +82,7 @@ usage(void) {
 						     "deletion date\n");
 	fprintf(stderr, "Printing options:\n");
 	fprintf(stderr, "    -p C/P/A/R/I/D/all: print a particular time "
-						"value or values "
-						"[default: all]\n");
+						"value or values\n");
 	fprintf(stderr, "    -u:                 print times in unix epoch "
 						"format\n");
 	fprintf(stderr, "Output:\n");
@@ -117,25 +117,33 @@ printtime(dst_key_t *key, int type, const char *tag, isc_boolean_t epoch,
 
 int
 main(int argc, char **argv) {
-	isc_result_t result;
+	isc_result_t	result;
 #ifdef USE_PKCS11
-	const char *engine = "pkcs11";
+	const char	*engine = "pkcs11";
 #else
-	const char *engine = NULL;
+	const char	*engine = NULL;
 #endif
-	char *filename = NULL, *directory = NULL;
-	char newname[1024];
-	char keystr[DST_KEY_FORMATSIZE];
-	char *endp, *p;
-	int ch;
-	isc_entropy_t *ectx = NULL;
-	dst_key_t *key = NULL;
-	isc_buffer_t buf;
+	char		*filename = NULL, *directory = NULL;
+	char		newname[1024];
+	char		keystr[DST_KEY_FORMATSIZE];
+	char		*endp, *p;
+	int		ch;
+	isc_entropy_t	*ectx = NULL;
+	const char	*predecessor = NULL;
+	dst_key_t	*prevkey = NULL;
+	dst_key_t	*key = NULL;
+	isc_buffer_t	buf;
+	dns_name_t	*name = NULL;
+	dns_secalg_t 	alg = 0;
+	unsigned int 	size = 0;
+	isc_uint16_t	flags = 0;
+	int		prepub = -1;
+	dns_ttl_t	ttl = 0;
 	isc_stdtime_t	now;
 	isc_stdtime_t	pub = 0, act = 0, rev = 0, inact = 0, del = 0;
 	isc_boolean_t	setpub = ISC_FALSE, setact = ISC_FALSE;
 	isc_boolean_t	setrev = ISC_FALSE, setinact = ISC_FALSE;
-	isc_boolean_t	setdel = ISC_FALSE;
+	isc_boolean_t	setdel = ISC_FALSE, setttl = ISC_FALSE;
 	isc_boolean_t	unsetpub = ISC_FALSE, unsetact = ISC_FALSE;
 	isc_boolean_t	unsetrev = ISC_FALSE, unsetinact = ISC_FALSE;
 	isc_boolean_t	unsetdel = ISC_FALSE;
@@ -159,8 +167,8 @@ main(int argc, char **argv) {
 
 	isc_stdtime_get(&now);
 
-	while ((ch = isc_commandline_parse(argc, argv,
-					   "E:fK:uhp:v:P:A:R:I:D:")) != -1) {
+#define CMDLINE_FLAGS "A:D:E:fhI:i:K:L:P:p:R:S:uv:"
+	while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
 		switch (ch) {
 		case 'E':
 			engine = isc_commandline_argument;
@@ -223,6 +231,13 @@ main(int argc, char **argv) {
 				      "directory");
 			}
 			break;
+		case 'L':
+			if (strcmp(isc_commandline_argument, "none") == 0)
+				ttl = 0;
+			else
+				ttl = strtottl(isc_commandline_argument);
+			setttl = ISC_TRUE;
+			break;
 		case 'v':
 			verbose = strtol(isc_commandline_argument, &endp, 0);
 			if (*endp != '\0')
@@ -293,6 +308,12 @@ main(int argc, char **argv) {
 						now, now);
 			}
 			break;
+		case 'S':
+			predecessor = isc_commandline_argument;
+			break;
+		case 'i':
+			prepub = strtottl(isc_commandline_argument);
+			break;
 		case '?':
 			if (isc_commandline_option != '?')
 				fprintf(stderr, "%s: invalid argument -%c\n",
@@ -314,17 +335,6 @@ main(int argc, char **argv) {
 	if (argc > isc_commandline_index + 1)
 		fatal("Extraneous arguments");
 
-	if (directory != NULL) {
-		filename = argv[isc_commandline_index];
-	} else {
-		result = isc_file_splitpath(mctx, argv[isc_commandline_index],
-					    &directory, &filename);
-		if (result != ISC_R_SUCCESS)
-			fatal("cannot process filename %s: %s",
-			      argv[isc_commandline_index],
-			      isc_result_totext(result));
-	}
-
 	if (ectx == NULL)
 		setup_entropy(mctx, NULL, &ectx);
 	result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
@@ -337,6 +347,105 @@ main(int argc, char **argv) {
 		      isc_result_totext(result));
 	isc_entropy_stopcallbacksources(ectx);
 
+	if (predecessor != NULL) {
+		char keystr[DST_KEY_FORMATSIZE];
+		isc_stdtime_t when;
+		int major, minor;
+
+		if (prepub == -1)
+			prepub = (30 * 86400);
+
+		if (setpub || unsetpub)
+			fatal("-S and -P cannot be used together");
+		if (setact || unsetact)
+			fatal("-S and -A cannot be used together");
+
+		result = dst_key_fromnamedfile(predecessor, directory,
+					       DST_TYPE_PUBLIC |
+					       DST_TYPE_PRIVATE,
+					       mctx, &prevkey);
+		if (result != ISC_R_SUCCESS)
+			fatal("Invalid keyfile %s: %s",
+			      filename, isc_result_totext(result));
+		if (!dst_key_isprivate(prevkey))
+			fatal("%s is not a private key", filename);
+
+		name = dst_key_name(prevkey);
+		alg = dst_key_alg(prevkey);
+		size = dst_key_size(prevkey);
+		flags = dst_key_flags(prevkey);
+
+		dst_key_format(prevkey, keystr, sizeof(keystr));
+		dst_key_getprivateformat(prevkey, &major, &minor);
+		if (major != DST_MAJOR_VERSION || minor < DST_MINOR_VERSION)
+			fatal("Predecessor has incompatible format "
+			      "version %d.%d\n\t", major, minor);
+
+		result = dst_key_gettime(prevkey, DST_TIME_ACTIVATE, &when);
+		if (result != ISC_R_SUCCESS)
+			fatal("Predecessor has no activation date. "
+			      "You must set one before\n\t"
+			      "generating a successor.");
+
+		result = dst_key_gettime(prevkey, DST_TIME_INACTIVE, &act);
+		if (result != ISC_R_SUCCESS)
+			fatal("Predecessor has no inactivation date. "
+			      "You must set one before\n\t"
+			      "generating a successor.");
+
+		pub = act - prepub;
+		if (pub < now && prepub != 0)
+			fatal("Predecessor will become inactive before the\n\t"
+			      "prepublication period ends.  Either change "
+			      "its inactivation date,\n\t"
+			      "or use the -i option to set a shorter "
+			      "prepublication interval.");
+
+		result = dst_key_gettime(prevkey, DST_TIME_DELETE, &when);
+		if (result != ISC_R_SUCCESS)
+			fprintf(stderr, "%s: WARNING: Predecessor has no "
+					"removal date;\n\t"
+					"it will remain in the zone "
+					"indefinitely after rollover.\n",
+					program);
+
+		changed = setpub = setact = ISC_TRUE;
+		dst_key_free(&prevkey);
+	} else {
+		if (prepub < 0)
+			prepub = 0;
+
+		if (prepub > 0) {
+			if (setpub && setact && (act - prepub) < pub)
+				fatal("Activation and publication dates "
+				      "are closer together than the\n\t"
+				      "prepublication interval.");
+
+			if (setpub && !setact) {
+				setact = ISC_TRUE;
+				act = pub + prepub;
+			} else if (setact && !setpub) {
+				setpub = ISC_TRUE;
+				pub = act - prepub;
+			}
+
+			if ((act - prepub) < now)
+				fatal("Time until activation is shorter "
+				      "than the\n\tprepublication interval.");
+		}
+	}
+
+	if (directory != NULL) {
+		filename = argv[isc_commandline_index];
+	} else {
+		result = isc_file_splitpath(mctx, argv[isc_commandline_index],
+					    &directory, &filename);
+		if (result != ISC_R_SUCCESS)
+			fatal("cannot process filename %s: %s",
+			      argv[isc_commandline_index],
+			      isc_result_totext(result));
+	}
+
 	result = dst_key_fromnamedfile(filename, directory,
 				       DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
 				       mctx, &key);
@@ -349,6 +458,17 @@ main(int argc, char **argv) {
 
 	dst_key_format(key, keystr, sizeof(keystr));
 
+	if (predecessor != NULL) {
+		if (!dns_name_equal(name, dst_key_name(key)))
+			fatal("Key name mismatch");
+		if (alg != dst_key_alg(key))
+			fatal("Key algorithm mismatch");
+		if (size != dst_key_size(key))
+			fatal("Key size mismatch");
+		if (flags != dst_key_flags(key))
+			fatal("Key flags mismatch");
+	}
+
 	if (force)
 		set_keyversion(key);
 	else
@@ -401,6 +521,22 @@ main(int argc, char **argv) {
 	else if (unsetdel)
 		dst_key_unsettime(key, DST_TIME_DELETE);
 
+	if (setttl)
+		dst_key_setttl(key, ttl);
+
+	/*
+	 * No metadata changes were made but we're forcing an upgrade
+	 * to the new format anyway: use "-P now -A now" as the default
+	 */
+	if (force && !changed) {
+		dst_key_settime(key, DST_TIME_PUBLISH, now);
+		dst_key_settime(key, DST_TIME_ACTIVATE, now);
+		changed = ISC_TRUE;
+	}
+
+	if (!changed && setttl)
+		changed = ISC_TRUE;
+
 	/*
 	 * Print out time values, if -p was used.
 	 */

bin/dnssec/dnssec-settime.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
                [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011  Internet Systems Consortium, Inc. ("ISC")
  -
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-settime.docbook,v 1.10 2010/03/09 03:35:34 marka Exp $ -->
+<!-- $Id: dnssec-settime.docbook,v 1.15 2011/11/03 20:21:37 each Exp $ -->
 <refentry id="man.dnssec-settime">
   <refentryinfo>
     <date>July 15, 2009</date>
@@ -38,6 +38,7 @@
     <copyright>
       <year>2009</year>
       <year>2010</year>
+      <year>2011</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -47,6 +48,7 @@
       <command>dnssec-settime</command>
       <arg><option>-f</option></arg>
       <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
+      <arg><option>-L <replaceable class="parameter">ttl</replaceable></option></arg>
       <arg><option>-P <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg><option>-A <replaceable class="parameter">date/offset</replaceable></option></arg>
       <arg><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
@@ -81,7 +83,8 @@
       <filename>Knnnn.+aaa+iiiii.private</filename>) are regenerated.
       Metadata fields are stored in the private file.  A human-readable
       description of the metadata is also placed in comments in the key
-      file.
+      file.  The private file's permissions are always set to be
+      inaccessible to anyone other than the owner (mode 0600).
     </para>
   </refsect1>
 
@@ -98,7 +101,9 @@
             fail when attempting to update a legacy key.  With this option,
             the key will be recreated in the new format, but with the
             original key data retained.  The key's creation date will be
-            set to the present time. 
+            set to the present time.  If no other values are specified, 
+            then the key's publication and activation dates will also 
+            be set to the present time.
 	  </para>
         </listitem>
       </varlistentry>
@@ -112,6 +117,20 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-L <replaceable class="parameter">ttl</replaceable></term>
+        <listitem>
+          <para>
+            Sets the default TTL to use for this key when it is converted
+            into a DNSKEY RR.  If the key is imported into a zone,
+            this is the TTL that will be used for it, unless there was
+            already a DNSKEY RRset in place, in which case the existing TTL
+            would take precedence.  Setting the default TTL to
+            <literal>0</literal> or <literal>none</literal> removes it.
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
 	<term>-h</term>
         <listitem>
@@ -211,6 +230,47 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-S <replaceable class="parameter">predecessor key</replaceable></term>
+        <listitem>
+          <para>
+            Select a key for which the key being modified will be an
+            explicit successor.  The name, algorithm, size, and type of the
+            predecessor key must exactly match those of the key being
+            modified.  The activation date of the successor key will be set
+            to the inactivation date of the predecessor.  The publication
+            date will be set to the activation date minus the prepublication
+            interval, which defaults to 30 days.
+          </para>
+        </listitem>
+      </varlistentry>
+
+      <varlistentry>
+        <term>-i <replaceable class="parameter">interval</replaceable></term>
+        <listitem>
+          <para>
+            Sets the prepublication interval for a key.  If set, then
+            the publication and activation dates must be separated by at least
+            this much time.  If the activation date is specified but the
+            publication date isn't, then the publication date will default
+            to this much time before the activation date; conversely, if
+            the publication date is specified but activation date isn't,
+            then activation will be set to this much time after publication.
+          </para>
+          <para>
+            If the key is being set to be an explicit successor to another
+            key, then the default prepublication interval is 30 days; 
+            otherwise it is zero.
+          </para>
+          <para>
+            As with date offsets, if the argument is followed by one of
+            the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the
+            interval is measured in years, months, weeks, days, hours,
+            or minutes, respectively.  Without a suffix, the interval is
+            measured in seconds.
+          </para>
+        </listitem>
+      </varlistentry>
     </variablelist>
   </refsect1>
 

bin/dnssec/dnssec-settime.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2009, 2010 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2009-2011 Internet Systems Consortium, Inc. ("ISC")
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -13,7 +13,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-settime.html,v 1.13 2010/05/19 01:14:14 tbox Exp $ -->
+<!-- $Id: dnssec-settime.html,v 1.17 2011/11/05 01:14:48 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -28,10 +28,10 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code>  [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-settime</code>  [<code class="option">-f</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-L <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-P <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-A <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-I <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-D <em class="replaceable"><code>date/offset</code></em></code>] [<code class="option">-h</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] {keyfile}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543419"></a><h2>DESCRIPTION</h2>
+<a name="id2543431"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-settime</strong></span>
       reads a DNSSEC private key file and sets the key timing metadata
       as specified by the <code class="option">-P</code>, <code class="option">-A</code>,
@@ -52,11 +52,12 @@
       <code class="filename">Knnnn.+aaa+iiiii.private</code>) are regenerated.
       Metadata fields are stored in the private file.  A human-readable
       description of the metadata is also placed in comments in the key
-      file.
+      file.  The private file's permissions are always set to be
+      inaccessible to anyone other than the owner (mode 0600).
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543467"></a><h2>OPTIONS</h2>
+<a name="id2543479"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-f</span></dt>
 <dd><p>
@@ -65,12 +66,23 @@
             fail when attempting to update a legacy key.  With this option,
             the key will be recreated in the new format, but with the
             original key data retained.  The key's creation date will be
-            set to the present time. 
+            set to the present time.  If no other values are specified, 
+            then the key's publication and activation dates will also 
+            be set to the present time.
 	  </p></dd>
 <dt><span class="term">-K <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
             Sets the directory in which the key files are to reside.
           </p></dd>
+<dt><span class="term">-L <em class="replaceable"><code>ttl</code></em></span></dt>
+<dd><p>
+            Sets the default TTL to use for this key when it is converted
+            into a DNSKEY RR.  If the key is imported into a zone,
+            this is the TTL that will be used for it, unless there was
+            already a DNSKEY RRset in place, in which case the existing TTL
+            would take precedence.  Setting the default TTL to
+            <code class="literal">0</code> or <code class="literal">none</code> removes it.
+          </p></dd>
 <dt><span class="term">-h</span></dt>
 <dd><p>
 	    Emit usage message and exit.
@@ -87,7 +99,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543559"></a><h2>TIMING OPTIONS</h2>
+<a name="id2543662"></a><h2>TIMING OPTIONS</h2>
 <p>
       Dates can be expressed in the format YYYYMMDD or YYYYMMDDHHMMSS.
       If the argument begins with a '+' or '-', it is interpreted as
@@ -129,10 +141,44 @@
             date, the key will no longer be included in the zone.  (It
             may remain in the key repository, however.)
           </p></dd>
+<dt><span class="term">-S <em class="replaceable"><code>predecessor key</code></em></span></dt>
+<dd><p>
+            Select a key for which the key being modified will be an
+            explicit successor.  The name, algorithm, size, and type of the
+            predecessor key must exactly match those of the key being
+            modified.  The activation date of the successor key will be set
+            to the inactivation date of the predecessor.  The publication
+            date will be set to the activation date minus the prepublication
+            interval, which defaults to 30 days.
+          </p></dd>
+<dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
+<dd>
+<p>
+            Sets the prepublication interval for a key.  If set, then
+            the publication and activation dates must be separated by at least
+            this much time.  If the activation date is specified but the
+            publication date isn't, then the publication date will default
+            to this much time before the activation date; conversely, if
+            the publication date is specified but activation date isn't,
+            then activation will be set to this much time after publication.
+          </p>
+<p>
+            If the key is being set to be an explicit successor to another
+            key, then the default prepublication interval is 30 days; 
+            otherwise it is zero.
+          </p>
+<p>
+            As with date offsets, if the argument is followed by one of
+            the suffixes 'y', 'mo', 'w', 'd', 'h', or 'mi', then the
+            interval is measured in years, months, weeks, days, hours,
+            or minutes, respectively.  Without a suffix, the interval is
+            measured in seconds.
+          </p>
+</dd>
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543657"></a><h2>PRINTING OPTIONS</h2>
+<a name="id2543801"></a><h2>PRINTING OPTIONS</h2>
 <p>
       <span><strong class="command">dnssec-settime</strong></span> can also be used to print the
       timing metadata associated with a key.
@@ -158,7 +204,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543735"></a><h2>SEE ALSO</h2>
+<a name="id2543879"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
@@ -166,7 +212,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543768"></a><h2>AUTHOR</h2>
+<a name="id2542137"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dnssec/dnssec-signkey.c

@@ -0,0 +1,385 @@
+/*
+ * Portions Copyright (C) 2000  Internet Software Consortium.
+ * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM AND
+ * NETWORK ASSOCIATES DISCLAIM ALL WARRANTIES WITH REGARD TO THIS
+ * SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY AND
+ * FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE CONSORTIUM OR NETWORK
+ * ASSOCIATES BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
+ * CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF
+ * USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR
+ * OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dnssec-signkey.c,v 1.28.2.1 2000/08/15 01:20:34 gson Exp $ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/string.h>
+#include <isc/commandline.h>
+#include <isc/entropy.h>
+#include <isc/mem.h>
+#include <isc/util.h>
+
+#include <dns/db.h>
+#include <dns/dnssec.h>
+#include <dns/log.h>
+#include <dns/rdata.h>
+#include <dns/rdatalist.h>
+#include <dns/rdataset.h>
+#include <dns/rdatastruct.h>
+#include <dns/result.h>
+#include <dns/secalg.h>
+
+#include <dst/dst.h>
+
+#include "dnssectool.h"
+
+const char *program = "dnssec-signkey";
+int verbose;
+
+#define BUFSIZE 2048
+
+typedef struct keynode keynode_t;
+struct keynode {
+	dst_key_t *key;
+	isc_boolean_t verified;
+	ISC_LINK(keynode_t) link;
+};
+typedef ISC_LIST(keynode_t) keylist_t;
+
+static isc_stdtime_t now;
+
+static isc_mem_t *mctx = NULL;
+static isc_entropy_t *ectx = NULL;
+static keylist_t keylist;
+
+static void
+usage(void) {
+	fprintf(stderr, "Usage:\n");
+	fprintf(stderr, "\t%s [options] keyset keys\n", program);
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "Options: (default value in parenthesis) \n");
+	fprintf(stderr, "\t-v level:\n");
+	fprintf(stderr, "\t\tverbose level (0)\n");
+	fprintf(stderr, "\t-p\n");
+	fprintf(stderr, "\t\tuse pseudorandom data (faster but less secure)\n");
+	fprintf(stderr, "\t-r randomdev:\n");
+	fprintf(stderr, "\t\ta file containing random data\n");
+
+	fprintf(stderr, "\n");
+
+	fprintf(stderr, "keyset:\n");
+	fprintf(stderr, "\tfile name of key set to be signed\n");
+	fprintf(stderr, "keys:\n");
+	fprintf(stderr, "\tkeyfile (Kname+alg+tag)\n");
+	exit(0);
+}
+
+static void
+loadkeys(dns_name_t *name, dns_rdataset_t *rdataset) {
+	dst_key_t *key;
+	dns_rdata_t rdata;
+	keynode_t *keynode;
+	isc_result_t result;
+
+	ISC_LIST_INIT(keylist);
+	result = dns_rdataset_first(rdataset);
+	check_result(result, "dns_rdataset_first");
+	for (; result == ISC_R_SUCCESS; result = dns_rdataset_next(rdataset)) {
+		dns_rdataset_current(rdataset, &rdata);
+		key = NULL;
+		result = dns_dnssec_keyfromrdata(name, &rdata, mctx, &key);
+		if (result != ISC_R_SUCCESS)
+			continue;
+		if (!dst_key_iszonekey(key))
+			continue;
+		keynode = isc_mem_get(mctx, sizeof (keynode_t));
+		if (keynode == NULL)
+			fatal("out of memory");
+		keynode->key = key;
+		keynode->verified = ISC_FALSE;
+		ISC_LINK_INIT(keynode, link);
+		ISC_LIST_APPEND(keylist, keynode, link);
+	}
+	if (result != ISC_R_NOMORE)
+		fatal("failure traversing key list");
+}
+
+static dst_key_t *
+findkey(dns_rdata_sig_t *sig) {
+	keynode_t *keynode;
+	for (keynode = ISC_LIST_HEAD(keylist);
+	     keynode != NULL;
+	     keynode = ISC_LIST_NEXT(keynode, link))
+	{
+		if (dst_key_id(keynode->key) == sig->keyid &&
+		    dst_key_alg(keynode->key) == sig->algorithm) {
+			keynode->verified = ISC_TRUE;
+			return (keynode->key);
+		}
+	}
+	fatal("signature generated by non-zone or missing key");
+	return (NULL);
+}
+
+int
+main(int argc, char *argv[]) {
+	int i, ch;
+	char tdomain[1025];
+	dns_fixedname_t fdomain;
+	dns_name_t *domain;
+	char *output = NULL;
+	char *endp;
+	unsigned char *data;
+	char *randomfile = NULL;
+	dns_db_t *db;
+	dns_dbnode_t *node;
+	dns_dbversion_t *version;
+	dst_key_t *key = NULL;
+	dns_rdata_t *rdata, sigrdata;
+	dns_rdatalist_t sigrdatalist;
+	dns_rdataset_t rdataset, sigrdataset, newsigrdataset;
+	dns_rdata_sig_t sig;
+	isc_result_t result;
+	isc_buffer_t b;
+	isc_region_t r;
+	isc_log_t *log = NULL;
+	keynode_t *keynode;
+	isc_boolean_t pseudorandom = ISC_FALSE;
+	unsigned int eflags;
+
+	result = isc_mem_create(0, 0, &mctx);
+	check_result(result, "isc_mem_create()");
+
+	dns_result_register();
+
+	while ((ch = isc_commandline_parse(argc, argv, "pr:v:h")) != -1)
+	{
+		switch (ch) {
+		case 'p':
+			pseudorandom = ISC_TRUE;
+			break;
+
+		case 'r':
+			randomfile = isc_mem_strdup(mctx,
+						    isc_commandline_argument);
+			if (randomfile == NULL)
+				fatal("out of memory");
+			break;
+
+		case 'v':
+			endp = NULL;
+			verbose = strtol(isc_commandline_argument, &endp, 0);
+			if (*endp != '\0')
+				fatal("verbose level must be numeric");
+			break;
+
+		case 'h':
+		default:
+			usage();
+
+		}
+	}
+
+	argc -= isc_commandline_index;
+	argv += isc_commandline_index;
+
+	if (argc < 2)
+		usage();
+
+	setup_entropy(mctx, randomfile, &ectx);
+	if (randomfile != NULL)
+		isc_mem_free(mctx, randomfile);
+	eflags = ISC_ENTROPY_BLOCKING;
+	if (!pseudorandom)
+		eflags |= ISC_ENTROPY_GOODONLY;
+	result = dst_lib_init(mctx, ectx, eflags);
+	if (result != ISC_R_SUCCESS)
+		fatal("could not initialize dst");
+
+	isc_stdtime_get(&now);
+
+	setup_logging(verbose, mctx, &log);
+
+	if (strlen(argv[0]) < 8 ||
+	    strcmp(argv[0] + strlen(argv[0]) - 7, ".keyset") != 0)
+		fatal("keyset file must end in .keyset");
+
+	dns_fixedname_init(&fdomain);
+	domain = dns_fixedname_name(&fdomain);
+	isc_buffer_init(&b, argv[0], strlen(argv[0]) - 7);
+	isc_buffer_add(&b, strlen(argv[0]) - 7);
+	result = dns_name_fromtext(domain, &b, dns_rootname, ISC_FALSE, NULL);
+	if (result != ISC_R_SUCCESS)
+		fatal("'%s' does not contain a valid domain name", argv[0]);
+	isc_buffer_init(&b, tdomain, sizeof(tdomain) - 1);
+	result = dns_name_totext(domain, ISC_FALSE, &b);
+	check_result(result, "dns_name_totext()");
+	isc_buffer_usedregion(&b, &r);
+	tdomain[r.length] = 0;
+
+	output = isc_mem_allocate(mctx,
+				  strlen(tdomain) + strlen("signedkey") + 1);
+	if (output == NULL)
+		fatal("out of memory");
+	strcpy(output, tdomain);
+	strcat(output, "signedkey");
+
+	db = NULL;
+	result = dns_db_create(mctx, "rbt", domain, dns_dbtype_zone,
+			       dns_rdataclass_in, 0, NULL, &db);
+	check_result(result, "dns_db_create()");
+
+	result = dns_db_load(db, argv[0]);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to load database from '%s': %s", argv[0],
+		      isc_result_totext(result));
+
+	version = NULL;
+	dns_db_newversion(db, &version);
+
+	node = NULL;
+	result = dns_db_findnode(db, domain, ISC_FALSE, &node);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to find database node '%s': %s",
+		      nametostr(domain), isc_result_totext(result));
+
+	dns_rdataset_init(&rdataset);
+	dns_rdataset_init(&sigrdataset);
+	result = dns_db_findrdataset(db, node, version, dns_rdatatype_key, 0,
+				     0, &rdataset, &sigrdataset);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to find rdataset '%s KEY': %s",
+		      nametostr(domain), isc_result_totext(result));
+
+	loadkeys(domain, &rdataset);
+
+	if (!dns_rdataset_isassociated(&sigrdataset))
+		fatal("no SIG KEY set present");
+
+	result = dns_rdataset_first(&sigrdataset);
+	check_result(result, "dns_rdataset_first()");
+	do {
+		dns_rdataset_current(&sigrdataset, &sigrdata);
+		result = dns_rdata_tostruct(&sigrdata, &sig, mctx);
+		check_result(result, "dns_rdata_tostruct()");
+		key = findkey(&sig);
+		result = dns_dnssec_verify(domain, &rdataset, key,
+					   ISC_TRUE, mctx, &sigrdata);
+		if (result != ISC_R_SUCCESS)
+			fatal("signature by key '%s/%s/%d' did not verify: %s",
+			      nametostr(dst_key_name(key)),
+			      algtostr(dst_key_alg(key)),
+			      dst_key_id(key), isc_result_totext(result));
+		dns_rdata_freestruct(&sig);
+		result = dns_rdataset_next(&sigrdataset);
+	} while (result == ISC_R_SUCCESS);
+
+	for (keynode = ISC_LIST_HEAD(keylist);
+	     keynode != NULL;
+	     keynode = ISC_LIST_NEXT(keynode, link))
+		if (!keynode->verified)
+			fatal("Not all zone keys self signed the key set");
+
+	result = dns_rdataset_first(&sigrdataset);
+	check_result(result, "dns_rdataset_first()");
+	dns_rdataset_current(&sigrdataset, &sigrdata);
+	result = dns_rdata_tostruct(&sigrdata, &sig, mctx);
+	check_result(result, "dns_rdata_tostruct()");
+
+	dns_rdataset_disassociate(&sigrdataset);
+
+	argc -= 1;
+	argv += 1;
+
+	dns_rdatalist_init(&sigrdatalist);
+	sigrdatalist.rdclass = rdataset.rdclass;
+	sigrdatalist.type = dns_rdatatype_sig;
+	sigrdatalist.covers = dns_rdatatype_key;
+	sigrdatalist.ttl = rdataset.ttl;
+
+	for (i = 0; i < argc; i++) {
+		key = NULL;
+		result = dst_key_fromnamedfile(argv[i], DST_TYPE_PRIVATE,
+					       mctx, &key);
+		if (result != ISC_R_SUCCESS)
+			fatal("failed to read key %s from disk: %s",
+			      argv[i], isc_result_totext(result));
+
+		rdata = isc_mem_get(mctx, sizeof(dns_rdata_t));
+		if (rdata == NULL)
+			fatal("out of memory");
+		data = isc_mem_get(mctx, BUFSIZE);
+		if (data == NULL)
+			fatal("out of memory");
+		isc_buffer_init(&b, data, BUFSIZE);
+		result = dns_dnssec_sign(domain, &rdataset, key,
+					 &sig.timesigned, &sig.timeexpire,
+					 mctx, &b, rdata);
+		isc_entropy_stopcallbacksources(ectx);
+		if (result != ISC_R_SUCCESS)
+			fatal("key '%s/%s/%d' failed to sign data: %s",
+			      nametostr(dst_key_name(key)),
+			      algtostr(dst_key_alg(key)),
+			      dst_key_id(key), isc_result_totext(result));
+		ISC_LIST_APPEND(sigrdatalist.rdata, rdata, link);
+		dst_key_free(&key);
+	}
+
+	dns_rdataset_init(&newsigrdataset);
+	result = dns_rdatalist_tordataset(&sigrdatalist, &newsigrdataset);
+	check_result (result, "dns_rdatalist_tordataset()");
+
+	dns_db_addrdataset(db, node, version, 0, &newsigrdataset, 0, NULL);
+	check_result (result, "dns_db_addrdataset()");
+
+	dns_db_detachnode(db, &node);
+	dns_db_closeversion(db, &version, ISC_TRUE);
+	result = dns_db_dump(db, version, output);
+	if (result != ISC_R_SUCCESS)
+		fatal("failed to write database to '%s': %s",
+		      output, isc_result_totext(result));
+
+	dns_rdataset_disassociate(&rdataset);
+	dns_rdataset_disassociate(&newsigrdataset);
+
+	dns_rdata_freestruct(&sig);
+
+        while (!ISC_LIST_EMPTY(sigrdatalist.rdata)) {
+                rdata = ISC_LIST_HEAD(sigrdatalist.rdata);
+                ISC_LIST_UNLINK(sigrdatalist.rdata, rdata, link);
+                isc_mem_put(mctx, rdata->data, BUFSIZE);
+                isc_mem_put(mctx, rdata, sizeof *rdata);
+        }
+
+	dns_db_detach(&db);
+
+	while (!ISC_LIST_EMPTY(keylist)) {
+		keynode = ISC_LIST_HEAD(keylist);
+		ISC_LIST_UNLINK(keylist, keynode, link);
+		dst_key_free(&keynode->key);
+		isc_mem_put(mctx, keynode, sizeof(keynode_t));
+	}
+
+	if (log != NULL)
+		isc_log_destroy(&log);
+
+        isc_mem_free(mctx, output);
+	cleanup_entropy(&ectx);
+	dst_lib_destroy();
+	if (verbose > 10)
+		isc_mem_stats(mctx, stdout);
+	isc_mem_destroy(&mctx);
+	return (0);
+}

bin/dnssec/dnssec-signzone.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and/or distribute this software for any
@@ -13,7 +13,7 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-signzone.8,v 1.59 2009/12/04 01:13:44 tbox Exp $
+.\" $Id: dnssec-signzone.8,v 1.66 2011/12/22 18:10:10 tbox Exp $
 .\"
 .hy 0
 .ad l
@@ -33,7 +33,7 @@
 dnssec\-signzone \- DNSSEC zone signing tool
 .SH "SYNOPSIS"
 .HP 16
-\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-p\fR] [\fB\-P\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
+\fBdnssec\-signzone\fR [\fB\-a\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-E\ \fR\fB\fIengine\fR\fR] [\fB\-e\ \fR\fB\fIend\-time\fR\fR] [\fB\-f\ \fR\fB\fIoutput\-file\fR\fR] [\fB\-g\fR] [\fB\-h\fR] [\fB\-K\ \fR\fB\fIdirectory\fR\fR] [\fB\-k\ \fR\fB\fIkey\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-l\ \fR\fB\fIdomain\fR\fR] [\fB\-i\ \fR\fB\fIinterval\fR\fR] [\fB\-I\ \fR\fB\fIinput\-format\fR\fR] [\fB\-j\ \fR\fB\fIjitter\fR\fR] [\fB\-N\ \fR\fB\fIsoa\-serial\-format\fR\fR] [\fB\-o\ \fR\fB\fIorigin\fR\fR] [\fB\-O\ \fR\fB\fIoutput\-format\fR\fR] [\fB\-P\fR] [\fB\-p\fR] [\fB\-R\fR] [\fB\-r\ \fR\fB\fIrandomdev\fR\fR] [\fB\-S\fR] [\fB\-s\ \fR\fB\fIstart\-time\fR\fR] [\fB\-T\ \fR\fB\fIttl\fR\fR] [\fB\-t\fR] [\fB\-u\fR] [\fB\-v\ \fR\fB\fIlevel\fR\fR] [\fB\-X\ \fR\fB\fIextended\ end\-time\fR\fR] [\fB\-x\fR] [\fB\-z\fR] [\fB\-3\ \fR\fB\fIsalt\fR\fR] [\fB\-H\ \fR\fB\fIiterations\fR\fR] [\fB\-A\fR] {zonefile} [key...]
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-signzone\fR
@@ -72,6 +72,15 @@ files in
 \fBdirectory\fR.
 .RE
 .PP
+\-D
+.RS 4
+Output only those record types automatically managed by
+\fBdnssec\-signzone\fR, i.e. RRSIG, NSEC, NSEC3 and NSEC3PARAM records. If smart signing (\fB\-S\fR) is used, DNSKEY records are also included. The resulting file can be included in the original zone file with
+\fB$INCLUDE\fR. This option cannot be combined with
+\fB\-O raw\fR
+or serial number updating.
+.RE
+.PP
 \-E \fIengine\fR
 .RS 4
 Uses a crypto hardware (OpenSSL engine) for the crypto operations it supports, for instance signing with private keys from a secure key store. When compiled with PKCS#11 support it defaults to pkcs11; the empty name resets it to no engine.
@@ -119,11 +128,29 @@ must be later than
 \fBstart\-time\fR.
 .RE
 .PP
+\-X \fIextended end\-time\fR
+.RS 4
+Specify the date and time when the generated RRSIG records for the DNSKEY RRset will expire. This is to be used in cases when the DNSKEY signatures need to persist longer than signatures on other records; e.g., when the private component of the KSK is kept offline and the KSK signature is to be refreshed manually.
+.sp
+As with
+\fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
+\fBextended end\-time\fR
+is specified, the value of
+\fBend\-time\fR
+is used as the default. (\fBend\-time\fR, in turn, defaults to 30 days from the start time.)
+\fBextended end\-time\fR
+must be later than
+\fBstart\-time\fR.
+.RE
+.PP
 \-f \fIoutput\-file\fR
 .RS 4
 The name of the output file containing the signed zone. The default is to append
 \fI.signed\fR
-to the input filename.
+to the input filename. If
+\fBoutput\-file\fR
+is set to
+"\-", then the signed zone is written to the standard output, with a default output format of "full".
 .RE
 .PP
 \-h
@@ -164,6 +191,11 @@ option specifies a jitter window that will be used to randomize the signature ex
 Signature lifetime jitter also to some extent benefits validators and servers by spreading out cache expiration, i.e. if large numbers of RRSIGs don't expire at the same time from all caches there will be less congestion than if all validators need to refetch at mostly the same time.
 .RE
 .PP
+\-L \fIserial\fR
+.RS 4
+When writing a signed zone to 'raw' format, set the "source serial" value in the header to the specified serial number. (This is expected to be used primarily for testing purposes.)
+.RE
+.PP
 \-n \fIncpus\fR
 .RS 4
 Specifies the number of threads to use. By default, one thread is started for each detected CPU.
@@ -205,8 +237,15 @@ The zone origin. If not specified, the name of the zone file is assumed to be th
 .RS 4
 The format of the output file containing the signed zone. Possible formats are
 \fB"text"\fR
-(default) and
-\fB"raw"\fR.
+(default)
+\fB"full"\fR, which is text output in a format suitable for processing by external scripts, and
+\fB"raw"\fR
+or
+\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
+\fBnamed\fR.
+\fB"raw=N"\fR
+specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
+\fBnamed\fR; if N is 1, the file can be read by release 9.9.0 or higher. The default is 1.
 .RE
 .PP
 \-p
@@ -221,6 +260,17 @@ Disable post sign verification tests.
 The post sign verification test ensures that for each algorithm in use there is at least one non revoked self signed KSK key, that all revoked KSK keys are self signed, and that all records in the zone are signed by the algorithm. This option skips these tests.
 .RE
 .PP
+\-R
+.RS 4
+Remove signatures from keys that no longer exist.
+.sp
+Normally, when a previously\-signed zone is passed as input to the signer, and a DNSKEY record has been removed and replaced with a new one, signatures from the old key that are still within their validity period are retained. This allows the zone to continue to validate with cached copies of the old DNSKEY RRset. The
+\fB\-R\fR
+forces
+\fBdnssec\-signzone\fR
+to remove all orphaned signatures.
+.RE
+.PP
 \-r \fIrandomdev\fR
 .RS 4
 Specifies the source of randomness. If the operating system does not provide a
@@ -265,8 +315,8 @@ If either of the key's unpublication or deletion dates are set and in the past,
 .PP
 \-T \fIttl\fR
 .RS 4
-Specifies the TTL to be used for new DNSKEY records imported into the zone from the key repository. If not specified, the default is the minimum TTL value from the zone's SOA record. This option is ignored when signing without
-\fB\-S\fR, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre\-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match them.
+Specifies a TTL to be used for new DNSKEY records imported into the zone from the key repository. If not specified, the default is the TTL value from the zone's SOA record. This option is ignored when signing without
+\fB\-S\fR, since DNSKEY records are not imported from the key repository in that case. It is also ignored if there are any pre\-existing DNSKEY records at the zone apex, in which case new records' TTL values will be set to match them, or if any of the imported DNSKEY records had a default TTL value. In the event of a a conflict between TTL values in imported keys, the shortest one is used.
 .RE
 .PP
 \-t
@@ -378,7 +428,7 @@ RFC 4033.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2009 Internet Systems Consortium, Inc. ("ISC")
+Copyright \(co 2004\-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
 .br
 Copyright \(co 2000\-2003 Internet Software Consortium.
 .br

bin/dnssec/dnssec-signzone.docbook

@@ -2,7 +2,7 @@
                "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2009, 2011  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-signzone.docbook,v 1.44 2009/12/03 23:18:16 each Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.52 2011/12/22 07:32:40 each Exp $ -->
 <refentry id="man.dnssec-signzone">
   <refentryinfo>
     <date>June 05, 2009</date>
@@ -43,6 +43,7 @@
       <year>2007</year>
       <year>2008</year>
       <year>2009</year>
+      <year>2011</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -60,6 +61,7 @@
       <arg><option>-a</option></arg>
       <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
       <arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
+      <arg><option>-D</option></arg>
       <arg><option>-E <replaceable class="parameter">engine</replaceable></option></arg>
       <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
       <arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
@@ -67,6 +69,7 @@
       <arg><option>-h</option></arg>
       <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
+      <arg><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
       <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
       <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
       <arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
@@ -74,8 +77,9 @@
       <arg><option>-N <replaceable class="parameter">soa-serial-format</replaceable></option></arg>
       <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
       <arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
-      <arg><option>-p</option></arg>
       <arg><option>-P</option></arg>
+      <arg><option>-p</option></arg>
+      <arg><option>-R</option></arg>
       <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
       <arg><option>-S</option></arg>
       <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
@@ -83,6 +87,7 @@
       <arg><option>-t</option></arg>
       <arg><option>-u</option></arg>
       <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
+      <arg><option>-X <replaceable class="parameter">extended end-time</replaceable></option></arg>
       <arg><option>-x</option></arg>
       <arg><option>-z</option></arg>
       <arg><option>-3 <replaceable class="parameter">salt</replaceable></option></arg>
@@ -151,6 +156,22 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-D</term>
+        <listitem>
+          <para>
+	    Output only those record types automatically managed by
+	    <command>dnssec-signzone</command>, i.e. RRSIG, NSEC,
+	    NSEC3 and NSEC3PARAM records. If smart signing
+	    (<option>-S</option>) is used, DNSKEY records are also
+	    included. The resulting file can be included in the original
+	    zone file with <command>$INCLUDE</command>. This option
+	    cannot be combined with <option>-O raw</option> or serial
+	    number updating.
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-E <replaceable class="parameter">engine</replaceable></term>
         <listitem>
@@ -237,14 +258,41 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-X <replaceable class="parameter">extended end-time</replaceable></term>
+        <listitem>
+          <para>
+            Specify the date and time when the generated RRSIG records
+            for the DNSKEY RRset will expire.  This is to be used in cases
+            when the DNSKEY signatures need to persist longer than
+            signatures on other records; e.g., when the private component
+            of the KSK is kept offline and the KSK signature is to be
+            refreshed manually.
+          </para>
+          <para>
+            As with <option>start-time</option>, an absolute
+            time is indicated in YYYYMMDDHHMMSS notation.  A time relative
+            to the start time is indicated with +N, which is N seconds from
+            the start time.  A time relative to the current time is
+            indicated with now+N.  If no <option>extended end-time</option> is
+            specified, the value of <option>end-time</option> is used as
+            the default.  (<option>end-time</option>, in turn, defaults to
+            30 days from the start time.) <option>extended end-time</option>
+            must be later than <option>start-time</option>.
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-f <replaceable class="parameter">output-file</replaceable></term>
         <listitem>
           <para>
             The name of the output file containing the signed zone.  The
             default is to append <filename>.signed</filename> to
-            the
-            input filename.
+            the input filename.  If <option>output-file</option> is
+            set to <literal>"-"</literal>, then the signed zone is
+            written to the standard output, with a default output
+            format of "full".
           </para>
         </listitem>
       </varlistentry>
@@ -324,6 +372,17 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-L <replaceable class="parameter">serial</replaceable></term>
+        <listitem>
+          <para>
+            When writing a signed zone to 'raw' format, set the "source serial" 
+            value in the header to the specified serial number.  (This is
+            expected to be used primarily for testing purposes.)
+          </para>
+        </listitem>
+      </varlistentry>
+
       <varlistentry>
         <term>-n <replaceable class="parameter">ncpus</replaceable></term>
         <listitem>
@@ -388,7 +447,15 @@
           <para>
             The format of the output file containing the signed zone.
 	    Possible formats are <command>"text"</command> (default)
-	    and <command>"raw"</command>.
+	    <command>"full"</command>, which is text output in a
+            format suitable for processing by external scripts,
+            and <command>"raw"</command> or <command>"raw=N"</command>,
+            which store the zone in a binary format for rapid loading
+            by <command>named</command>.  <command>"raw=N"</command>
+            specifies the format version of the raw zone file: if N
+            is 0, the raw file can be read by any version of
+            <command>named</command>; if N is 1, the file can be
+            read by release 9.9.0 or higher.  The default is 1.
           </para>
         </listitem>
       </varlistentry>
@@ -421,6 +488,24 @@
         </listitem>
       </varlistentry>
 
+      <varlistentry>
+        <term>-R</term>
+        <listitem>
+          <para>
+	    Remove signatures from keys that no longer exist.
+          </para>
+          <para>
+            Normally, when a previously-signed zone is passed as input
+            to the signer, and a DNSKEY record has been removed and
+            replaced with a new one, signatures from the old key 
+            that are still within their validity period are retained.
+	    This allows the zone to continue to validate with cached
+	    copies of the old DNSKEY RRset.  The <option>-R</option> forces
+            <command>dnssec-signzone</command> to remove all orphaned
+            signatures.
+          </para>
+        </listitem>
+      </varlistentry>
       <varlistentry>
         <term>-r <replaceable class="parameter">randomdev</replaceable></term>
         <listitem>
@@ -508,15 +593,17 @@
         <term>-T <replaceable class="parameter">ttl</replaceable></term>
         <listitem>
           <para>
-            Specifies the TTL to be used for new DNSKEY records imported
-            into the zone from the key repository.  If not specified,
-            the default is the minimum TTL value from the zone's SOA
+            Specifies a TTL to be used for new DNSKEY records imported
+            into the zone from the key repository.  If not
+            specified, the default is the TTL value from the zone's SOA
             record.  This option is ignored when signing without
             <option>-S</option>, since DNSKEY records are not imported
             from the key repository in that case.  It is also ignored if
             there are any pre-existing DNSKEY records at the zone apex,
             in which case new records' TTL values will be set to match
-            them.
+            them, or if any of the imported DNSKEY records had a default
+            TTL value.  In the event of a a conflict between TTL values in
+            imported keys, the shortest one is used.
           </para>
         </listitem>
       </varlistentry>

bin/dnssec/dnssec-signzone.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2009, 2011 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and/or distribute this software for any
@@ -14,7 +14,7 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-signzone.html,v 1.45 2009/12/04 01:13:44 tbox Exp $ -->
+<!-- $Id: dnssec-signzone.html,v 1.52 2011/12/22 18:10:10 tbox Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
@@ -29,10 +29,10 @@
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-P</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
+<div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-E <em class="replaceable"><code>engine</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-K <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-P</code>] [<code class="option">-p</code>] [<code class="option">-R</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-S</code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>] [<code class="option">-t</code>] [<code class="option">-u</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-X <em class="replaceable"><code>extended end-time</code></em></code>] [<code class="option">-x</code>] [<code class="option">-z</code>] [<code class="option">-3 <em class="replaceable"><code>salt</code></em></code>] [<code class="option">-H <em class="replaceable"><code>iterations</code></em></code>] [<code class="option">-A</code>] {zonefile} [key...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543596"></a><h2>DESCRIPTION</h2>
+<a name="id2543625"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-signzone</strong></span>
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -43,7 +43,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543611"></a><h2>OPTIONS</h2>
+<a name="id2543640"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a</span></dt>
 <dd><p>
@@ -67,6 +67,17 @@
             Look for <code class="filename">dsset-</code> or
             <code class="filename">keyset-</code> files in <code class="option">directory</code>.
           </p></dd>
+<dt><span class="term">-D</span></dt>
+<dd><p>
+	    Output only those record types automatically managed by
+	    <span><strong class="command">dnssec-signzone</strong></span>, i.e. RRSIG, NSEC,
+	    NSEC3 and NSEC3PARAM records. If smart signing
+	    (<code class="option">-S</code>) is used, DNSKEY records are also
+	    included. The resulting file can be included in the original
+	    zone file with <span><strong class="command">$INCLUDE</strong></span>. This option
+	    cannot be combined with <code class="option">-O raw</code> or serial
+	    number updating.
+          </p></dd>
 <dt><span class="term">-E <em class="replaceable"><code>engine</code></em></span></dt>
 <dd><p>
             Uses a crypto hardware (OpenSSL engine) for the crypto operations
@@ -118,12 +129,36 @@
             <code class="option">end-time</code> must be later than
             <code class="option">start-time</code>.
           </p></dd>
+<dt><span class="term">-X <em class="replaceable"><code>extended end-time</code></em></span></dt>
+<dd>
+<p>
+            Specify the date and time when the generated RRSIG records
+            for the DNSKEY RRset will expire.  This is to be used in cases
+            when the DNSKEY signatures need to persist longer than
+            signatures on other records; e.g., when the private component
+            of the KSK is kept offline and the KSK signature is to be
+            refreshed manually.
+          </p>
+<p>
+            As with <code class="option">start-time</code>, an absolute
+            time is indicated in YYYYMMDDHHMMSS notation.  A time relative
+            to the start time is indicated with +N, which is N seconds from
+            the start time.  A time relative to the current time is
+            indicated with now+N.  If no <code class="option">extended end-time</code> is
+            specified, the value of <code class="option">end-time</code> is used as
+            the default.  (<code class="option">end-time</code>, in turn, defaults to
+            30 days from the start time.) <code class="option">extended end-time</code>
+            must be later than <code class="option">start-time</code>.
+          </p>
+</dd>
 <dt><span class="term">-f <em class="replaceable"><code>output-file</code></em></span></dt>
 <dd><p>
             The name of the output file containing the signed zone.  The
             default is to append <code class="filename">.signed</code> to
-            the
-            input filename.
+            the input filename.  If <code class="option">output-file</code> is
+            set to <code class="literal">"-"</code>, then the signed zone is
+            written to the standard output, with a default output
+            format of "full".
           </p></dd>
 <dt><span class="term">-h</span></dt>
 <dd><p>
@@ -184,6 +219,12 @@
             validators need to refetch at mostly the same time.
           </p>
 </dd>
+<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
+<dd><p>
+            When writing a signed zone to 'raw' format, set the "source serial" 
+            value in the header to the specified serial number.  (This is
+            expected to be used primarily for testing purposes.)
+          </p></dd>
 <dt><span class="term">-n <em class="replaceable"><code>ncpus</code></em></span></dt>
 <dd><p>
             Specifies the number of threads to use.  By default, one
@@ -217,7 +258,15 @@
 <dd><p>
             The format of the output file containing the signed zone.
 	    Possible formats are <span><strong class="command">"text"</strong></span> (default)
-	    and <span><strong class="command">"raw"</strong></span>.
+	    <span><strong class="command">"full"</strong></span>, which is text output in a
+            format suitable for processing by external scripts,
+            and <span><strong class="command">"raw"</strong></span> or <span><strong class="command">"raw=N"</strong></span>,
+            which store the zone in a binary format for rapid loading
+            by <span><strong class="command">named</strong></span>.  <span><strong class="command">"raw=N"</strong></span>
+            specifies the format version of the raw zone file: if N
+            is 0, the raw file can be read by any version of
+            <span><strong class="command">named</strong></span>; if N is 1, the file can be
+            read by release 9.9.0 or higher.  The default is 1.
           </p></dd>
 <dt><span class="term">-p</span></dt>
 <dd><p>
@@ -239,6 +288,22 @@
 	    This option skips these tests.
           </p>
 </dd>
+<dt><span class="term">-R</span></dt>
+<dd>
+<p>
+	    Remove signatures from keys that no longer exist.
+          </p>
+<p>
+            Normally, when a previously-signed zone is passed as input
+            to the signer, and a DNSKEY record has been removed and
+            replaced with a new one, signatures from the old key 
+            that are still within their validity period are retained.
+	    This allows the zone to continue to validate with cached
+	    copies of the old DNSKEY RRset.  The <code class="option">-R</code> forces
+            <span><strong class="command">dnssec-signzone</strong></span> to remove all orphaned
+            signatures.
+          </p>
+</dd>
 <dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
 <dd><p>
             Specifies the source of randomness.  If the operating
@@ -297,15 +362,17 @@
 </dd>
 <dt><span class="term">-T <em class="replaceable"><code>ttl</code></em></span></dt>
 <dd><p>
-            Specifies the TTL to be used for new DNSKEY records imported
-            into the zone from the key repository.  If not specified,
-            the default is the minimum TTL value from the zone's SOA
+            Specifies a TTL to be used for new DNSKEY records imported
+            into the zone from the key repository.  If not
+            specified, the default is the TTL value from the zone's SOA
             record.  This option is ignored when signing without
             <code class="option">-S</code>, since DNSKEY records are not imported
             from the key repository in that case.  It is also ignored if
             there are any pre-existing DNSKEY records at the zone apex,
             in which case new records' TTL values will be set to match
-            them.
+            them, or if any of the imported DNSKEY records had a default
+            TTL value.  In the event of a a conflict between TTL values in
+            imported keys, the shortest one is used.
           </p></dd>
 <dt><span class="term">-t</span></dt>
 <dd><p>
@@ -379,7 +446,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544896"></a><h2>EXAMPLE</h2>
+<a name="id2543146"></a><h2>EXAMPLE</h2>
 <p>
       The following command signs the <strong class="userinput"><code>example.com</code></strong>
       zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
@@ -409,14 +476,14 @@ db.example.com.signed
 %</pre>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545019"></a><h2>SEE ALSO</h2>
+<a name="id2543202"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 4033</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545044"></a><h2>AUTHOR</h2>
+<a name="id2545342"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dnssec/dnssectool.c

@@ -1,92 +1,67 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2009, 2010  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: dnssectool.c,v 1.60 2010/01/19 23:48:56 tbox Exp $ */
-
-/*! \file */
-
-/*%
- * DNSSEC Support Routines.
- */
+/* $Id: dnssectool.c,v 1.12.2.1 2000/08/07 16:41:38 gson Exp $ */
 
 #include <config.h>
 
 #include <stdlib.h>
 
 #include <isc/buffer.h>
-#include <isc/dir.h>
 #include <isc/entropy.h>
-#include <isc/list.h>
-#include <isc/mem.h>
+#include <isc/keyboard.h>
 #include <isc/string.h>
 #include <isc/time.h>
 #include <isc/util.h>
-#include <isc/print.h>
 
-#include <dns/dnssec.h>
-#include <dns/keyvalues.h>
 #include <dns/log.h>
 #include <dns/name.h>
-#include <dns/rdatastruct.h>
-#include <dns/rdataclass.h>
 #include <dns/rdatatype.h>
 #include <dns/result.h>
 #include <dns/secalg.h>
-#include <dns/time.h>
 
 #include "dnssectool.h"
 
 extern int verbose;
 extern const char *program;
 
-typedef struct entropysource entropysource_t;
-
-struct entropysource {
-	isc_entropysource_t *source;
-	isc_mem_t *mctx;
-	ISC_LINK(entropysource_t) link;
-};
-
-static ISC_LIST(entropysource_t) sources;
-static fatalcallback_t *fatalcallback = NULL;
+static isc_entropysource_t *source = NULL;
+static isc_keyboard_t kbd;
+static isc_boolean_t wantkeyboard = ISC_FALSE;
 
 void
 fatal(const char *format, ...) {
 	va_list args;
 
-	fprintf(stderr, "%s: fatal: ", program);
+	fprintf(stderr, "%s: ", program);
 	va_start(args, format);
 	vfprintf(stderr, format, args);
 	va_end(args);
 	fprintf(stderr, "\n");
-	if (fatalcallback != NULL)
-		(*fatalcallback)();
 	exit(1);
 }
 
-void
-setfatalcallback(fatalcallback_t *callback) {
-	fatalcallback = callback;
-}
-
 void
 check_result(isc_result_t result, const char *message) {
-	if (result != ISC_R_SUCCESS)
-		fatal("%s: %s", message, isc_result_totext(result));
+	if (result != ISC_R_SUCCESS) {
+		fprintf(stderr, "%s: %s: %s\n", program, message,
+			isc_result_totext(result));
+		exit(1);
+	}
 }
 
 void
@@ -100,42 +75,62 @@ vbprintf(int level, const char *fmt, ...) {
 	va_end(ap);
 }
 
-void
-type_format(const dns_rdatatype_t type, char *cp, unsigned int size) {
+char *
+nametostr(dns_name_t *name) {
 	isc_buffer_t b;
 	isc_region_t r;
 	isc_result_t result;
+	static char data[1025];
 
-	isc_buffer_init(&b, cp, size - 1);
+	isc_buffer_init(&b, data, sizeof(data));
+	result = dns_name_totext(name, ISC_FALSE, &b);
+	check_result(result, "dns_name_totext()");
+	isc_buffer_usedregion(&b, &r);
+	r.base[r.length] = 0;
+	return (char *) r.base;
+}
+
+char *
+typetostr(const dns_rdatatype_t type) {
+	isc_buffer_t b;
+	isc_region_t r;
+	isc_result_t result;
+	static char data[20];
+
+	isc_buffer_init(&b, data, sizeof(data));
 	result = dns_rdatatype_totext(type, &b);
 	check_result(result, "dns_rdatatype_totext()");
 	isc_buffer_usedregion(&b, &r);
 	r.base[r.length] = 0;
+	return (char *) r.base;
 }
 
-void
-sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size) {
-	char namestr[DNS_NAME_FORMATSIZE];
-	char algstr[DNS_NAME_FORMATSIZE];
+char *
+algtostr(const dns_secalg_t alg) {
+	isc_buffer_t b;
+	isc_region_t r;
+	isc_result_t result;
+	static char data[10];
 
-	dns_name_format(&sig->signer, namestr, sizeof(namestr));
-	dns_secalg_format(sig->algorithm, algstr, sizeof(algstr));
-	snprintf(cp, size, "%s/%s/%d", namestr, algstr, sig->keyid);
+	isc_buffer_init(&b, data, sizeof(data));
+	result = dns_secalg_totext(alg, &b);
+	check_result(result, "dns_secalg_totext()");
+	isc_buffer_usedregion(&b, &r);
+	r.base[r.length] = 0;
+	return ((char *)r.base);
 }
 
 void
 setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp) {
 	isc_result_t result;
 	isc_logdestination_t destination;
-	isc_logconfig_t *logconfig = NULL;
-	isc_log_t *log = NULL;
+	isc_logconfig_t *logconfig;
+	isc_log_t *log = 0;
 	int level;
 
-	if (verbose < 0)
-		verbose = 0;
 	switch (verbose) {
-	case 0:
-		/*
+        case 0:
+                /*
 		 * We want to see warnings about things like out-of-zone
 		 * data in the master file even when not verbose.
 		 */
@@ -148,7 +143,7 @@ setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp) {
 		level = ISC_LOG_DEBUG(verbose - 2 + 1);
 		break;
 	}
-
+	
 	RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
 	isc_log_setcontext(log);
 	dns_log_init(log);
@@ -172,293 +167,114 @@ setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp) {
 				       &destination,
 				       ISC_LOG_PRINTTAG|ISC_LOG_PRINTLEVEL);
 	check_result(result, "isc_log_createchannel()");
-
+	
 	RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",
 					 NULL, NULL) == ISC_R_SUCCESS);
 
 	*logp = log;
 }
 
-void
-cleanup_logging(isc_log_t **logp) {
-	isc_log_t *log;
+static isc_result_t
+kbdstart(isc_entropysource_t *source, void *arg, isc_boolean_t blocking) {
+	isc_keyboard_t *kbd = (isc_keyboard_t *)arg;
+	static isc_boolean_t first = ISC_TRUE;
 
-	REQUIRE(logp != NULL);
+	UNUSED(source);
 
-	log = *logp;
-	if (log == NULL)
-		return;
-	isc_log_destroy(&log);
-	isc_log_setcontext(NULL);
-	dns_log_setcontext(NULL);
-	logp = NULL;
+	if (!blocking)
+		return (ISC_R_NOENTROPY);
+	if (first) {
+		if (!wantkeyboard) {
+			fprintf(stderr, "You must use the keyboard to create "
+				"entropy, since your system is lacking\n");
+			fprintf(stderr, "/dev/random\n\n");
+		}
+		first = ISC_FALSE;
+	}
+	fprintf(stderr, "start typing:\n");
+	return (isc_keyboard_open(kbd));
+}
+
+static void
+kbdstop(isc_entropysource_t *source, void *arg) {
+	isc_keyboard_t *kbd = (isc_keyboard_t *)arg;
+
+	UNUSED(source);
+
+	if (!isc_keyboard_canceled(kbd))
+		fprintf(stderr, "stop typing.\r\n");
+	(void)isc_keyboard_close(kbd, 3);
+}
+
+static isc_result_t
+kbdget(isc_entropysource_t *source, void *arg, isc_boolean_t blocking) {
+	isc_keyboard_t *kbd = (isc_keyboard_t *)arg;
+	isc_result_t result;
+	isc_time_t t;
+	isc_uint32_t sample;
+	isc_uint32_t extra;
+	unsigned char c;
+
+	if (!blocking)
+		return (ISC_R_NOENTROPY);
+
+	result = isc_keyboard_getchar(kbd, &c);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	result = isc_time_now(&t);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+        sample = isc_time_nanoseconds(&t);
+	extra = c;
+
+	result = isc_entropy_addcallbacksample(source, sample, extra);
+	if (result != ISC_R_SUCCESS) {
+		fprintf(stderr, "\r\n");
+		return (result);
+	}
+
+	fprintf(stderr, ".");
+	fflush(stderr);
+
+	return (result);
 }
 
 void
 setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx) {
 	isc_result_t result;
-	isc_entropysource_t *source = NULL;
-	entropysource_t *elt;
-	int usekeyboard = ISC_ENTROPY_KEYBOARDMAYBE;
-
-	REQUIRE(ectx != NULL);
-
-	if (*ectx == NULL) {
-		result = isc_entropy_create(mctx, ectx);
-		if (result != ISC_R_SUCCESS)
-			fatal("could not create entropy object");
-		ISC_LIST_INIT(sources);
-	}
-
-	if (randomfile != NULL && strcmp(randomfile, "keyboard") == 0) {
-		usekeyboard = ISC_ENTROPY_KEYBOARDYES;
-		randomfile = NULL;
-	}
-
-	result = isc_entropy_usebestsource(*ectx, &source, randomfile,
-					   usekeyboard);
 
+	result = isc_entropy_create(mctx, ectx);
 	if (result != ISC_R_SUCCESS)
-		fatal("could not initialize entropy source: %s",
-		      isc_result_totext(result));
-
-	if (source != NULL) {
-		elt = isc_mem_get(mctx, sizeof(*elt));
-		if (elt == NULL)
-			fatal("out of memory");
-		elt->source = source;
-		elt->mctx = mctx;
-		ISC_LINK_INIT(elt, link);
-		ISC_LIST_APPEND(sources, elt, link);
+		fatal("could not create entropy object");
+	if (randomfile != NULL && strcasecmp(randomfile, "keyboard") != 0) {
+		result = isc_entropy_createfilesource(*ectx, randomfile);
+		if (result != ISC_R_SUCCESS)
+			fatal("could not open randomdev %s: %s", randomfile,
+			      isc_result_totext(result));
+	}
+	else {
+		if (randomfile == NULL) {
+			result = isc_entropy_createfilesource(*ectx,
+							      "/dev/random");
+			if (result == ISC_R_SUCCESS)
+				return;
+		}
+		else
+			wantkeyboard = ISC_TRUE;
+		result = isc_entropy_createcallbacksource(*ectx, kbdstart,
+							  kbdget, kbdstop,
+							  &kbd, &source);
+		if (result != ISC_R_SUCCESS)
+			fatal("failed to open keyboard: %s\n",
+			      isc_result_totext(result));
 	}
 }
 
 void
 cleanup_entropy(isc_entropy_t **ectx) {
-	entropysource_t *source;
-	while (!ISC_LIST_EMPTY(sources)) {
-		source = ISC_LIST_HEAD(sources);
-		ISC_LIST_UNLINK(sources, source, link);
-		isc_entropy_destroysource(&source->source);
-		isc_mem_put(source->mctx, source, sizeof(*source));
-	}
+	if (source != NULL)
+		isc_entropy_destroysource(&source);
 	isc_entropy_detach(ectx);
 }
-
-static isc_stdtime_t
-time_units(isc_stdtime_t offset, char *suffix, const char *str) {
-	switch (suffix[0]) {
-	    case 'Y': case 'y':
-		return (offset * (365 * 24 * 3600));
-	    case 'M': case 'm':
-		switch (suffix[1]) {
-		    case 'O': case 'o':
-			return (offset * (30 * 24 * 3600));
-		    case 'I': case 'i':
-			return (offset * 60);
-		    case '\0':
-			fatal("'%s' ambiguous: use 'mi' for minutes "
-			      "or 'mo' for months", str);
-		    default:
-			fatal("time value %s is invalid", str);
-		}
-		/* NOTREACHED */
-		break;
-	    case 'W': case 'w':
-		return (offset * (7 * 24 * 3600));
-	    case 'D': case 'd':
-		return (offset * (24 * 3600));
-	    case 'H': case 'h':
-		return (offset * 3600);
-	    case 'S': case 's': case '\0':
-		return (offset);
-	    default:
-		fatal("time value %s is invalid", str);
-	}
-	/* NOTREACHED */
-	return(0); /* silence compiler warning */
-}
-
-dns_ttl_t
-strtottl(const char *str) {
-	const char *orig = str;
-	dns_ttl_t ttl;
-	char *endp;
-
-	ttl = strtol(str, &endp, 0);
-	if (ttl == 0 && endp == str)
-		fatal("TTL must be numeric");
-	ttl = time_units(ttl, endp, orig);
-	return (ttl);
-}
-
-isc_stdtime_t
-strtotime(const char *str, isc_int64_t now, isc_int64_t base) {
-	isc_int64_t val, offset;
-	isc_result_t result;
-	const char *orig = str;
-	char *endp;
-
-	if ((str[0] == '0' || str[0] == '-') && str[1] == '\0')
-		return ((isc_stdtime_t) 0);
-
-	if (strncmp(str, "now", 3) == 0) {
-		base = now;
-		str += 3;
-	}
-
-	if (str[0] == '\0')
-		return ((isc_stdtime_t) base);
-	else if (str[0] == '+') {
-		offset = strtol(str + 1, &endp, 0);
-		offset = time_units((isc_stdtime_t) offset, endp, orig);
-		val = base + offset;
-	} else if (str[0] == '-') {
-		offset = strtol(str + 1, &endp, 0);
-		offset = time_units((isc_stdtime_t) offset, endp, orig);
-		val = base - offset;
-	} else if (strlen(str) == 8U) {
-		char timestr[15];
-		sprintf(timestr, "%s000000", str);
-		result = dns_time64_fromtext(timestr, &val);
-		if (result != ISC_R_SUCCESS)
-			fatal("time value %s is invalid: %s", orig,
-			      isc_result_totext(result));
-	} else if (strlen(str) > 14U) {
-		fatal("time value %s is invalid", orig);
-	} else {
-		result = dns_time64_fromtext(str, &val);
-		if (result != ISC_R_SUCCESS)
-			fatal("time value %s is invalid: %s", orig,
-			      isc_result_totext(result));
-	}
-
-	return ((isc_stdtime_t) val);
-}
-
-dns_rdataclass_t
-strtoclass(const char *str) {
-	isc_textregion_t r;
-	dns_rdataclass_t rdclass;
-	isc_result_t ret;
-
-	if (str == NULL)
-		return dns_rdataclass_in;
-	DE_CONST(str, r.base);
-	r.length = strlen(str);
-	ret = dns_rdataclass_fromtext(&rdclass, &r);
-	if (ret != ISC_R_SUCCESS)
-		fatal("unknown class %s", str);
-	return (rdclass);
-}
-
-isc_result_t
-try_dir(const char *dirname) {
-	isc_result_t result;
-	isc_dir_t d;
-
-	isc_dir_init(&d);
-	result = isc_dir_open(&d, dirname);
-	if (result == ISC_R_SUCCESS) {
-		isc_dir_close(&d);
-	}
-	return (result);
-}
-
-/*
- * Check private key version compatibility.
- */
-void
-check_keyversion(dst_key_t *key, char *keystr) {
-	int major, minor;
-	dst_key_getprivateformat(key, &major, &minor);
-	INSIST(major <= DST_MAJOR_VERSION); /* invalid private key */
-
-	if (major < DST_MAJOR_VERSION || minor < DST_MINOR_VERSION)
-		fatal("Key %s has incompatible format version %d.%d, "
-		      "use -f to force upgrade to new version.",
-		      keystr, major, minor);
-	if (minor > DST_MINOR_VERSION)
-		fatal("Key %s has incompatible format version %d.%d, "
-		      "use -f to force downgrade to current version.",
-		      keystr, major, minor);
-}
-
-void
-set_keyversion(dst_key_t *key) {
-	int major, minor;
-	dst_key_getprivateformat(key, &major, &minor);
-	INSIST(major <= DST_MAJOR_VERSION);
-
-	if (major != DST_MAJOR_VERSION || minor != DST_MINOR_VERSION)
-		dst_key_setprivateformat(key, DST_MAJOR_VERSION,
-					 DST_MINOR_VERSION);
-
-	/*
-	 * If the key is from a version older than 1.3, set
-	 * set the creation date
-	 */
-	if (major < 1 || (major == 1 && minor <= 2)) {
-		isc_stdtime_t now;
-		isc_stdtime_get(&now);
-		dst_key_settime(key, DST_TIME_CREATED, now);
-	}
-}
-
-isc_boolean_t
-key_collision(isc_uint16_t id, dns_name_t *name, const char *dir,
-	      dns_secalg_t alg, isc_mem_t *mctx, isc_boolean_t *exact)
-{
-	isc_result_t result;
-	isc_boolean_t conflict = ISC_FALSE;
-	dns_dnsseckeylist_t matchkeys;
-	dns_dnsseckey_t *key = NULL;
-	isc_uint16_t oldid, diff;
-	isc_uint16_t bits = DNS_KEYFLAG_REVOKE;   /* flag bits to look for */
-
-	if (exact != NULL)
-		*exact = ISC_FALSE;
-
-	ISC_LIST_INIT(matchkeys);
-	result = dns_dnssec_findmatchingkeys(name, dir, mctx, &matchkeys);
-	if (result == ISC_R_NOTFOUND)
-		return (ISC_FALSE);
-
-	while (!ISC_LIST_EMPTY(matchkeys) && !conflict) {
-		key = ISC_LIST_HEAD(matchkeys);
-		if (dst_key_alg(key->key) != alg)
-			goto next;
-
-		oldid = dst_key_id(key->key);
-		diff = (oldid > id) ? (oldid - id) : (id - oldid);
-		if ((diff & ~bits) == 0) {
-			conflict = ISC_TRUE;
-			if (diff != 0) {
-				if (verbose > 1)
-					fprintf(stderr, "Key ID %d could "
-						"collide with %d\n",
-						id, oldid);
-			} else {
-				if (exact != NULL)
-					*exact = ISC_TRUE;
-				if (verbose > 1)
-					fprintf(stderr, "Key ID %d exists\n",
-						id);
-			}
-		}
-
- next:
-		ISC_LIST_UNLINK(matchkeys, key, link);
-		dns_dnsseckey_destroy(mctx, &key);
-	}
-
-	/* Finish freeing the list */
-	while (!ISC_LIST_EMPTY(matchkeys)) {
-		key = ISC_LIST_HEAD(matchkeys);
-		ISC_LIST_UNLINK(matchkeys, key, link);
-		dns_dnsseckey_destroy(mctx, &key);
-	}
-
-	return (conflict);
-}
-

bin/dnssec/dnssectool.h

@@ -1,83 +1,52 @@
 /*
- * Copyright (C) 2004, 2007-2010  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: dnssectool.h,v 1.31 2010/01/19 23:48:56 tbox Exp $ */
+/* $Id: dnssectool.h,v 1.6 2000/06/22 21:49:07 tale Exp $ */
 
 #ifndef DNSSECTOOL_H
 #define DNSSECTOOL_H 1
 
 #include <isc/log.h>
-#include <isc/stdtime.h>
-#include <dns/rdatastruct.h>
-#include <dst/dst.h>
-
-typedef void (fatalcallback_t)(void);
-
-ISC_PLATFORM_NORETURN_PRE void
-fatal(const char *format, ...)
-ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
 
 void
-setfatalcallback(fatalcallback_t *callback);
+fatal(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
 
 void
 check_result(isc_result_t result, const char *message);
 
 void
-vbprintf(int level, const char *fmt, ...) ISC_FORMAT_PRINTF(2, 3);
+vbprintf(int level, const char *fmt, ...);
 
-void
-type_format(const dns_rdatatype_t type, char *cp, unsigned int size);
-#define TYPE_FORMATSIZE 20
+char *
+nametostr(dns_name_t *name);
 
-void
-sig_format(dns_rdata_rrsig_t *sig, char *cp, unsigned int size);
-#define SIG_FORMATSIZE (DNS_NAME_FORMATSIZE + DNS_SECALG_FORMATSIZE + sizeof("65535"))
+char *
+typetostr(const dns_rdatatype_t type);
+
+char *
+algtostr(const dns_secalg_t alg);
 
 void
 setup_logging(int verbose, isc_mem_t *mctx, isc_log_t **logp);
 
-void
-cleanup_logging(isc_log_t **logp);
-
 void
 setup_entropy(isc_mem_t *mctx, const char *randomfile, isc_entropy_t **ectx);
 
 void
 cleanup_entropy(isc_entropy_t **ectx);
 
-dns_ttl_t strtottl(const char *str);
-
-isc_stdtime_t
-strtotime(const char *str, isc_int64_t now, isc_int64_t base);
-
-dns_rdataclass_t
-strtoclass(const char *str);
-
-isc_result_t
-try_dir(const char *dirname);
-
-void
-check_keyversion(dst_key_t *key, char *keystr);
-
-void
-set_keyversion(dst_key_t *key);
-
-isc_boolean_t
-key_collision(isc_uint16_t id, dns_name_t *name, const char *dir,
-	      dns_secalg_t alg, isc_mem_t *mctx, isc_boolean_t *exact);
 #endif /* DNSSEC_DNSSECTOOL_H */

bin/lwresd/.cvsignore

@@ -0,0 +1,5 @@
+Makefile
+.libs
+*.la
+*.lo
+lwresd

bin/lwresd/Makefile.in

@@ -0,0 +1,57 @@
+# Copyright (C) 2000  Internet Software Consortium.
+# 
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+# SOFTWARE.
+
+# $Id: Makefile.in,v 1.10 2000/06/22 21:49:08 tale Exp $
+
+srcdir =	@srcdir@
+VPATH =		@srcdir@
+top_srcdir =	@top_srcdir@
+
+@BIND9_VERSION@
+
+@BIND9_INCLUDES@
+
+CINCLUDES =	${LWRES_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} 
+
+CDEFINES =	
+CWARNINGS =
+
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@
+ISCLIBS =	../../lib/isc/libisc.@A@
+LWRESLIBS =	../../lib/lwres/liblwres.@A@
+
+DNSDEPLIBS =	../../lib/dns/libdns.@A@
+ISCDEPLIBS =	../../lib/isc/libisc.@A@
+LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@
+
+DEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS} ${LWRESDEPLIBS}
+
+LIBS =		${DNSLIBS} ${ISCLIBS} ${LWRESLIBS} @LIBS@
+
+TARGETS =	lwresd
+
+OBJS =		main.@O@ client.@O@ err_pkt.@O@ \
+		process_gabn.@O@ process_gnba.@O@ process_noop.@O@
+
+SRCS =		main.c client.c err_pkt.c \
+		process_gabn.c process_gnba.c process_noop.c
+
+@BIND9_MAKE_RULES@
+
+lwresd: ${OBJS} ${UOBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ ${OBJS} ${UOBJS} ${LIBS}
+
+clean distclean::
+	rm -f ${TARGETS}

bin/lwresd/client.c

@@ -0,0 +1,387 @@
+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/* $Id: client.c,v 1.28 2000/06/22 21:49:09 tale Exp $ */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/util.h>
+
+#include <dns/view.h>
+#include <dns/log.h>
+
+#include "client.h"
+
+void
+DP(int level, const char *format, ...) {
+	va_list args;
+
+	va_start(args, format);
+	isc_log_vwrite(dns_lctx,
+		       DNS_LOGCATEGORY_DATABASE, DNS_LOGMODULE_ADB,
+		       ISC_LOG_DEBUG(level), format, args);
+	va_end(args);
+}
+
+void
+hexdump(char *msg, void *base, size_t len) {
+	unsigned char *p;
+	unsigned int cnt;
+	char buffer[180];
+	char *n;
+
+	p = base;
+	cnt = 0;
+	n = buffer;
+	*n = 0;
+
+	printf("*** %s (%u bytes @ %p)\n", msg, len, base);
+
+	while (cnt < len) {
+		if (cnt % 16 == 0) {
+			n = buffer;
+			n += sprintf(buffer, "%p: ", p);
+		} else if (cnt % 8 == 0) {
+			*n++ = ' ';
+			*n++ = '|';
+			*n = 0;
+		}
+		n += sprintf(n, " %02x", *p++);
+		cnt++;
+
+		if (cnt % 16 == 0) {
+			DP(80, buffer);
+			n = buffer;
+			*n = 0;
+		}
+	}
+
+	if (n != buffer) {
+		DP(80, buffer);
+		n = buffer;
+		*n = 0;
+	}
+}
+
+static void
+clientmgr_can_die(clientmgr_t *cm) {
+	if ((cm->flags & CLIENTMGR_FLAG_SHUTTINGDOWN) == 0)
+		return;
+
+	if (ISC_LIST_HEAD(cm->running) != NULL)
+		return;
+
+	lwres_context_destroy(&cm->lwctx);
+	dns_view_detach(&cm->view);
+	isc_task_detach(&cm->task);
+}
+
+static void
+process_request(client_t *client) {
+	lwres_buffer_t b;
+	isc_result_t result;
+
+	lwres_buffer_init(&b, client->buffer, client->recvlength);
+	lwres_buffer_add(&b, client->recvlength);
+
+	result = lwres_lwpacket_parseheader(&b, &client->pkt);
+	if (result != ISC_R_SUCCESS) {
+		DP(50, "invalid packet header received");
+		goto restart;
+	}
+
+	DP(50, "opcode %08x", client->pkt.opcode);
+
+	switch (client->pkt.opcode) {
+	case LWRES_OPCODE_GETADDRSBYNAME:
+		process_gabn(client, &b);
+		return;
+	case LWRES_OPCODE_GETNAMEBYADDR:
+		process_gnba(client, &b);
+		return;
+	case LWRES_OPCODE_NOOP:
+		process_noop(client, &b);
+		return;
+	default:
+		DP(50, "unknown opcode %08x", client->pkt.opcode);
+		goto restart;
+	}
+
+	/*
+	 * Drop the packet.
+	 */
+ restart:
+	DP(50, "restarting client %p...", client);
+	client_state_idle(client);
+}
+
+void
+client_recv(isc_task_t *task, isc_event_t *ev) {
+	client_t *client = ev->ev_arg;
+	clientmgr_t *cm = client->clientmgr;
+	isc_socketevent_t *dev = (isc_socketevent_t *)ev;
+
+	INSIST(dev->region.base == client->buffer);
+	INSIST(CLIENT_ISRECV(client));
+
+	CLIENT_SETRECVDONE(client);
+
+	INSIST((cm->flags & CLIENTMGR_FLAG_RECVPENDING) != 0);
+	cm->flags &= ~CLIENTMGR_FLAG_RECVPENDING;
+
+	DP(50, "event received: task %p, length %u, result %u (%s)",
+	       task, dev->n, dev->result, isc_result_totext(dev->result));
+
+	if (dev->result != ISC_R_SUCCESS) {
+		isc_event_free(&ev);
+		dev = NULL;
+
+		/*
+		 * Go idle.
+		 */
+		client_state_idle(client);
+
+		return;
+	}
+
+	/*
+	 * XXXMLG If we wanted to run on ipv6 as well, we'd need the pktinfo
+	 * bits.  Right now we don't, so don't remember them.
+	 */
+	client->recvlength = dev->n;
+	client->address = dev->address;
+	isc_event_free(&ev);
+	dev = NULL;
+
+	client_start_recv(cm);
+
+	process_request(client);
+}
+
+/*
+ * This function will start a new recv() on a socket for this client manager.
+ */
+isc_result_t
+client_start_recv(clientmgr_t *cm) {
+	client_t *client;
+	isc_result_t result;
+	isc_region_t r;
+
+	if ((cm->flags & CLIENTMGR_FLAG_SHUTTINGDOWN) != 0)
+		return (ISC_R_SUCCESS);
+
+	/*
+	 * If a recv is already running, don't bother.
+	 */
+	if ((cm->flags & CLIENTMGR_FLAG_RECVPENDING) != 0)
+		return (ISC_R_SUCCESS);
+
+	/*
+	 * If we have no idle slots, just return success.
+	 */
+	client = ISC_LIST_HEAD(cm->idle);
+	if (client == NULL)
+		return (ISC_R_SUCCESS);
+	INSIST(CLIENT_ISIDLE(client));
+
+	/*
+	 * Issue the recv.  If it fails, return that it did.
+	 */
+	r.base = client->buffer;
+	r.length = LWRES_RECVLENGTH;
+	result = isc_socket_recv(cm->sock, &r, 0, cm->task, client_recv,
+				 client);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	/*
+	 * Set the flag to say we've issued a recv() call.
+	 */
+	cm->flags |= CLIENTMGR_FLAG_RECVPENDING;
+
+	/*
+	 * Remove the client from the idle list, and put it on the running
+	 * list.
+	 */
+	CLIENT_SETRECV(client);
+	ISC_LIST_UNLINK(cm->idle, client, link);
+	ISC_LIST_APPEND(cm->running, client, link);
+
+	return (ISC_R_SUCCESS);
+}
+
+void
+client_shutdown(isc_task_t *task, isc_event_t *ev) {
+	clientmgr_t *cm = ev->ev_arg;
+
+	REQUIRE(task == cm->task);
+	REQUIRE(ev->ev_type == LWRD_SHUTDOWN);
+	REQUIRE((cm->flags & CLIENTMGR_FLAG_SHUTTINGDOWN) == 0);
+
+	DP(50, "got shutdown event, task %p", task);
+
+	/*
+	 * Cancel any pending I/O.
+	 */
+	if ((cm->flags & CLIENTMGR_FLAG_RECVPENDING) != 0)
+		isc_socket_cancel(cm->sock, task, ISC_SOCKCANCEL_ALL);
+
+	/*
+	 * Run through the running client list and kill off any finds
+	 * in progress.
+	 */
+	/* XXXMLG */
+
+	cm->flags |= CLIENTMGR_FLAG_SHUTTINGDOWN;
+}
+
+/*
+ * Do all the crap needed to move a client from the run queue to the idle
+ * queue.
+ */
+void
+client_state_idle(client_t *client) {
+	clientmgr_t *cm;
+
+	cm = client->clientmgr;
+
+	INSIST(client->sendbuf == NULL);
+	INSIST(client->sendlength == 0);
+	INSIST(client->arg == NULL);
+	INSIST(client->v4find == NULL);
+	INSIST(client->v6find == NULL);
+
+	ISC_LIST_UNLINK(cm->running, client, link);
+	ISC_LIST_PREPEND(cm->idle, client, link);
+
+	CLIENT_SETIDLE(client);
+
+	clientmgr_can_die(cm);
+
+	client_start_recv(cm);
+}
+
+void
+client_send(isc_task_t *task, isc_event_t *ev) {
+	client_t *client = ev->ev_arg;
+	clientmgr_t *cm = client->clientmgr;
+	isc_socketevent_t *dev = (isc_socketevent_t *)ev;
+
+	UNUSED(task);
+	UNUSED(dev);
+	
+	INSIST(CLIENT_ISSEND(client));
+	INSIST(client->sendbuf == dev->region.base);
+
+	DP(50, "task %p for client %p got send-done event", task, client);
+
+	if (client->sendbuf != client->buffer)
+		lwres_context_freemem(cm->lwctx, client->sendbuf,
+				      client->sendlength);
+	client->sendbuf = NULL;
+	client->sendlength = 0;
+
+	client_state_idle(client);
+
+	isc_event_free(&ev);
+}
+
+void
+client_initialize(client_t *client, clientmgr_t *cmgr) {
+	client->clientmgr = cmgr;
+	ISC_LINK_INIT(client, link);
+	CLIENT_SETIDLE(client);
+	client->arg = NULL;
+
+	client->recvlength = 0;
+
+	client->sendbuf = NULL;
+	client->sendlength = 0;
+
+	client->find = NULL;
+	client->v4find = NULL;
+	client->v6find = NULL;
+	client->find_wanted = 0;
+
+	client->options = 0;
+	client->byaddr = NULL;
+	client->addrinfo = NULL;
+
+	ISC_LIST_APPEND(cmgr->idle, client, link);
+}
+
+void
+client_init_aliases(client_t *client) {
+	int i;
+
+	for (i = 0 ; i < LWRES_MAX_ALIASES ; i++) {
+		client->aliases[i] = NULL;
+		client->aliaslen[i] = 0;
+	}
+	for (i = 0 ; i < LWRES_MAX_ADDRS ; i++) {
+		client->addrs[i].family = 0;
+		client->addrs[i].length = 0;
+		memset(client->addrs[i].address, 0, LWRES_ADDR_MAXLEN);
+		LWRES_LINK_INIT(&client->addrs[i], link);
+	}
+}
+
+void
+client_init_gabn(client_t *client) {
+	/*
+	 * Initialize the real name and alias arrays in the reply we're
+	 * going to build up.
+	 */
+	client_init_aliases(client);
+	client->gabn.naliases = 0;
+	client->gabn.naddrs = 0;
+	client->gabn.realname = NULL;
+	client->gabn.aliases = client->aliases;
+	client->gabn.realnamelen = 0;
+	client->gabn.aliaslen = client->aliaslen;
+	LWRES_LIST_INIT(client->gabn.addrs);
+	client->gabn.base = NULL;
+	client->gabn.baselen = 0;
+
+	/*
+	 * Set up the internal buffer to point to the receive region.
+	 */
+	isc_buffer_init(&client->recv_buffer, client->buffer,
+			LWRES_RECVLENGTH);
+}
+
+void
+client_init_gnba(client_t *client) {
+	/*
+	 * Initialize the real name and alias arrays in the reply we're
+	 * going to build up.
+	 */
+	client_init_aliases(client);
+	client->gnba.naliases = 0;
+	client->gnba.realname = NULL;
+	client->gnba.aliases = client->aliases;
+	client->gnba.realnamelen = 0;
+	client->gnba.aliaslen = client->aliaslen;
+	client->gnba.base = NULL;
+	client->gnba.baselen = 0;
+
+	isc_buffer_init(&client->recv_buffer, client->buffer,
+			LWRES_RECVLENGTH);
+}

bin/lwresd/client.h

@@ -0,0 +1,194 @@
+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/* $Id: client.h,v 1.16 2000/06/22 21:49:10 tale Exp $ */
+
+#ifndef LWD_CLIENT_H
+#define LWD_CLIENT_H 1
+
+#include <isc/event.h>
+#include <isc/eventclass.h>
+#include <isc/netaddr.h>
+#include <isc/sockaddr.h>
+#include <isc/types.h>
+
+#include <dns/fixedname.h>
+#include <dns/types.h>
+
+#include <lwres/lwres.h>
+
+#define LWRD_EVENTCLASS		ISC_EVENTCLASS(4242)
+
+#define LWRD_SHUTDOWN		(LWRD_EVENTCLASS + 0x0001)
+
+typedef struct client_s client_t;
+typedef struct clientmgr_s clientmgr_t;
+
+struct client_s {
+	isc_sockaddr_t		address;	/* where to reply */
+	clientmgr_t	       *clientmgr;	/* our parent */
+	ISC_LINK(client_t)	link;
+	unsigned int		state;
+	void		       *arg;		/* packet processing state */
+
+	/*
+	 * Received data info.
+	 */
+	unsigned char		buffer[LWRES_RECVLENGTH]; /* receive buffer */
+	isc_uint32_t		recvlength;	/* length recv'd */
+	lwres_lwpacket_t	pkt;
+
+	/*
+	 * Send data state.  If sendbuf != buffer (that is, the send buffer
+	 * isn't our receive buffer) it will be freed to the lwres_context_t.
+	 */
+	unsigned char	       *sendbuf;
+	isc_uint32_t		sendlength;
+	isc_buffer_t		recv_buffer;
+
+	/*
+	 * gabn (get address by name) state info.
+	 */
+	dns_adbfind_t		*find;
+	dns_adbfind_t		*v4find;
+	dns_adbfind_t		*v6find;
+	unsigned int		find_wanted;	/* Addresses we want */
+	dns_fixedname_t		target_name;
+	lwres_gabnresponse_t	gabn;
+
+	/*
+	 * gnba (get name by address) state info.
+	 */
+	lwres_gnbaresponse_t	gnba;
+	dns_byaddr_t	       *byaddr;
+	unsigned int		options;
+	isc_netaddr_t		na;
+	dns_adbaddrinfo_t      *addrinfo;
+
+	/*
+	 * Alias and address info.  This is copied up to the gabn/gnba
+	 * structures eventually.
+	 *
+	 * XXXMLG We can keep all of this in a client since we only service
+	 * three packet types right now.  If we started handling more,
+	 * we'd need to use "arg" above and allocate/destroy things.
+	 */
+	char		       *aliases[LWRES_MAX_ALIASES];
+	isc_uint16_t		aliaslen[LWRES_MAX_ALIASES];
+	lwres_addr_t		addrs[LWRES_MAX_ADDRS];
+};
+
+/*
+ * Client states.
+ *
+ * _IDLE	The client is not doing anything at all.
+ *
+ * _RECV	The client is waiting for data after issuing a socket recv().
+ *
+ * _RECVDONE	Data has been received, and is being processed.
+ *
+ * _FINDWAIT	An adb (or other) request was made that cannot be satisfied
+ *		immediately.  An event will wake the client up.
+ *
+ * _SEND	All data for a response has completed, and a reply was
+ *		sent via a socket send() call.
+ *
+ * Badly formatted state table:
+ *
+ *	IDLE -> RECV when client has a recv() queued.
+ *
+ *	RECV -> RECVDONE when recvdone event received.
+ *
+ *	RECVDONE -> SEND if the data for a reply is at hand.
+ *	RECVDONE -> FINDWAIT if more searching is needed, and events will
+ *		eventually wake us up again.
+ *
+ *	FINDWAIT -> SEND when enough data was received to reply.
+ *
+ *	SEND -> IDLE when a senddone event was received.
+ *
+ *	At any time -> IDLE on error.  Sometimes this will be -> SEND
+ *	instead, if enough data is on hand to reply with a meaningful
+ *	error.
+ *
+ *	Packets which are badly formatted may or may not get error returns.
+ */
+#define CLIENT_STATE_IDLE		1
+#define CLIENT_STATE_RECV		2
+#define CLIENT_STATE_RECVDONE		3
+#define CLIENT_STATE_FINDWAIT		4
+#define CLIENT_STATE_SEND		5
+#define CLIENT_STATE_SENDDONE		6
+
+#define CLIENT_ISIDLE(c)	((c)->state == CLIENT_STATE_IDLE)
+#define CLIENT_ISRECV(c)	((c)->state == CLIENT_STATE_RECV)
+#define CLIENT_ISRECVDONE(c)	((c)->state == CLIENT_STATE_RECVDONE)
+#define CLIENT_ISFINDWAIT(c)	((c)->state == CLIENT_STATE_FINDWAIT)
+#define CLIENT_ISSEND(c)	((c)->state == CLIENT_STATE_SEND)
+
+/*
+ * Overall magic test that means we're not idle.
+ */
+#define CLIENT_ISRUNNING(c)	(!CLIENT_ISIDLE(c))
+
+#define CLIENT_SETIDLE(c)	((c)->state = CLIENT_STATE_IDLE)
+#define CLIENT_SETRECV(c)	((c)->state = CLIENT_STATE_RECV)
+#define CLIENT_SETRECVDONE(c)	((c)->state = CLIENT_STATE_RECVDONE)
+#define CLIENT_SETFINDWAIT(c)	((c)->state = CLIENT_STATE_FINDWAIT)
+#define CLIENT_SETSEND(c)	((c)->state = CLIENT_STATE_SEND)
+#define CLIENT_SETSENDDONE(c)	((c)->state = CLIENT_STATE_SENDDONE)
+
+struct clientmgr_s {
+	isc_mem_t	       *mctx;
+	isc_task_t	       *task;		/* owning task */
+	isc_socket_t	       *sock;		/* socket to use */
+	dns_view_t	       *view;
+	unsigned int		flags;
+	isc_event_t		sdev;		/* shutdown event */
+	lwres_context_t	       *lwctx;		/* lightweight proto context */
+	ISC_LIST(client_t)	idle;		/* idle client slots */
+	ISC_LIST(client_t)	running;	/* running clients */
+};
+
+#define CLIENTMGR_FLAG_RECVPENDING		0x00000001
+#define CLIENTMGR_FLAG_SHUTTINGDOWN		0x00000002
+
+void client_initialize(client_t *, clientmgr_t *);
+isc_result_t client_start_recv(clientmgr_t *);
+void client_state_idle(client_t *);
+
+void client_recv(isc_task_t *, isc_event_t *);
+void client_shutdown(isc_task_t *, isc_event_t *);
+void client_send(isc_task_t *, isc_event_t *);
+
+/*
+ * Processing functions of various types.
+ */
+void process_gabn(client_t *, lwres_buffer_t *);
+void process_gnba(client_t *, lwres_buffer_t *);
+void process_noop(client_t *, lwres_buffer_t *);
+
+void error_pkt_send(client_t *, isc_uint32_t);
+
+void client_init_aliases(client_t *);
+void client_init_gabn(client_t *);
+void client_init_gnba(client_t *);
+
+void DP(int level, const char *format, ...);
+void hexdump(char *msg, void *base, size_t len);
+
+#endif /* LWD_CLIENT_H */

bin/lwresd/err_pkt.c

@@ -0,0 +1,81 @@
+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/* $Id: err_pkt.c,v 1.5 2000/06/22 21:49:11 tale Exp $ */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/util.h>
+
+#include "client.h"
+
+/*
+ * Generate an error packet for the client, schedule a send, and put us in
+ * the SEND state.
+ *
+ * The client->pkt structure will be modified to form an error return.
+ * The receiver needs to verify that it is in fact an error, and do the
+ * right thing with it.  The opcode will be unchanged.  The result needs
+ * to be set before calling this function.
+ *
+ * The only change this code makes is to set the receive buffer size to the
+ * size we use, set the reply bit, and recompute any security information.
+ */
+void
+error_pkt_send(client_t *client, isc_uint32_t _result) {
+	isc_result_t result;
+	int lwres;
+	isc_region_t r;
+	lwres_buffer_t b;
+	clientmgr_t *cm;
+
+	cm = client->clientmgr;
+
+	REQUIRE(CLIENT_ISRUNNING(client));
+
+	/*
+	 * Since we are only sending the packet header, we can safely toss
+	 * the receive buffer.  This means we won't need to allocate space
+	 * for sending an error reply.  This is a Good Thing.
+	 */
+	client->pkt.length = LWRES_LWPACKET_LENGTH;
+	client->pkt.pktflags |= LWRES_LWPACKETFLAG_RESPONSE;
+	client->pkt.recvlength = LWRES_RECVLENGTH;
+	client->pkt.authtype = 0; /* XXXMLG */
+	client->pkt.authlength = 0;
+	client->pkt.result = _result;
+
+	lwres_buffer_init(&b, client->buffer, LWRES_RECVLENGTH);
+	lwres = lwres_lwpacket_renderheader(&b, &client->pkt);
+	if (lwres != LWRES_R_SUCCESS) {
+		client_state_idle(client);
+		return;
+	}
+
+	r.base = client->buffer;
+	r.length = b.used;
+	client->sendbuf = client->buffer;
+	result = isc_socket_sendto(cm->sock, &r, cm->task, client_send, client,
+				   &client->address, NULL);
+	if (result != ISC_R_SUCCESS) {
+		client_state_idle(client);
+		return;
+	}
+
+	CLIENT_SETSEND(client);
+}

bin/lwresd/main.c

@@ -0,0 +1,509 @@
+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/* $Id: main.c,v 1.43 2000/06/22 21:49:12 tale Exp $ */
+
+/*
+ * Main program for the Lightweight Resolver Daemon.
+ *
+ * To paraphrase the old saying about X11, "It's not a lightweight deamon 
+ * for resolvers, it's a deamon for lightweight resolvers".
+ */
+
+#include <config.h>
+
+#include <stdlib.h>
+
+#include <isc/app.h>
+#include <isc/mem.h>
+#include <isc/string.h>
+#include <isc/task.h>
+#include <isc/timer.h>
+#include <isc/util.h>
+
+#include <dns/cache.h>
+#include <dns/db.h>
+#include <dns/dispatch.h>
+#include <dns/log.h>
+#include <dns/resolver.h>
+#include <dns/result.h>
+#include <dns/rootns.h>
+#include <dns/view.h>
+
+#include "client.h"
+
+/*
+ * The goal number of clients we can handle will be NTASKS * NRECVS.
+ */
+#define NTASKS		20	/* tasks to create to handle lwres queries */
+#define NRECVS		 5	/* max clients per task */
+#define NTHREADS	 1	/* # threads to create in thread manager */
+
+/*
+ * Array of client managers.  Each of these will have a task associated
+ * with it.
+ */
+clientmgr_t    *cmgr;
+unsigned int	ntasks;	/* number of tasks actually created */
+
+dns_view_t *view;
+
+isc_taskmgr_t *taskmgr;
+isc_socketmgr_t *sockmgr;
+isc_timermgr_t *timermgr;
+dns_dispatchmgr_t *dispatchmgr;
+
+isc_sockaddrlist_t forwarders;
+
+static isc_logmodule_t logmodules[] = {
+	{ "main",	 		0 },
+	{ NULL, 			0 }
+};
+
+#define LWRES_LOGMODULE_MAIN		(&logmodules[0])
+
+static isc_logcategory_t logcategories[] = {
+	{ "network",	 		0 },
+	{ NULL, 			0 }
+};
+
+#define LWRES_LOGCATEGORY_NETWORK	(&logcategories[0])
+	
+
+static isc_result_t
+create_view(isc_mem_t *mctx) {
+	dns_cache_t *cache;
+	isc_result_t result;
+	dns_db_t *rootdb;
+	unsigned int attrs;
+	dns_dispatch_t *disp4 = NULL;
+	dns_dispatch_t *disp6 = NULL;		
+	
+	view = NULL;
+	cache = NULL;
+
+	/*
+	 * View.
+	 */
+	result = dns_view_create(mctx, dns_rdataclass_in, "_default", &view);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	/*
+	 * Cache.
+	 */
+	result = dns_cache_create(mctx, taskmgr, timermgr, dns_rdataclass_in,
+				  "rbt", 0, NULL, &cache);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+	dns_view_setcache(view, cache);
+	dns_cache_detach(&cache);
+
+	/*
+	 * Resolver.
+	 *
+	 * XXXMLG hardwired number of tasks.
+	 */
+
+	if (isc_net_probeipv4() == ISC_R_SUCCESS) {
+		isc_sockaddr_t any4;
+		
+		isc_sockaddr_any(&any4);
+		attrs = DNS_DISPATCHATTR_IPV4 | DNS_DISPATCHATTR_UDP;
+		result = dns_dispatch_getudp(dispatchmgr, sockmgr,
+					     taskmgr, &any4, 512, 6, 1024,
+					     17, 19, attrs, attrs, &disp4);
+		if (result != ISC_R_SUCCESS)
+			goto out;
+	}
+
+	if (isc_net_probeipv6() == ISC_R_SUCCESS) {
+		isc_sockaddr_t any6;
+		
+		isc_sockaddr_any6(&any6);
+		
+		attrs = DNS_DISPATCHATTR_IPV6 | DNS_DISPATCHATTR_UDP;
+		result = dns_dispatch_getudp(dispatchmgr, sockmgr,
+					     taskmgr, &any6, 512, 6, 1024,
+					     17, 19, attrs, attrs, &disp6);
+		if (result != ISC_R_SUCCESS)
+			goto out;
+	}
+	
+	result = dns_view_createresolver(view, taskmgr, 16, sockmgr,
+					 timermgr, 0, dispatchmgr,
+					 disp4, disp6);
+
+	if (disp4 != NULL)
+		dns_dispatch_detach(&disp4);
+	if (disp6 != NULL)
+		dns_dispatch_detach(&disp6);
+	
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	rootdb = NULL;
+	result = dns_rootns_create(mctx, dns_rdataclass_in, NULL, &rootdb);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+	dns_view_sethints(view, rootdb);
+	dns_db_detach(&rootdb);
+
+	/*
+	 * If we have forwarders, set them here.
+	 */
+	if (ISC_LIST_HEAD(forwarders) != NULL) {
+		isc_sockaddr_t *sa;
+
+		dns_resolver_setforwarders(view->resolver, &forwarders);
+		dns_resolver_setfwdpolicy(view->resolver, dns_fwdpolicy_only);
+		sa = ISC_LIST_HEAD(forwarders);
+		while (sa != NULL) {
+			ISC_LIST_UNLINK(forwarders, sa, link);
+			isc_mem_put(mctx, sa, sizeof (*sa));
+			sa = ISC_LIST_HEAD(forwarders);
+		}
+			
+	}
+
+	dns_view_freeze(view);
+
+	return (ISC_R_SUCCESS);
+
+out:
+	if (view != NULL)
+		dns_view_detach(&view);
+
+	return (result);
+}
+
+/*
+ * Wrappers around our memory management stuff, for the lwres functions.
+ */
+static void *
+mem_alloc(void *arg, size_t size) {
+	return (isc_mem_get(arg, size));
+}
+
+static void
+mem_free(void *arg, void *mem, size_t size) {
+	isc_mem_put(arg, mem, size);
+}
+
+static void
+parse_resolv_conf(isc_mem_t *mem) {
+	lwres_context_t *lwctx;
+	lwres_conf_t *lwc;
+	int lwresult;
+	struct in_addr ina;
+	struct in6_addr ina6;
+	isc_sockaddr_t *sa;
+	int i;
+
+	lwctx = NULL;
+	lwresult = lwres_context_create(&lwctx, mem, mem_alloc, mem_free,
+					LWRES_CONTEXT_SERVERMODE);
+	if (lwresult != LWRES_R_SUCCESS)
+		return;
+
+	lwresult = lwres_conf_parse(lwctx, "/etc/resolv.conf");
+	if (lwresult != LWRES_R_SUCCESS)
+		goto out;
+
+#if 1
+	lwres_conf_print(lwctx, stderr);
+#endif
+
+	lwc = lwres_conf_get(lwctx);
+	INSIST(lwc != NULL);
+
+	/*
+	 * Run through the list of nameservers, and set them to be our
+	 * forwarders.
+	 */
+	for (i = 0 ; i < lwc->nsnext ; i++) {
+		switch (lwc->nameservers[i].family) {
+		case AF_INET:
+			sa = isc_mem_get(mem, sizeof *sa);
+			INSIST(sa != NULL);
+			memcpy(&ina.s_addr, lwc->nameservers[i].address, 4);
+			isc_sockaddr_fromin(sa, &ina, 53);
+			ISC_LIST_APPEND(forwarders, sa, link);
+			sa = NULL;
+			break;
+		case AF_INET6:
+			sa = isc_mem_get(mem, sizeof *sa);
+			INSIST(sa != NULL);
+			memcpy(&ina6.s6_addr, lwc->nameservers[i].address, 16);
+			isc_sockaddr_fromin6(sa, &ina6, 53);
+			ISC_LIST_APPEND(forwarders, sa, link);
+			sa = NULL;
+			break;
+		default:
+			break;
+		}
+	}
+
+ out:
+	lwres_conf_clear(lwctx);
+	lwres_context_destroy(&lwctx);
+}
+
+int
+main(int argc, char **argv) {
+	isc_mem_t *mem;
+	isc_socket_t *sock;
+	isc_sockaddr_t localhost;
+	struct in_addr lh_addr;
+	isc_result_t result;
+	unsigned int i, j;
+	client_t *client;
+	isc_logdestination_t destination;
+	isc_log_t *lctx;
+	isc_logconfig_t *lcfg;
+
+	UNUSED(argc);
+	UNUSED(argv);
+
+	dns_result_register();
+
+	result = isc_app_start();
+	INSIST(result == ISC_R_SUCCESS);
+
+	mem = NULL;
+	result = isc_mem_create(0, 0, &mem);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * Set up logging.
+	 */
+	lctx = NULL;
+        result = isc_log_create(mem, &lctx, &lcfg);
+	INSIST(result == ISC_R_SUCCESS);
+	isc_log_registermodules(lctx, logmodules);
+	isc_log_registercategories(lctx, logcategories);
+	isc_log_setcontext(lctx);
+	dns_log_init(lctx);
+	dns_log_setcontext(lctx);
+
+	destination.file.stream = stderr;
+	destination.file.name = NULL;
+	destination.file.versions = ISC_LOG_ROLLNEVER;
+	destination.file.maximum_size = 0;
+	result = isc_log_createchannel(lcfg, "_default",
+				       ISC_LOG_TOFILEDESC,
+				       ISC_LOG_DYNAMIC,
+				       &destination, ISC_LOG_PRINTTIME);
+	INSIST(result == ISC_R_SUCCESS);
+	result = isc_log_usechannel(lcfg, "_default", NULL, NULL);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * Set the initial debug level.
+	 */
+	isc_log_setdebuglevel(lctx, 99);
+
+	/*
+	 * Create a task manager.
+	 */
+	taskmgr = NULL;
+	result = isc_taskmgr_create(mem, NTHREADS, 0, &taskmgr);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * Create a socket manager.
+	 */
+	sockmgr = NULL;
+	result = isc_socketmgr_create(mem, &sockmgr);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * Create a timer manager.
+	 */
+	timermgr = NULL;
+	result = isc_timermgr_create(mem, &timermgr);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * Create a dispatch manager.
+	 */
+	dispatchmgr = NULL;
+	result = dns_dispatchmgr_create(mem, NULL, &dispatchmgr);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * Read resolv.conf to get our forwarders.
+	 */
+	ISC_LIST_INIT(forwarders);
+	parse_resolv_conf(mem);
+
+	/*
+	 * Initialize the DNS bits.  Start by loading our built-in
+	 * root hints.
+	 */
+	result = create_view(mem);
+	INSIST(result == ISC_R_SUCCESS);
+
+	/*
+	 * We'll need a socket.  It will be a UDP socket, and bound to
+	 * 127.0.0.1 port LWRES_UDP_PORT.
+	 */
+	sock = NULL;
+	result = isc_socket_create(sockmgr, AF_INET, isc_sockettype_udp,
+				   &sock);
+	INSIST(result == ISC_R_SUCCESS);
+
+	lh_addr.s_addr = htonl(INADDR_LOOPBACK);
+	isc_sockaddr_fromin(&localhost, &lh_addr, LWRES_UDP_PORT);
+
+	result = isc_socket_bind(sock, &localhost);
+	if (result != ISC_R_SUCCESS) {
+		isc_log_write(lctx, LWRES_LOGCATEGORY_NETWORK,
+			      LWRES_LOGMODULE_MAIN, ISC_LOG_ERROR,
+			      "binding lwres protocol socket to port %d: %s",
+			      LWRES_UDP_PORT,
+			      isc_result_totext(result));
+		exit(1);
+	}
+			      
+	INSIST(result == ISC_R_SUCCESS);
+
+	cmgr = isc_mem_get(mem, sizeof(clientmgr_t) * NTASKS);
+	INSIST(cmgr != NULL);
+
+	/*
+	 * Create one task for each client manager.
+	 */
+	for (i = 0 ; i < NTASKS ; i++) {
+		cmgr[i].task = NULL;
+		cmgr[i].sock = sock;
+		cmgr[i].view = NULL;
+		cmgr[i].flags = 0;
+		result = isc_task_create(taskmgr, 0, &cmgr[i].task);
+		if (result != ISC_R_SUCCESS)
+			break;
+		ISC_EVENT_INIT(&cmgr[i].sdev, sizeof(isc_event_t),
+			       ISC_EVENTATTR_NOPURGE,
+			       0, LWRD_SHUTDOWN,
+			       client_shutdown, &cmgr[i], cmgr[i].task,
+			       NULL, NULL);
+		ISC_LIST_INIT(cmgr[i].idle);
+		ISC_LIST_INIT(cmgr[i].running);
+		isc_task_setname(cmgr[i].task, "lwresd client", &cmgr[i]);
+		cmgr[i].mctx = mem;
+		cmgr[i].lwctx = NULL;
+		result = lwres_context_create(&cmgr[i].lwctx, mem,
+					      mem_alloc, mem_free,
+					      LWRES_CONTEXT_SERVERMODE);
+		if (result != ISC_R_SUCCESS) {
+			isc_task_detach(&cmgr[i].task);
+			break;
+		}
+		dns_view_attach(view, &cmgr[i].view);
+	}
+	INSIST(i > 0);
+	ntasks = i;  /* remember how many we managed to create */
+
+	/*
+	 * Now, run through each client manager and populate it with
+	 * client structures.  Do this by creating one receive for each
+	 * task, in a loop, so each task has a chance of getting at least
+	 * one client structure.
+	 */
+	for (i = 0 ; i < NRECVS ; i++) {
+		client = isc_mem_get(mem, sizeof(client_t) * ntasks);
+		if (client == NULL)
+			break;
+		for (j = 0 ; j < ntasks ; j++)
+			client_initialize(&client[j], &cmgr[j]);
+	}
+	INSIST(i > 0);
+
+	/*
+	 * Issue one read request for each task we have.
+	 */
+	for (j = 0 ; j < ntasks ; j++) {
+		result = client_start_recv(&cmgr[j]);
+		INSIST(result == ISC_R_SUCCESS);
+	}
+
+	/*
+	 * Wait for ^c or kill.
+	 */
+	isc_app_run();
+
+	/*
+	 * Send a shutdown event to every task.
+	 */
+	for (j = 0 ; j < ntasks ; j++) {
+		isc_event_t *ev;
+
+		ev = &cmgr[j].sdev;
+		isc_task_send(cmgr[j].task, &ev);
+	}
+
+	/*
+	 * Kill off the view.
+	 */
+	dns_view_detach(&view);
+
+	/*
+	 * Wait for the tasks to all die.
+	 */
+	isc_taskmgr_destroy(&taskmgr);
+
+	/*
+	 * Wait for everything to die off by waiting for the sockets
+	 * to be detached.
+	 */
+	isc_socket_detach(&sock);
+	isc_socketmgr_destroy(&sockmgr);
+
+	isc_timermgr_destroy(&timermgr);
+
+	/*
+	 * Free up memory allocated.  This is somewhat magical.  We allocated
+	 * the client_t's in blocks, but the first task always has the
+	 * first pointer.  Just loop here, freeing them.
+	 */
+	client = ISC_LIST_HEAD(cmgr[0].idle);
+	while (client != NULL) {
+		ISC_LIST_UNLINK(cmgr[0].idle, client, link);
+		isc_mem_put(mem, client, sizeof(client_t) * ntasks);
+		client = ISC_LIST_HEAD(cmgr[0].idle);
+	}
+	INSIST(ISC_LIST_EMPTY(cmgr[0].running));
+
+	/*
+	 * Now, kill off the client manager structures.
+	 */
+	isc_mem_put(mem, cmgr, sizeof(clientmgr_t) * NTASKS);
+	cmgr = NULL;
+
+	dns_dispatchmgr_destroy(&dispatchmgr);
+	
+	isc_log_destroy(&lctx);
+
+	/*
+	 * Kill the memory system.
+	 */
+	isc_mem_destroy(&mem);
+
+	isc_app_finish();
+
+	return (0);
+}

bin/lwresd/process_gabn.c

@@ -0,0 +1,526 @@
+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/* $Id: process_gabn.c,v 1.29 2000/06/22 21:49:13 tale Exp $ */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/string.h>		/* Required for HP/UX (and others?) */
+#include <isc/util.h>
+
+#include <dns/adb.h>
+#include <dns/events.h>
+#include <dns/result.h>
+
+#include "client.h"
+
+#define NEED_V4(c)	((((c)->find_wanted & LWRES_ADDRTYPE_V4) != 0) \
+			 && ((c)->v4find == NULL))
+#define NEED_V6(c)	((((c)->find_wanted & LWRES_ADDRTYPE_V6) != 0) \
+			 && ((c)->v6find == NULL))
+
+static void start_find(client_t *);
+
+/*
+ * Destroy any finds.  This can be used to "start over from scratch" and
+ * should only be called when events are _not_ being generated by the finds.
+ */
+static void
+cleanup_gabn(client_t *client) {
+	dns_adbfind_t *v4;
+
+	DP(50, "cleaning up client %p", client);
+
+	v4 = client->v4find;
+
+	if (client->v4find != NULL)
+		dns_adb_destroyfind(&client->v4find);
+	if (client->v6find != NULL) {
+		if (client->v6find == v4)
+			client->v6find = NULL;
+		else
+			dns_adb_destroyfind(&client->v6find);
+	}
+}
+
+static void
+setup_addresses(client_t *client, dns_adbfind_t *find, unsigned int at) {
+	dns_adbaddrinfo_t *ai;
+	lwres_addr_t *addr;
+	int af;
+	const struct sockaddr *sa;
+	const struct sockaddr_in *sin;
+	const struct sockaddr_in6 *sin6;
+
+	if (at == DNS_ADBFIND_INET)
+		af = AF_INET;
+	else
+		af = AF_INET6;
+
+	ai = ISC_LIST_HEAD(find->list);
+	while (ai != NULL && client->gabn.naddrs < LWRES_MAX_ADDRS) {
+		sa = &ai->sockaddr.type.sa;
+		if (sa->sa_family != af)
+			goto next;
+
+		addr = &client->addrs[client->gabn.naddrs];
+
+		switch (sa->sa_family) {
+		case AF_INET:
+			sin = &ai->sockaddr.type.sin;
+			addr->family = LWRES_ADDRTYPE_V4;
+			memcpy(addr->address, &sin->sin_addr, 4);
+			addr->length = 4;
+			break;
+		case AF_INET6:
+			sin6 = &ai->sockaddr.type.sin6;
+			addr->family = LWRES_ADDRTYPE_V6;
+			memcpy(addr->address, &sin6->sin6_addr, 16);
+			addr->length = 16;
+			break;
+		default:
+			goto next;
+		}
+
+		DP(50, "adding address %p, family %d, length %d",
+		   addr->address, addr->family, addr->length);
+
+		client->gabn.naddrs++;
+		REQUIRE(!LWRES_LINK_LINKED(addr, link));
+		LWRES_LIST_APPEND(client->gabn.addrs, addr, link);
+
+	next:
+		ai = ISC_LIST_NEXT(ai, publink);
+	}
+}
+
+static void
+generate_reply(client_t *client) {
+	isc_result_t result;
+	int lwres;
+	isc_region_t r;
+	lwres_buffer_t lwb;
+	clientmgr_t *cm;
+
+	cm = client->clientmgr;
+	lwb.base = NULL;
+
+	DP(50, "generating gabn reply for client %p", client);
+
+	/*
+	 * We must make certain the client->find is not still active.
+	 * If it is either the v4 or v6 answer, just set it to NULL and
+	 * let the cleanup code destroy it.  Otherwise, destroy it now.
+	 */
+	if (client->find == client->v4find || client->find == client->v6find)
+		client->find = NULL;
+	else
+		if (client->find != NULL)
+			dns_adb_destroyfind(&client->find);
+
+	/*
+	 * perhaps there are some here?
+	 */
+	if (NEED_V6(client) && client->v4find != NULL)
+		client->v6find = client->v4find;
+
+	/*
+	 * Run through the finds we have and wire them up to the gabn
+	 * structure.
+	 */
+	LWRES_LIST_INIT(client->gabn.addrs);
+	if (client->v4find != NULL)
+		setup_addresses(client, client->v4find, DNS_ADBFIND_INET);
+	if (client->v6find != NULL)
+		setup_addresses(client, client->v6find, DNS_ADBFIND_INET6);
+
+	/*
+	 * Render the packet.
+	 */
+	client->pkt.recvlength = LWRES_RECVLENGTH;
+	client->pkt.authtype = 0; /* XXXMLG */
+	client->pkt.authlength = 0;
+
+	/*
+	 * If there are no addresses and no aliases, return failure.
+	 */
+	if (client->gabn.naddrs == 0 && client->gabn.naliases == 0)
+		client->pkt.result = LWRES_R_NOTFOUND;
+	else
+		client->pkt.result = LWRES_R_SUCCESS;
+
+	lwres = lwres_gabnresponse_render(cm->lwctx, &client->gabn,
+					  &client->pkt, &lwb);
+	if (lwres != LWRES_R_SUCCESS)
+		goto out;
+
+	r.base = lwb.base;
+	r.length = lwb.used;
+	client->sendbuf = r.base;
+	client->sendlength = r.length;
+	result = isc_socket_sendto(cm->sock, &r, cm->task, client_send, client,
+				   &client->address, NULL);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	CLIENT_SETSEND(client);
+
+	/*
+	 * All done!
+	 */
+	cleanup_gabn(client);
+
+	return;
+
+ out:
+	cleanup_gabn(client);
+
+	if (lwb.base != NULL)
+		lwres_context_freemem(client->clientmgr->lwctx,
+				      lwb.base, lwb.length);
+
+	error_pkt_send(client, LWRES_R_FAILURE);
+}
+
+/*
+ * Take the current real name, move it to an alias slot (if any are
+ * open) then put this new name in as the real name for the target.
+ *
+ * Return success if it can be rendered, otherwise failure.  Note that
+ * not having enough alias slots open is NOT a failure.
+ */
+static isc_result_t
+add_alias(client_t *client) {
+	isc_buffer_t b;
+	isc_result_t result;
+	isc_uint16_t naliases;
+
+	b = client->recv_buffer;
+
+	/*
+	 * Render the new name to the buffer.
+	 */
+	result = dns_name_totext(dns_fixedname_name(&client->target_name),
+				 ISC_TRUE, &client->recv_buffer);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	/*
+	 * Are there any open slots?
+	 */
+	naliases = client->gabn.naliases;
+	if (naliases < LWRES_MAX_ALIASES) {
+		client->gabn.aliases[naliases] = client->gabn.realname;
+		client->gabn.aliaslen[naliases] = client->gabn.realnamelen;
+		client->gabn.naliases++;
+	}
+
+	/*
+	 * Save this name away as the current real name.
+	 */
+	client->gabn.realname = (char *)(b.base) + b.used;
+	client->gabn.realnamelen = client->recv_buffer.used - b.used;
+
+	return (ISC_R_SUCCESS);
+}
+
+static isc_result_t
+store_realname(client_t *client) {
+	isc_buffer_t b;
+	isc_result_t result;
+
+	b = client->recv_buffer;
+
+	/*
+	 * Render the new name to the buffer.
+	 */
+	result = dns_name_totext(dns_fixedname_name(&client->target_name),
+				 ISC_TRUE, &client->recv_buffer);
+	if (result != ISC_R_SUCCESS)
+		return (result);
+
+	/*
+	 * Save this name away as the current real name.
+	 */
+	client->gabn.realname = (char *) b.base + b.used;
+	client->gabn.realnamelen = client->recv_buffer.used - b.used;
+
+	return (ISC_R_SUCCESS);
+}
+
+static void
+process_gabn_finddone(isc_task_t *task, isc_event_t *ev) {
+	client_t *client = ev->ev_arg;
+	isc_eventtype_t evtype;
+	isc_boolean_t claimed;
+
+	DP(50, "find done for task %p, client %p", task, client);
+
+	evtype = ev->ev_type;
+	isc_event_free(&ev);
+
+	/*
+	 * No more info to be had?  If so, we have all the good stuff
+	 * right now, so we can render things.
+	 */
+	claimed = ISC_FALSE;
+	if (evtype == DNS_EVENT_ADBNOMOREADDRESSES) {
+		if (NEED_V4(client)) {
+			client->v4find = client->find;
+			claimed = ISC_TRUE;
+		}
+		if (NEED_V6(client)) {
+			client->v6find = client->find;
+			claimed = ISC_TRUE;
+		}
+		if (client->find != NULL) {
+			if (claimed)
+				client->find = NULL;
+			else
+				dns_adb_destroyfind(&client->find);
+				
+		}
+		generate_reply(client);
+		return;
+	}
+
+	/*
+	 * We probably don't need this find anymore.  We're either going to
+	 * reissue it, or an error occurred.  Either way, we're done with
+	 * it.
+	 */
+	if ((client->find != client->v4find)
+	    && (client->find != client->v6find)) {
+		dns_adb_destroyfind(&client->find);
+	} else {
+		client->find = NULL;
+	}
+
+	/*
+	 * We have some new information we can gather.  Run off and fetch
+	 * it.
+	 */
+	if (evtype == DNS_EVENT_ADBMOREADDRESSES) {
+		start_find(client);
+		return;
+	}
+
+	/*
+	 * An error or other strangeness happened.  Drop this query.
+	 */
+	cleanup_gabn(client);
+	error_pkt_send(client, LWRES_R_FAILURE);
+}
+
+static void
+start_find(client_t *client) {
+	unsigned int options;
+	isc_result_t result;
+	isc_boolean_t claimed;
+
+	DP(50, "starting find for client %p", client);
+
+	/*
+	 * Issue a find for the name contained in the request.  We won't
+	 * set the bit that says "anything is good enough" -- we want it
+	 * all.
+	 */
+	options = 0;
+	options |= DNS_ADBFIND_WANTEVENT;
+	options |= DNS_ADBFIND_RETURNLAME;
+
+	/*
+	 * Set the bits up here to mark that we want this address family
+	 * and that we do not currently have a find pending.  We will
+	 * set that bit again below if it turns out we will get an event.
+	 */
+	if (NEED_V4(client))
+		options |= DNS_ADBFIND_INET;
+	if (NEED_V6(client))
+		options |= DNS_ADBFIND_INET6;
+
+ find_again:
+	INSIST(client->find == NULL);
+	result = dns_adb_createfind(client->clientmgr->view->adb,
+				    client->clientmgr->task,
+				    process_gabn_finddone, client,
+				    dns_fixedname_name(&client->target_name),
+				    dns_rootname, options, 0,
+				    dns_fixedname_name(&client->target_name),
+				    client->clientmgr->view->dstport,
+				    &client->find);
+
+	/*
+	 * Did we get an alias?  If so, save it and re-issue the query.
+	 */
+	if (result == DNS_R_ALIAS) {
+		DP(50, "found alias, restarting query");
+		dns_adb_destroyfind(&client->find);
+		cleanup_gabn(client);
+		result = add_alias(client);
+		if (result != ISC_R_SUCCESS) {
+			DP(50, "out of buffer space adding alias");
+			error_pkt_send(client, LWRES_R_FAILURE);
+			return;
+		}
+		goto find_again;
+	}
+
+	DP(50, "find returned %d (%s)", result, isc_result_totext(result));
+
+	/*
+	 * Did we get an error?
+	 */
+	if (result != ISC_R_SUCCESS) {
+		if (client->find != NULL)
+			dns_adb_destroyfind(&client->find);
+		cleanup_gabn(client);
+		error_pkt_send(client, LWRES_R_FAILURE);
+		return;
+	}
+
+	claimed = ISC_FALSE;
+
+	/*
+	 * Did we get our answer to V4 addresses?
+	 */
+	if (NEED_V4(client)
+	    && ((client->find->query_pending & DNS_ADBFIND_INET) == 0)) {
+		DP(50, "client %p ipv4 satisfied by find %p", client,
+		   client->find);
+		claimed = ISC_TRUE;
+		client->v4find = client->find;
+	}
+
+	/*
+	 * Did we get our answer to V6 addresses?
+	 */
+	if (NEED_V6(client)
+	    && ((client->find->query_pending & DNS_ADBFIND_INET6) == 0)) {
+		DP(50, "client %p ipv6 satisfied by find %p", client,
+		   client->find);
+		claimed = ISC_TRUE;
+		client->v6find = client->find;
+	}
+
+	/*
+	 * If we're going to get an event, set our internal pending flag
+	 * and return.  When we get an event back we'll do the right
+	 * thing, basically by calling this function again, perhaps with a
+	 * new target name.
+	 *
+	 * If we have both v4 and v6, and we are still getting an event,
+	 * we have a programming error, so die hard.
+	 */
+	if ((client->find->options & DNS_ADBFIND_WANTEVENT) != 0) {
+		DP(50, "event will be sent");
+		INSIST(client->v4find == NULL || client->v6find == NULL);
+		return;
+	}
+	DP(50, "no event will be sent");
+	if (claimed)
+		client->find = NULL;
+	else
+		dns_adb_destroyfind(&client->find);
+
+	/*
+	 * We seem to have everything we asked for, or at least we are
+	 * able to respond with things we've learned.
+	 */
+
+	generate_reply(client);
+}
+
+/*
+ * When we are called, we can be assured that:
+ *
+ *	client->sockaddr contains the address we need to reply to,
+ *
+ *	client->pkt contains the packet header data,
+ *
+ *	the packet "checks out" overall -- any MD5 hashes or crypto
+ *	bits have been verified,
+ *
+ *	"b" points to the remaining data after the packet header
+ *	was parsed off.
+ *
+ *	We are in a the RECVDONE state.
+ *
+ * From this state we will enter the SEND state if we happen to have
+ * everything we need or we need to return an error packet, or to the
+ * FINDWAIT state if we need to look things up.
+ */
+void
+process_gabn(client_t *client, lwres_buffer_t *b) {
+	isc_result_t result;
+	lwres_gabnrequest_t *req;
+	isc_buffer_t namebuf;
+
+	REQUIRE(CLIENT_ISRECVDONE(client));
+
+	req = NULL;
+
+	result = lwres_gabnrequest_parse(client->clientmgr->lwctx,
+					 b, &client->pkt, &req);
+	if (result != LWRES_R_SUCCESS)
+		goto out;
+
+	isc_buffer_init(&namebuf, req->name, req->namelen);
+	isc_buffer_add(&namebuf, req->namelen);
+
+	dns_fixedname_init(&client->target_name);
+	result = dns_name_fromtext(dns_fixedname_name(&client->target_name),
+				   &namebuf, dns_rootname, ISC_FALSE, NULL);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	client->find_wanted = req->addrtypes;
+	DP(50, "client %p looking for addrtypes %08x",
+	   client, client->find_wanted);
+
+	/*
+	 * We no longer need to keep this around.
+	 */
+	lwres_gabnrequest_free(client->clientmgr->lwctx, &req);
+
+	/*
+	 * Initialize the real name and alias arrays in the reply we're
+	 * going to build up.
+	 */
+	client_init_gabn(client);
+
+	result = store_realname(client);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	/*
+	 * Start the find.
+	 */
+	start_find(client);
+
+	return;
+
+	/*
+	 * We're screwed.  Return an error packet to our caller.
+	 */
+ out:
+	if (req != NULL)
+		lwres_gabnrequest_free(client->clientmgr->lwctx, &req);
+
+	error_pkt_send(client, LWRES_R_FAILURE);
+}

bin/lwresd/process_gnba.c

@@ -0,0 +1,264 @@
+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/* $Id: process_gnba.c,v 1.24 2000/06/22 21:49:15 tale Exp $ */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/string.h>		/* Required for HP/UX (and others?) */
+#include <isc/util.h>
+
+#include <dns/adb.h>
+#include <dns/byaddr.h>
+#include <dns/result.h>
+
+#include "client.h"
+
+static void start_byaddr(client_t *);
+
+static void
+byaddr_done(isc_task_t *task, isc_event_t *event) {
+	client_t *client;
+	clientmgr_t *cm;
+	dns_byaddrevent_t *bevent;
+	int lwres;
+	lwres_buffer_t lwb;
+	dns_name_t *name;
+	isc_result_t result;
+	isc_region_t r;
+	isc_buffer_t b;
+	lwres_gnbaresponse_t *gnba;
+	isc_uint16_t naliases;
+	isc_stdtime_t now;
+
+	UNUSED(task);
+
+	lwb.base = NULL;
+	client = event->ev_arg;
+	cm = client->clientmgr;
+	INSIST(client->byaddr == (dns_byaddr_t *)event->ev_sender);
+
+	bevent = (dns_byaddrevent_t *)event;
+	gnba = &client->gnba;
+
+	DP(50, "byaddr event result = %s",
+	   isc_result_totext(bevent->result));
+
+	result = bevent->result;
+	if (result != ISC_R_SUCCESS) {
+		dns_byaddr_destroy(&client->byaddr);
+		isc_event_free(&event);
+		bevent = NULL;
+
+		/*
+		 * Were we trying bitstring or nibble mode?  If bitstring,
+		 * and we got FORMERROR or SERVFAIL, set the flag to
+		 * avoid bitstring lables for 10 minutes.  If we got any
+		 * other error (NXDOMAIN, etc) just try again without
+		 * bitstrings, and let our cache handle the negative answer
+		 * for bitstrings.
+		 */
+		if ((client->options & DNS_BYADDROPT_IPV6NIBBLE) != 0) {
+			dns_adb_freeaddrinfo(cm->view->adb, &client->addrinfo);
+			error_pkt_send(client, LWRES_R_FAILURE);
+			return;
+		}
+
+		isc_stdtime_get(&now);
+		if (result == DNS_R_FORMERR ||
+		    result == DNS_R_SERVFAIL ||
+		    result == ISC_R_FAILURE)
+			dns_adb_setavoidbitstring(cm->view->adb,
+						  client->addrinfo, now + 600);
+
+		/*
+		 * Fall back to nibble reverse if the default of bitstrings
+		 * fails.
+		 */
+		client->options |= DNS_BYADDROPT_IPV6NIBBLE;
+		
+		start_byaddr(client);
+		return;
+	}
+
+	name = ISC_LIST_HEAD(bevent->names);
+	while (name != NULL) {
+		b = client->recv_buffer;
+
+		result = dns_name_totext(name, ISC_TRUE, &client->recv_buffer);
+		if (result != ISC_R_SUCCESS)
+			goto out;
+		DP(50, "found name '%.*s'",
+		   client->recv_buffer.used - b.used,
+		   (char *)(b.base) + b.used);
+		if (gnba->realname == NULL) {
+			gnba->realname = (char *)(b.base) + b.used;
+			gnba->realnamelen = client->recv_buffer.used - b.used;
+		} else {
+			naliases = gnba->naliases;
+			if (naliases >= LWRES_MAX_ALIASES)
+				break;
+			gnba->aliases[naliases] = (char *)(b.base) + b.used;
+			gnba->aliaslen[naliases] =
+				client->recv_buffer.used - b.used;
+			gnba->naliases++;
+		}
+		name = ISC_LIST_NEXT(name, link);
+	}
+
+	dns_byaddr_destroy(&client->byaddr);
+	dns_adb_freeaddrinfo(cm->view->adb, &client->addrinfo);
+	isc_event_free(&event);
+
+	/*
+	 * Render the packet.
+	 */
+	client->pkt.recvlength = LWRES_RECVLENGTH;
+	client->pkt.authtype = 0; /* XXXMLG */
+	client->pkt.authlength = 0;
+	client->pkt.result = LWRES_R_SUCCESS;
+
+	lwres = lwres_gnbaresponse_render(cm->lwctx,
+					  gnba, &client->pkt, &lwb);
+	if (lwres != LWRES_R_SUCCESS)
+		goto out;
+
+	r.base = lwb.base;
+	r.length = lwb.used;
+	client->sendbuf = r.base;
+	client->sendlength = r.length;
+	result = isc_socket_sendto(cm->sock, &r,
+				   cm->task, client_send,
+				   client, &client->address, NULL);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	CLIENT_SETSEND(client);
+
+	return;
+
+ out:
+	if (client->byaddr != NULL)
+		dns_byaddr_destroy(&client->byaddr);
+	if (client->addrinfo != NULL)
+		dns_adb_freeaddrinfo(cm->view->adb, &client->addrinfo);
+	if (lwb.base != NULL)
+		lwres_context_freemem(cm->lwctx,
+				      lwb.base, lwb.length);
+
+	isc_event_free(&event);
+}
+
+static void
+start_byaddr(client_t *client) {
+	isc_result_t result;
+	clientmgr_t *cm;
+
+	cm = client->clientmgr;
+
+	INSIST(client->byaddr == NULL);
+
+	result = dns_byaddr_create(cm->mctx, &client->na, cm->view,
+				   client->options, cm->task, byaddr_done,
+				   client, &client->byaddr);
+	if (result != ISC_R_SUCCESS) {
+		dns_adb_freeaddrinfo(cm->view->adb, &client->addrinfo);
+		error_pkt_send(client, LWRES_R_FAILURE);
+		return;
+	}
+}
+
+void
+process_gnba(client_t *client, lwres_buffer_t *b) {
+	lwres_gnbarequest_t *req;
+	isc_result_t result;
+	isc_sockaddr_t sa;
+	clientmgr_t *cm;
+
+	REQUIRE(CLIENT_ISRECVDONE(client));
+	INSIST(client->byaddr == NULL);
+
+	cm = client->clientmgr;
+	req = NULL;
+
+	result = lwres_gnbarequest_parse(cm->lwctx,
+					 b, &client->pkt, &req);
+	if (result != LWRES_R_SUCCESS)
+		goto out;
+	if (req->addr.address == NULL)
+		goto out;
+
+	client->options = 0;
+	if (req->addr.family == LWRES_ADDRTYPE_V4) {
+		client->na.family = AF_INET;
+		if (req->addr.length != 4)
+			goto out;
+		memcpy(&client->na.type.in, req->addr.address, 4);
+	} else if (req->addr.family == LWRES_ADDRTYPE_V6) {
+		client->na.family = AF_INET6;
+		if (req->addr.length != 16)
+			goto out;
+		memcpy(&client->na.type.in6, req->addr.address, 16);
+	} else {
+		goto out;
+	}
+	isc_sockaddr_fromnetaddr(&sa, &client->na, 53);
+
+	DP(50, "client %p looking for addrtype %08x",
+	   client, req->addr.family);
+
+	/*
+	 * We no longer need to keep this around.
+	 */
+	lwres_gnbarequest_free(cm->lwctx, &req);
+
+	/*
+	 * Initialize the real name and alias arrays in the reply we're
+	 * going to build up.
+	 */
+	client_init_gnba(client);
+	client->options = 0;
+
+	/*
+	 * See if we should skip the byaddr bit.
+	 */
+	INSIST(client->addrinfo == NULL);
+	result = dns_adb_findaddrinfo(cm->view->adb, &sa,
+				      &client->addrinfo, 0);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	if (client->addrinfo->avoid_bitstring > 0)
+		client->options |= DNS_BYADDROPT_IPV6NIBBLE;
+
+	/*
+	 * Start the find.
+	 */
+	start_byaddr(client);
+
+	return;
+
+	/*
+	 * We're screwed.  Return an error packet to our caller.
+	 */
+ out:
+	if (req != NULL)
+		lwres_gnbarequest_free(cm->lwctx, &req);
+
+	error_pkt_send(client, LWRES_R_FAILURE);
+}

bin/lwresd/process_noop.c

@@ -0,0 +1,87 @@
+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/* $Id: process_noop.c,v 1.7 2000/06/22 21:49:16 tale Exp $ */
+
+#include <config.h>
+
+#include <isc/socket.h>
+#include <isc/util.h>
+
+#include "client.h"
+
+void
+process_noop(client_t *client, lwres_buffer_t *b) {
+	lwres_nooprequest_t *req;
+	lwres_noopresponse_t resp;
+	isc_result_t result;
+	lwres_result_t lwres;
+	isc_region_t r;
+	lwres_buffer_t lwb;
+
+	REQUIRE(CLIENT_ISRECVDONE(client));
+	INSIST(client->byaddr == NULL);
+
+	req = NULL;
+
+	result = lwres_nooprequest_parse(client->clientmgr->lwctx,
+					 b, &client->pkt, &req);
+	if (result != LWRES_R_SUCCESS)
+		goto out;
+
+	client->pkt.recvlength = LWRES_RECVLENGTH;
+	client->pkt.authtype = 0; /* XXXMLG */
+	client->pkt.authlength = 0;
+	client->pkt.result = LWRES_R_SUCCESS;
+
+	resp.datalength = req->datalength;
+	resp.data = req->data;
+
+	lwres = lwres_noopresponse_render(client->clientmgr->lwctx, &resp,
+					  &client->pkt, &lwb);
+	if (lwres != LWRES_R_SUCCESS)
+		goto out;
+
+	r.base = lwb.base;
+	r.length = lwb.used;
+	client->sendbuf = r.base;
+	client->sendlength = r.length;
+	result = isc_socket_sendto(client->clientmgr->sock, &r,
+				   client->clientmgr->task, client_send,
+				   client, &client->address, NULL);
+	if (result != ISC_R_SUCCESS)
+		goto out;
+
+	/*
+	 * We can now destroy request.
+	 */
+	lwres_nooprequest_free(client->clientmgr->lwctx, &req);
+
+	CLIENT_SETSEND(client);
+
+	return;
+
+ out:
+	if (req != NULL)
+		lwres_nooprequest_free(client->clientmgr->lwctx, &req);
+
+	if (lwb.base != NULL)
+		lwres_context_freemem(client->clientmgr->lwctx,
+				      lwb.base, lwb.length);
+
+	error_pkt_send(client, LWRES_R_FAILURE);
+}

bin/named/.cvsignore

@@ -3,5 +3,4 @@ Makefile
 *.la
 *.lo
 named
-named-symtbl.c
 lwresd

bin/named/Makefile.in

@@ -1,19 +1,19 @@
-# Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
-# Copyright (C) 1998-2002  Internet Software Consortium.
-#
-# Permission to use, copy, modify, and/or distribute this software for any
+# Copyright (C) 1998-2000  Internet Software Consortium.
+# 
+# Permission to use, copy, modify, and distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
 # copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+# SOFTWARE.
 
-# $Id: Makefile.in,v 1.109 2009/12/05 23:31:40 each Exp $
+# $Id: Makefile.in,v 1.49.2.2 2000/07/11 17:23:01 gson Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -21,146 +21,69 @@ top_srcdir =	@top_srcdir@
 
 @BIND9_VERSION@
 
-@BIND9_CONFIGARGS@
+@BIND9_INCLUDES@
 
-@BIND9_MAKE_INCLUDES@
-
-#
-# Add database drivers here.
-#
-DBDRIVER_OBJS =
-DBDRIVER_SRCS =
-DBDRIVER_INCLUDES =
-DBDRIVER_LIBS =
-
-DLZ_DRIVER_DIR =	${top_srcdir}/contrib/dlz/drivers
-
-DLZDRIVER_OBJS =	@DLZ_DRIVER_OBJS@
-DLZDRIVER_SRCS =	@DLZ_DRIVER_SRCS@
-DLZDRIVER_INCLUDES =	@DLZ_DRIVER_INCLUDES@
-DLZDRIVER_LIBS =	@DLZ_DRIVER_LIBS@
-
-CINCLUDES =	-I${srcdir}/include -I${srcdir}/unix/include -I. \
-		${LWRES_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES} \
-		${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} ${ISC_INCLUDES} \
-		${DLZDRIVER_INCLUDES} ${DBDRIVER_INCLUDES}
-
-CDEFINES =      @USE_DLZ@ @USE_PKCS11@
+CINCLUDES =	-I${srcdir}/include -I${srcdir}/unix/include \
+		${LWRES_INCLUDES} ${DNS_INCLUDES} ${ISC_INCLUDES} \
+		${OMAPI_INCLUDES}
 
+CDEFINES =	
 CWARNINGS =
 
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCCCLIBS =	../../lib/isccc/libisccc.@A@
+OMAPILIBS =	../../lib/omapi/libomapi.@A@
+DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_OPENSSL_LIBS@
 ISCLIBS =	../../lib/isc/libisc.@A@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@
 LWRESLIBS =	../../lib/lwres/liblwres.@A@
-BIND9LIBS =	../../lib/bind9/libbind9.@A@
 
+OMAPIDEPLIBS =	../../lib/omapi/libomapi.@A@
 DNSDEPLIBS =	../../lib/dns/libdns.@A@
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCCCDEPLIBS =	../../lib/isccc/libisccc.@A@
 ISCDEPLIBS =	../../lib/isc/libisc.@A@
 LWRESDEPLIBS =	../../lib/lwres/liblwres.@A@
-BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
 
-DEPLIBS =	${LWRESDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
-		${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${ISCDEPLIBS}
+DEPLIBS =	${LWRESDEPLIBS} ${OMAPIDEPLIBS} ${DNSDEPLIBS} ${ISCDEPLIBS}
 
-LIBS =		${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
-		${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \
-		${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBS@
-
-NOSYMLIBS =	${LWRESLIBS} ${DNSLIBS} ${BIND9LIBS} \
-		${ISCCFGLIBS} ${ISCCCLIBS} ${ISCNOSYMLIBS} \
-		${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBS@
+LIBS =		${LWRESLIBS} ${OMAPILIBS} ${DNSLIBS} ${ISCLIBS} @LIBS@
 
 SUBDIRS =	unix
 
-TARGETS =	named@EXEEXT@ lwresd@EXEEXT@
+TARGETS =	named lwresd
 
-OBJS =		builtin.@O@ client.@O@ config.@O@ control.@O@ \
-		controlconf.@O@ interfacemgr.@O@ \
-		listenlist.@O@ log.@O@ logconf.@O@ main.@O@ notify.@O@ \
-		query.@O@ server.@O@ sortlist.@O@ statschannel.@O@ \
-		tkeyconf.@O@ tsigconf.@O@ update.@O@ xfrout.@O@ \
-		zoneconf.@O@ \
-		lwaddr.@O@ lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \
-		lwdgnba.@O@ lwdgrbn.@O@ lwdnoop.@O@ lwsearch.@O@ \
-		${DLZDRIVER_OBJS} ${DBDRIVER_OBJS}
+OBJS =		client.@O@ interfacemgr.@O@ listenlist.@O@ \
+		log.@O@ logconf.@O@ main.@O@ notify.@O@ omapi.@O@ \
+		omapiconf.@O@ query.@O@ server.@O@ update.@O@ xfrout.@O@ \
+		lwresd.@O@ lwdclient.@O@ lwderror.@O@ lwdgabn.@O@ \
+		lwdgnba.@O@ lwdnoop.@O@
 
 UOBJS =		unix/os.@O@
 
-SYMOBJS =	symtbl.@O@
-
-SRCS =		builtin.c client.c config.c control.c \
-		controlconf.c interfacemgr.c \
-		listenlist.c log.c logconf.c main.c notify.c \
-		query.c server.c sortlist.c statschannel.c symtbl.c symtbl-empty.c \
-		tkeyconf.c tsigconf.c update.c xfrout.c \
-		zoneconf.c \
-		lwaddr.c lwresd.c lwdclient.c lwderror.c lwdgabn.c \
-		lwdgnba.c lwdgrbn.c lwdnoop.c lwsearch.c \
-		${DLZDRIVER_SRCS} ${DBDRIVER_SRCS}
-
-MANPAGES =	named.8 lwresd.8 named.conf.5
-
-HTMLPAGES =	named.html lwresd.html named.conf.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
+SRCS =		client.c interfacemgr.c listenlist.c \
+		log.c logconf.c main.c notify.c omapi.c \
+		omapiconf.c query.c server.c update.c xfrout.c \
+		lwresd.c lwdclient.c lwderror.c lwdgabn.c \
+		lwdgnba.c lwdnoop.c
 
 @BIND9_MAKE_RULES@
 
 main.@O@: main.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-		-DVERSION=\"${VERSION}\" \
-		-DCONFIGARGS="\"${CONFIGARGS}\"" \
+	${LIBTOOL} ${CC} ${ALL_CFLAGS} -DVERSION=\"${VERSION}\" \
 		-DNS_LOCALSTATEDIR=\"${localstatedir}\" \
 		-DNS_SYSCONFDIR=\"${sysconfdir}\" -c ${srcdir}/main.c
 
-bind.keys.h: ${top_srcdir}/bind.keys
-	${PERL} ${srcdir}/bindkeys.pl < ${top_srcdir}/bind.keys > $@
+named: ${OBJS} ${UOBJS} ${DEPLIBS}
+	${LIBTOOL} ${CC} ${CFLAGS} -o $@ ${OBJS} ${UOBJS} ${LIBS}
 
-config.@O@: config.c bind.keys.h
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-		-DVERSION=\"${VERSION}\" \
-		-DNS_LOCALSTATEDIR=\"${localstatedir}\" \
-		-DNS_SYSCONFDIR=\"${sysconfdir}\" \
-		-c ${srcdir}/config.c
+lwresd: named
+	rm -f lwresd
+	@LN@ named lwresd
 
-named@EXEEXT@: ${OBJS} ${UOBJS} ${DEPLIBS}
-	export MAKE_SYMTABLE="yes"; \
-	export BASEOBJS="${OBJS} ${UOBJS}"; \
-	${FINALBUILDCMD}
-
-lwresd@EXEEXT@: named@EXEEXT@
-	rm -f lwresd@EXEEXT@
-	@LN@ named@EXEEXT@ lwresd@EXEEXT@
-
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-clean distclean maintainer-clean::
-	rm -f ${TARGETS} ${OBJS} bind.keys.h
-
-bind9.xsl.h: bind9.xsl ${srcdir}/convertxsl.pl
-	${PERL} ${srcdir}/convertxsl.pl < ${srcdir}/bind9.xsl > bind9.xsl.h
-
-depend: bind9.xsl.h
-statschannel.@O@: bind9.xsl.h
+clean distclean::
+	rm -f ${TARGETS}
 
 installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man5
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
+	if [ ! -d ${DESTDIR}${sbindir} ]; then \
+		mkdir ${DESTDIR}${sbindir}; \
+	fi
 
-install:: named@EXEEXT@ lwresd@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named@EXEEXT@ ${DESTDIR}${sbindir}
-	(cd ${DESTDIR}${sbindir}; rm -f lwresd@EXEEXT@; @LN@ named@EXEEXT@ lwresd@EXEEXT@)
-	${INSTALL_DATA} ${srcdir}/named.8 ${DESTDIR}${mandir}/man8
-	${INSTALL_DATA} ${srcdir}/lwresd.8 ${DESTDIR}${mandir}/man8
-	${INSTALL_DATA} ${srcdir}/named.conf.5 ${DESTDIR}${mandir}/man5
-
-@DLZ_DRIVER_RULES@
+install:: named lwresd installdirs
+	${LIBTOOL} ${INSTALL_PROGRAM} named ${DESTDIR}${sbindir}
+	(cd ${DESTDIR}${sbindir}; rm -f lwresd; @LN@ named lwresd)

bin/named/bind.keys.h

@@ -1,17 +1,99 @@
+/*
+ * Generated by bindkeys.pl 1.7 2011-01-04 23:47:13 tbox Exp  
+ * From bind.keys 1.7 2011-01-03 23:45:07 each Exp  
+ */
 #define TRUSTED_KEYS "\
+# The bind.keys file is used to override the built-in DNSSEC trust anchors\n\
+# which are included as part of BIND 9.  As of the current release, the only\n\
+# trust anchors it contains are those for the DNS root zone (\".\"), and for\n\
+# the ISC DNSSEC Lookaside Validation zone (\"dlv.isc.org\").  Trust anchors\n\
+# for any other zones MUST be configured elsewhere; if they are configured\n\
+# here, they will not be recognized or used by named.\n\
+#\n\
+# The built-in trust anchors are provided for convenience of configuration.\n\
+# They are not activated within named.conf unless specifically switched on.\n\
+# To use the built-in root key, set \"dnssec-validation auto;\" in\n\
+# named.conf options.  To use the built-in DLV key, set\n\
+# \"dnssec-lookaside auto;\".  Without these options being set,\n\
+# the keys in this file are ignored.\n\
+#\n\
+# This file is NOT expected to be user-configured.\n\
+#\n\
+# These keys are current as of January 2011.  If any key fails to\n\
+# initialize correctly, it may have expired.  In that event you should\n\
+# replace this file with a current version.  The latest version of\n\
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.\n\
+\n\
 trusted-keys {\n\
-        # NOTE: This key is current as of October 2009.\n\
-        # If it fails to initialize correctly, it may have expired;\n\
-        # see https://www.isc.org/solutions/dlv for a replacement.\n\
-	dlv.isc.org. 257 3 5 \"BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh\";\n\
+	# ISC DLV: See https://www.isc.org/solutions/dlv for details.\n\
+        # NOTE: This key is activated by setting \"dnssec-lookaside auto;\"\n\
+        # in named.conf.\n\
+	dlv.isc.org. 257 3 5 \"BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2\n\
+		brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+\n\
+		1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5\n\
+		ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk\n\
+		Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM\n\
+		QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt\n\
+		TDN0YUuWrBNh\";\n\
+\n\
+	# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml\n\
+	# for current trust anchor information.\n\
+        # NOTE: This key is activated by setting \"dnssec-validation auto;\"\n\
+        # in named.conf.\n\
+	. 257 3 8 \"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF\n\
+		FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX\n\
+		bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD\n\
+		X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz\n\
+		W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS\n\
+		Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq\n\
+		QxA+Uk1ihz0=\";\n\
 };\n\
 "
 
 #define MANAGED_KEYS "\
+# The bind.keys file is used to override the built-in DNSSEC trust anchors\n\
+# which are included as part of BIND 9.  As of the current release, the only\n\
+# trust anchors it contains are those for the DNS root zone (\".\"), and for\n\
+# the ISC DNSSEC Lookaside Validation zone (\"dlv.isc.org\").  Trust anchors\n\
+# for any other zones MUST be configured elsewhere; if they are configured\n\
+# here, they will not be recognized or used by named.\n\
+#\n\
+# The built-in trust anchors are provided for convenience of configuration.\n\
+# They are not activated within named.conf unless specifically switched on.\n\
+# To use the built-in root key, set \"dnssec-validation auto;\" in\n\
+# named.conf options.  To use the built-in DLV key, set\n\
+# \"dnssec-lookaside auto;\".  Without these options being set,\n\
+# the keys in this file are ignored.\n\
+#\n\
+# This file is NOT expected to be user-configured.\n\
+#\n\
+# These keys are current as of January 2011.  If any key fails to\n\
+# initialize correctly, it may have expired.  In that event you should\n\
+# replace this file with a current version.  The latest version of\n\
+# bind.keys can always be obtained from ISC at https://www.isc.org/bind-keys.\n\
+\n\
 managed-keys {\n\
-        # NOTE: This key is current as of October 2009.\n\
-        # If it fails to initialize correctly, it may have expired;\n\
-        # see https://www.isc.org/solutions/dlv for a replacement.\n\
-	dlv.isc.org. initial-key 257 3 5 \"BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2 brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+ 1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5 ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt TDN0YUuWrBNh\";\n\
+	# ISC DLV: See https://www.isc.org/solutions/dlv for details.\n\
+        # NOTE: This key is activated by setting \"dnssec-lookaside auto;\"\n\
+        # in named.conf.\n\
+	dlv.isc.org. initial-key 257 3 5 \"BEAAAAPHMu/5onzrEE7z1egmhg/WPO0+juoZrW3euWEn4MxDCE1+lLy2\n\
+		brhQv5rN32RKtMzX6Mj70jdzeND4XknW58dnJNPCxn8+jAGl2FZLK8t+\n\
+		1uq4W+nnA3qO2+DL+k6BD4mewMLbIYFwe0PG73Te9fZ2kJb56dhgMde5\n\
+		ymX4BI/oQ+cAK50/xvJv00Frf8kw6ucMTwFlgPe+jnGxPPEmHAte/URk\n\
+		Y62ZfkLoBAADLHQ9IrS2tryAe7mbBZVcOwIeU/Rw/mRx/vwwMCTgNboM\n\
+		QKtUdvNXDrYJDSHZws3xiRXF1Rf+al9UmZfSav/4NWLKjHzpT59k/VSt\n\
+		TDN0YUuWrBNh\";\n\
+\n\
+	# ROOT KEY: See https://data.iana.org/root-anchors/root-anchors.xml\n\
+	# for current trust anchor information.\n\
+        # NOTE: This key is activated by setting \"dnssec-validation auto;\"\n\
+        # in named.conf.\n\
+	. initial-key 257 3 8 \"AwEAAagAIKlVZrpC6Ia7gEzahOR+9W29euxhJhVVLOyQbSEW0O8gcCjF\n\
+		FVQUTf6v58fLjwBd0YI0EzrAcQqBGCzh/RStIoO8g0NfnfL2MTJRkxoX\n\
+		bfDaUeVPQuYEhg37NZWAJQ9VnMVDxP/VHL496M/QZxkjf5/Efucp2gaD\n\
+		X6RS6CXpoY68LsvPVjR0ZSwzz1apAzvN9dlzEheX7ICJBBtuA6G3LQpz\n\
+		W5hOA2hzCTMjJPJ8LbqF6dsV6DoBQzgul0sGIcGOYl7OyQdXfZ57relS\n\
+		Qageu+ipAdTTJ25AsRTAoub8ONGcLmqrAmRLKBP1dfwhYB4N7knNnulq\n\
+		QxA+Uk1ihz0=\";\n\
 };\n\
 "

bin/named/bind9.xsl.h

@@ -1,6 +1,6 @@
 /*
- * Generated by convertxsl.pl 1.14 2008/07/17 23:43:26 jinmei Exp  
- * From bind9.xsl 1.21 2009/01/27 23:47:54 tbox Exp 
+ * Generated by convertxsl.pl 1.14 2008-07-17 23:43:26 jinmei Exp  
+ * From bind9.xsl 1.21 2009-01-27 23:47:54 tbox Exp 
  */
 static char xslmsg[] =
 	"<?xml version=\"1.0\" encoding=\"UTF-8\"?>\n"
@@ -20,7 +20,7 @@ static char xslmsg[] =
 	" - PERFORMANCE OF THIS SOFTWARE.\n"
 	"-->\n"
 	"\n"
-	"<!-- \045Id: bind9.xsl,v 1.21 2009/01/27 23:47:54 tbox Exp \045 -->\n"
+	"<!-- \045Id: bind9.xsl,v 1.21 2009-01-27 23:47:54 tbox Exp \045 -->\n"
 	"\n"
 	"<xsl:stylesheet version=\"1.0\"\n"
 	" xmlns:xsl=\"http://www.w3.org/1999/XSL/Transform\"\n"

bin/named/bindkeys.pl

@@ -1,6 +1,6 @@
 #!/usr/bin/env perl
 #
-# Copyright (C) 2009  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2009-2011  Internet Systems Consortium, Inc. ("ISC")
 #
 # Permission to use, copy, modify, and/or distribute this software for any
 # purpose with or without fee is hereby granted, provided that the above
@@ -14,23 +14,41 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: bindkeys.pl,v 1.3 2009/09/01 07:14:25 each Exp $
+# $Id: bindkeys.pl,v 1.7 2011/01/04 23:47:13 tbox Exp $
 
 use strict;
 use warnings;
 
+my $rev = '$Id: bindkeys.pl,v 1.7 2011/01/04 23:47:13 tbox Exp $';
+$rev =~ s/\$//g;
+$rev =~ s/,v//g;
+$rev =~ s/Id: //;
+
+my $keys = "";
+
 my $lines;
 while (<>) {
     chomp;
+    if (/\/\* .Id:.* \*\//) {
+	$keys = $_;
+	next;
+    }
     s/\"/\\\"/g;
     s/$/\\n\\/;
     $lines .= $_ . "\n";
 }
 
+$keys =~ s/\$//g;
+$keys =~ s/\/\* Id: //;
+$keys =~ s/\*\/.*//;
+$keys =~ s/,v//;
+
+print "/*\n * Generated by $rev \n * From $keys\n */\n";
+
 my $mkey = '#define MANAGED_KEYS "\\' . "\n" . $lines . "\"\n";
 
 $lines =~ s/managed-keys/trusted-keys/;
-$lines =~ s/\s+initial-key//;
+$lines =~ s/\s+initial-key//g;
 my $tkey = '#define TRUSTED_KEYS "\\' . "\n" . $lines . "\"\n";
 
 print $tkey;

bin/named/builtin.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005, 2007, 2009-2012  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: builtin.c,v 1.15 2009/03/01 02:45:38 each Exp $ */
+/* $Id: builtin.c,v 1.26 2012/01/21 19:44:18 each Exp $ */
 
 /*! \file
  * \brief
@@ -47,6 +47,7 @@ static isc_result_t do_hostname_lookup(dns_sdblookup_t *lookup);
 static isc_result_t do_authors_lookup(dns_sdblookup_t *lookup);
 static isc_result_t do_id_lookup(dns_sdblookup_t *lookup);
 static isc_result_t do_empty_lookup(dns_sdblookup_t *lookup);
+static isc_result_t do_dns64_lookup(dns_sdblookup_t *lookup);
 
 /*
  * We can't use function pointers as the db_data directly
@@ -65,19 +66,194 @@ static builtin_t hostname_builtin = { do_hostname_lookup, NULL, NULL };
 static builtin_t authors_builtin = { do_authors_lookup, NULL, NULL };
 static builtin_t id_builtin = { do_id_lookup, NULL, NULL };
 static builtin_t empty_builtin = { do_empty_lookup, NULL, NULL };
+static builtin_t dns64_builtin = { do_dns64_lookup, NULL, NULL };
 
 static dns_sdbimplementation_t *builtin_impl;
 
+static const char hex[] = "0123456789abcdef";
+static const char HEX[] = "0123456789ABCDEF";
+
+static isc_result_t
+dns64_cname(const char *zone, const char *name, dns_sdblookup_t *lookup) {
+	size_t zlen, nlen, j;
+	const char *s;
+	unsigned char v[16];
+	unsigned int i;
+	char reverse[sizeof("123.123.123.123.in-addr.arpa.")];
+
+	/*
+	 * The sum the length of the relative name and the length of the zone
+	 * name for a IPv6 reverse lookup comes to 71.
+	 *
+	 * The reverse of 2001::10.0.0.1 (dns64 2001::/96) has a zone of
+	 * "0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.0.1.0.0.2.ip6.arpa"
+	 * and a name of "1.0.0.0.0.0.a.0".  The sum of the lengths of these
+	 * two strings is 71.
+	 *
+	 * The minimum length for a ip6.arpa zone name is 8.
+	 *
+	 * The length of name should always be odd as we are expecting
+	 * a series of nibbles.
+	 */
+	zlen = strlen(zone);
+	nlen = strlen(name);
+	if ((zlen + nlen) > 71U || zlen < 8U || (nlen % 2) != 1U)
+		return (ISC_R_NOTFOUND);
+
+	/*
+	 * We assume the zone name is well formed.
+	 */
+
+	/*
+	 * XXXMPA We could check the dns64 suffix here if we need to.
+	 */
+	/*
+	 * Check that name is a series of nibbles.
+	 * Compute the byte values that correspond to the nibbles as we go.
+	 *
+	 * Shift the final result 4 bits, by setting 'i' to 1, if we if we
+	 * have a odd number of nibbles so that "must be zero" tests below
+	 * are byte aligned and we correctly return ISC_R_NOTFOUND or
+	 * ISC_R_SUCCESS.  We will not generate a CNAME in this case.
+	 */
+	i = (nlen % 4) == 1U ? 1 : 0;
+	j = nlen;
+	memset(v, 0, sizeof(v));
+	while (j >= 1U) {
+		INSIST((i/2) < sizeof(v));
+		if (j > 1U && name[1] != '.')
+			return (ISC_R_NOTFOUND);
+		v[i/2] >>= 4;
+		if ((s = strchr(hex, name[0])) != NULL)
+			v[i/2] |= (s - hex) << 4;
+		else if ((s = strchr(HEX, name[0])) != NULL)
+			v[i/2] |= (s - HEX) << 4;
+		else
+			return (ISC_R_NOTFOUND);
+		if (j > 1U)
+			j -= 2;
+		else
+			j -= 1;
+		name += 2;
+		i++;
+	}
+
+	/*
+	 * If we get here then we know name only consisted of nibbles.
+	 * Now we need to determine if the name exists or not and whether
+	 * it corresponds to a empty node in the zone or there should be
+	 * a CNAME.
+	 */
+	switch (zlen) {
+	case 24:	/* prefix len 32 */
+		/*
+		 * If the total length is not 71 then this is a empty node
+		 * so return success.
+		 */
+		if (nlen + zlen != 71U)
+			return (ISC_R_SUCCESS);
+		snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.",
+			 v[8], v[9], v[10], v[11]);
+		break;
+	case 28:	/* prefix len 40 */
+		/*
+		 * The nibbles that map to this byte must be zero for 'name'
+		 * to exist in the zone.
+		 */
+		if (nlen > 11U && v[nlen/4 - 3] != 0)
+			return (ISC_R_NOTFOUND);
+		/*
+		 * If the total length is not 71 then this is a empty node
+		 * so return success.
+		 */
+		if (nlen + zlen != 71U)
+			return (ISC_R_SUCCESS);
+		snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.",
+			 v[6], v[8], v[9], v[10]);
+		break;
+	case 32:	/* prefix len 48 */
+		/*
+		 * The nibbles that map to this byte must be zero for 'name'
+		 * to exist in the zone.
+		 */
+		if (nlen > 7U && v[nlen/4 - 2] != 0)
+			return (ISC_R_NOTFOUND);
+		/*
+		 * If the total length is not 71 then this is a empty node
+		 * so return success.
+		 */
+		if (nlen + zlen != 71U)
+			return (ISC_R_SUCCESS);
+		snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.",
+			 v[5], v[6], v[8], v[9]);
+		break;
+	case 36:	/* prefix len 56 */
+		/*
+		 * The nibbles that map to this byte must be zero for 'name'
+		 * to exist in the zone.
+		 */
+		if (nlen > 3U && v[nlen/4 - 1] != 0)
+			return (ISC_R_NOTFOUND);
+		/*
+		 * If the total length is not 71 then this is a empty node
+		 * so return success.
+		 */
+		if (nlen + zlen != 71U)
+			return (ISC_R_SUCCESS);
+		snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.",
+			 v[4], v[5], v[6], v[8]);
+		break;
+	case 40:	/* prefix len 64 */
+		/*
+		 * The nibbles that map to this byte must be zero for 'name'
+		 * to exist in the zone.
+		 */
+		if (v[nlen/4] != 0)
+			return (ISC_R_NOTFOUND);
+		/*
+		 * If the total length is not 71 then this is a empty node
+		 * so return success.
+		 */
+		if (nlen + zlen != 71U)
+			return (ISC_R_SUCCESS);
+		snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.",
+			 v[3], v[4], v[5], v[6]);
+		break;
+	case 56:	/* prefix len 96 */
+		/*
+		 * If the total length is not 71 then this is a empty node
+		 * so return success.
+		 */
+		if (nlen + zlen != 71U)
+			return (ISC_R_SUCCESS);
+		snprintf(reverse, sizeof(reverse), "%u.%u.%u.%u.in-addr.arpa.",
+			 v[0], v[1], v[2], v[3]);
+		break;
+	default:
+		/*
+		 * This should never be reached unless someone adds a
+		 * zone declaration with this internal type to named.conf.
+		 */
+		return (ISC_R_NOTFOUND);
+	}
+	return (dns_sdb_putrr(lookup, "CNAME", 600, reverse));
+}
+
 static isc_result_t
 builtin_lookup(const char *zone, const char *name, void *dbdata,
-	       dns_sdblookup_t *lookup)
+	       dns_sdblookup_t *lookup, dns_clientinfomethods_t *methods,
+	       dns_clientinfo_t *clientinfo)
 {
 	builtin_t *b = (builtin_t *) dbdata;
 
 	UNUSED(zone);
+	UNUSED(methods);
+	UNUSED(clientinfo);
 
 	if (strcmp(name, "@") == 0)
 		return (b->do_lookup(lookup));
+	else if (b->do_lookup == do_dns64_lookup)
+		return (dns64_cname(zone, name, lookup));
 	else
 		return (ISC_R_NOTFOUND);
 }
@@ -127,13 +303,18 @@ do_authors_lookup(dns_sdblookup_t *lookup) {
 	const char **p;
 	static const char *authors[] = {
 		"Mark Andrews",
+		"Curtis Blackburn",
 		"James Brister",
 		"Ben Cottrell",
+		"John H. DuBois III",
+		"Francis Dupont",
 		"Michael Graff",
 		"Andreas Gustafsson",
 		"Bob Halley",
 		"Evan Hunt",
+		"JINMEI Tatuya",
 		"David Lawrence",
+		"Scott Mann",
 		"Danny Mayer",
 		"Damien Neil",
 		"Matt Nelson",
@@ -174,6 +355,12 @@ do_id_lookup(dns_sdblookup_t *lookup) {
 		return (put_txt(lookup, ns_g_server->server_id));
 }
 
+static isc_result_t
+do_dns64_lookup(dns_sdblookup_t *lookup) {
+	UNUSED(lookup);
+	return (ISC_R_SUCCESS);
+}
+
 static isc_result_t
 do_empty_lookup(dns_sdblookup_t *lookup) {
 
@@ -221,7 +408,7 @@ builtin_create(const char *zone, int argc, char **argv,
 	UNUSED(zone);
 	UNUSED(driverdata);
 
-	if (strcmp(argv[0], "empty") == 0) {
+	if (strcmp(argv[0], "empty") == 0 || strcmp(argv[0], "dns64") == 0) {
 		if (argc != 3)
 			return (DNS_R_SYNTAX);
 	} else if (argc != 1)
@@ -235,7 +422,8 @@ builtin_create(const char *zone, int argc, char **argv,
 		*dbdata = &authors_builtin;
 	else if (strcmp(argv[0], "id") == 0)
 		*dbdata = &id_builtin;
-	else if (strcmp(argv[0], "empty") == 0) {
+	else if (strcmp(argv[0], "empty") == 0 ||
+		 strcmp(argv[0], "dns64") == 0) {
 		builtin_t *empty;
 		char *server;
 		char *contact;
@@ -247,7 +435,10 @@ builtin_create(const char *zone, int argc, char **argv,
 		server = isc_mem_strdup(ns_g_mctx, argv[1]);
 		contact = isc_mem_strdup(ns_g_mctx, argv[2]);
 		if (empty == NULL || server == NULL || contact == NULL) {
-			*dbdata = &empty_builtin;
+			if (strcmp(argv[0], "empty") == 0)
+				*dbdata = &empty_builtin;
+			else
+				*dbdata = &dns64_builtin;
 			if (server != NULL)
 				isc_mem_free(ns_g_mctx, server);
 			if (contact != NULL)
@@ -255,7 +446,12 @@ builtin_create(const char *zone, int argc, char **argv,
 			if (empty != NULL)
 				isc_mem_put(ns_g_mctx, empty, sizeof (*empty));
 		} else {
-			memcpy(empty, &empty_builtin, sizeof (empty_builtin));
+			if (strcmp(argv[0], "empty") == 0)
+				memcpy(empty, &empty_builtin,
+				       sizeof (empty_builtin));
+			else
+				memcpy(empty, &dns64_builtin,
+				       sizeof (empty_builtin));
 			empty->server = server;
 			empty->contact = contact;
 			*dbdata = empty;
@@ -277,7 +473,7 @@ builtin_destroy(const char *zone, void *driverdata, void **dbdata) {
 	 */
 	if (*dbdata == &version_builtin || *dbdata == &hostname_builtin ||
 	    *dbdata == &authors_builtin || *dbdata == &id_builtin ||
-	    *dbdata == &empty_builtin)
+	    *dbdata == &empty_builtin || *dbdata == &dns64_builtin)
 		return;
 
 	isc_mem_free(ns_g_mctx, b->server);
@@ -307,3 +503,4 @@ void
 ns_builtin_deinit(void) {
 	dns_sdb_unregister(&builtin_impl);
 }
+

bin/named/config.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2012  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.c,v 1.108 2010/05/14 23:50:38 tbox Exp $ */
+/* $Id: config.c,v 1.123 2012/01/06 23:46:41 tbox Exp $ */
 
 /*! \file */
 
@@ -80,6 +80,7 @@ options {\n\
 	bindkeys-file \"" NS_SYSCONFDIR "/bind.keys\";\n\
 	port 53;\n\
 	recursing-file \"named.recursing\";\n\
+	secroots-file \"named.secroots\";\n\
 "
 #ifdef PATH_RANDOMDEV
 "\
@@ -88,7 +89,8 @@ options {\n\
 #endif
 "\
 	recursive-clients 1000;\n\
-	rrset-order {type NS order random; order cyclic; };\n\
+	resolver-query-timeout 30;\n\
+	rrset-order { order random; };\n\
 	serial-queries 20;\n\
 	serial-query-rate 20;\n\
 	server-id none;\n\
@@ -158,9 +160,11 @@ options {\n\
 	max-clients-per-query 100;\n\
 	zero-no-soa-ttl-cache no;\n\
 	nsec3-test-zone no;\n\
+	allow-new-zones no;\n\
 "
 #ifdef ALLOW_FILTER_AAAA_ON_V4
 "	filter-aaaa-on-v4 no;\n\
+	filter-aaaa { any; };\n\
 "
 #endif
 
@@ -195,6 +199,7 @@ options {\n\
 	sig-signing-nodes 100;\n\
 	sig-signing-signatures 10;\n\
 	sig-signing-type 65534;\n\
+	inline-signing no;\n\
 	zone-statistics false;\n\
 	max-journal-size unlimited;\n\
 	ixfr-from-differences false;\n\
@@ -205,7 +210,10 @@ options {\n\
 	check-srv-cname warn;\n\
 	zero-no-soa-ttl yes;\n\
 	update-check-ksk yes;\n\
+	serial-update-method increment;\n\
+	dnssec-update-mode maintain;\n\
 	dnssec-dnskey-kskonly no;\n\
+	dnssec-loadkeys-interval 60;\n\
 	try-tcp-refresh yes; /* BIND 8 compat */\n\
 };\n\
 "
@@ -216,6 +224,7 @@ options {\n\
 view \"_bind\" chaos {\n\
 	recursion no;\n\
 	notify no;\n\
+	allow-new-zones no;\n\
 \n\
 	zone \"version.bind\" chaos {\n\
 		type master;\n\
@@ -286,7 +295,8 @@ ns_checknames_get(const cfg_obj_t **maps, const char *which,
 		if (maps[i] == NULL)
 			return (ISC_R_NOTFOUND);
 		checknames = NULL;
-		if (cfg_map_get(maps[i], "check-names", &checknames) == ISC_R_SUCCESS) {
+		if (cfg_map_get(maps[i], "check-names",
+				&checknames) == ISC_R_SUCCESS) {
 			/*
 			 * Zone map entry is not a list.
 			 */
@@ -299,7 +309,8 @@ ns_checknames_get(const cfg_obj_t **maps, const char *which,
 			     element = cfg_list_next(element)) {
 				value = cfg_listelt_value(element);
 				type = cfg_tuple_get(value, "type");
-				if (strcasecmp(cfg_obj_asstring(type), which) == 0) {
+				if (strcasecmp(cfg_obj_asstring(type),
+					       which) == 0) {
 					*obj = cfg_tuple_get(value, "mode");
 					return (ISC_R_SUCCESS);
 				}
@@ -370,6 +381,10 @@ ns_config_getzonetype(const cfg_obj_t *zonetypeobj) {
 		ztype = dns_zone_slave;
 	else if (strcasecmp(str, "stub") == 0)
 		ztype = dns_zone_stub;
+	else if (strcasecmp(str, "static-stub") == 0)
+		ztype = dns_zone_staticstub;
+	else if (strcasecmp(str, "redirect") == 0)
+		ztype = dns_zone_redirect;
 	else
 		INSIST(0);
 	return (ztype);

bin/named/control.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: control.c,v 1.36 2009/10/12 20:48:11 each Exp $ */
+/* $Id: control.c,v 1.47 2011/11/03 23:05:30 each Exp $ */
 
 /*! \file */
 
@@ -129,11 +129,16 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 		 * isc_app_shutdown below.
 		 */
 #endif
+		/* Do not flush master files */
 		ns_server_flushonshutdown(ns_g_server, ISC_FALSE);
 		ns_os_shutdownmsg(command, text);
 		isc_app_shutdown();
 		result = ISC_R_SUCCESS;
 	} else if (command_compare(command, NS_COMMAND_STOP)) {
+		/*
+		 * "stop" is the same as "halt" except it does
+		 * flush master files.
+		 */
 #ifdef HAVE_LIBSCF
 		if (ns_smf_got_instance == 1 && ns_smf_chroot == 1) {
 			result = ns_smf_add_message(text);
@@ -149,10 +154,12 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 	} else if (command_compare(command, NS_COMMAND_DUMPSTATS)) {
 		result = ns_server_dumpstats(ns_g_server);
 	} else if (command_compare(command, NS_COMMAND_QUERYLOG)) {
-		result = ns_server_togglequerylog(ns_g_server);
+		result = ns_server_togglequerylog(ns_g_server, command);
 	} else if (command_compare(command, NS_COMMAND_DUMPDB)) {
 		ns_server_dumpdb(ns_g_server, command);
 		result = ISC_R_SUCCESS;
+	} else if (command_compare(command, NS_COMMAND_SECROOTS)) {
+		result = ns_server_dumpsecroots(ns_g_server, command);
 	} else if (command_compare(command, NS_COMMAND_TRACE)) {
 		result = ns_server_setdebuglevel(ns_g_server, command);
 	} else if (command_compare(command, NS_COMMAND_NOTRACE)) {
@@ -162,7 +169,9 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 	} else if (command_compare(command, NS_COMMAND_FLUSH)) {
 		result = ns_server_flushcache(ns_g_server, command);
 	} else if (command_compare(command, NS_COMMAND_FLUSHNAME)) {
-		result = ns_server_flushname(ns_g_server, command);
+		result = ns_server_flushnode(ns_g_server, command, ISC_FALSE);
+	} else if (command_compare(command, NS_COMMAND_FLUSHTREE)) {
+		result = ns_server_flushnode(ns_g_server, command, ISC_TRUE);
 	} else if (command_compare(command, NS_COMMAND_STATUS)) {
 		result = ns_server_status(ns_g_server, text);
 	} else if (command_compare(command, NS_COMMAND_TSIGLIST)) {
@@ -176,6 +185,8 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 		   command_compare(command, NS_COMMAND_THAW)) {
 		result = ns_server_freeze(ns_g_server, ISC_FALSE, command,
 					  text);
+	} else if (command_compare(command, NS_COMMAND_SYNC)) {
+		result = ns_server_sync(ns_g_server, command, text);
 	} else if (command_compare(command, NS_COMMAND_RECURSING)) {
 		result = ns_server_dumprecursing(ns_g_server);
 	} else if (command_compare(command, NS_COMMAND_TIMERPOKE)) {
@@ -187,8 +198,15 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 		result = ns_server_notifycommand(ns_g_server, command, text);
 	} else if (command_compare(command, NS_COMMAND_VALIDATION)) {
 		result = ns_server_validation(ns_g_server, command);
-	} else if (command_compare(command, NS_COMMAND_SIGN)) {
-		result = ns_server_sign(ns_g_server, command);
+	} else if (command_compare(command, NS_COMMAND_SIGN) ||
+		   command_compare(command, NS_COMMAND_LOADKEYS)) {
+		result = ns_server_rekey(ns_g_server, command);
+	} else if (command_compare(command, NS_COMMAND_ADDZONE)) {
+		result = ns_server_add_zone(ns_g_server, command);
+	} else if (command_compare(command, NS_COMMAND_DELZONE)) {
+		result = ns_server_del_zone(ns_g_server, command);
+	} else if (command_compare(command, NS_COMMAND_SIGNING)) {
+		result = ns_server_signing(ns_g_server, command, text);
 	} else {
 		isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
 			      NS_LOGMODULE_CONTROL, ISC_LOG_WARNING,

bin/named/controlconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2008  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2008, 2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: controlconf.c,v 1.60 2008/07/23 23:27:54 marka Exp $ */
+/* $Id: controlconf.c,v 1.63 2011/12/22 08:07:48 marka Exp $ */
 
 /*! \file */
 
@@ -859,7 +859,7 @@ get_rndckey(isc_mem_t *mctx, controlkeylist_t *keyids) {
 		cfg_obj_log(key, ns_g_lctx, ISC_LOG_WARNING,
 			    "secret for key '%s' on command channel: %s",
 			    keyid->keyname, isc_result_totext(result));
-		CHECK(result);
+		goto cleanup;
 	}
 
 	keyid->secret.length = isc_buffer_usedlength(&b);
@@ -1148,6 +1148,11 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp,
 	if (result == ISC_R_SUCCESS)
 		isc_socket_setname(listener->sock, "control", NULL);
 
+#ifndef ISC_ALLOW_MAPPED
+	if (result == ISC_R_SUCCESS)
+		isc_socket_ipv6only(listener->sock, ISC_TRUE);
+#endif
+
 	if (result == ISC_R_SUCCESS)
 		result = isc_socket_bind(listener->sock, &listener->address,
 					 ISC_SOCKET_REUSEADDRESS);

bin/named/include/dlz/dlz_dlopen_driver.h

@@ -0,0 +1,27 @@
+/*
+ * Copyright (C) 2011  Internet Systems Consortium, Inc. ("ISC")
+ *
+ * Permission to use, copy, modify, and/or distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ *
+ * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
+ * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
+ * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
+ * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
+ * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
+ * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
+ * PERFORMANCE OF THIS SOFTWARE.
+ */
+
+/* $Id: dlz_dlopen_driver.h,v 1.4 2011/03/17 09:25:53 fdupont Exp $ */
+
+#ifndef DLZ_DLOPEN_DRIVER_H
+#define DLZ_DLOPEN_DRIVER_H
+
+isc_result_t
+dlz_dlopen_init(isc_mem_t *mctx);
+
+void
+dlz_dlopen_clear(void);
+#endif

bin/named/include/named/client.h

@@ -1,21 +1,21 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: client.h,v 1.91 2009/10/26 23:14:53 each Exp $ */
+/* $Id: client.h,v 1.37.2.1 2000/07/26 23:51:33 bwelling Exp $ */
 
 #ifndef NAMED_CLIENT_H
 #define NAMED_CLIENT_H 1
@@ -24,8 +24,9 @@
  ***** Module Info
  *****/
 
-/*! \file
- * \brief
+/*
+ * Client
+ *
  * This module defines two objects, ns_client_t and ns_clientmgr_t.
  *
  * An ns_client_t object handles incoming DNS requests from clients
@@ -34,22 +35,21 @@
  * Each ns_client_t object can handle only one TCP connection or UDP
  * request at a time.  Therefore, several ns_client_t objects are
  * typically created to serve each network interface, e.g., one
- * for handling TCP requests and a few (one per CPU) for handling
+ * for handling TCP requests and a few (one per CPU) for handling 
  * UDP requests.
  *
  * Incoming requests are classified as queries, zone transfer
- * requests, update requests, notify requests, etc, and handed off
+ * requests, update requests, notify requests, etc, and handed off 
  * to the appropriate request handler.  When the request has been
- * fully handled (which can be much later), the ns_client_t must be
- * notified of this by calling one of the following functions
+ * fully handled (which can be much later), the ns_client_t must be 
+ * notified of this by calling one of the following functions 
  * exactly once in the context of its task:
- * \code
+ *
  *   ns_client_send()	(sending a non-error response)
- *   ns_client_sendraw() (sending a raw response)
  *   ns_client_error()	(sending an error response)
  *   ns_client_next()	(sending no response)
- *\endcode
- * This will release any resources used by the request and
+ *
+ * This will release any resources used by the request and 
  * and allow the ns_client_t to listen for the next request.
  *
  * A ns_clientmgr_t manages a number of ns_client_t objects.
@@ -63,16 +63,12 @@
  ***/
 
 #include <isc/buffer.h>
-#include <isc/magic.h>
 #include <isc/stdtime.h>
 #include <isc/quota.h>
 
-#include <dns/fixedname.h>
 #include <dns/name.h>
-#include <dns/rdataclass.h>
-#include <dns/rdatatype.h>
-#include <dns/tcpmsg.h>
 #include <dns/types.h>
+#include <dns/tcpmsg.h>
 
 #include <named/types.h>
 #include <named/query.h>
@@ -83,127 +79,84 @@
 
 typedef ISC_LIST(ns_client_t) client_list_t;
 
-/*% nameserver client structure */
 struct ns_client {
 	unsigned int		magic;
 	isc_mem_t *		mctx;
 	ns_clientmgr_t *	manager;
 	int			state;
 	int			newstate;
+	isc_boolean_t		disconnect;
 	int			naccepts;
 	int			nreads;
 	int			nsends;
-	int			nrecvs;
-	int			nupdates;
-	int			nctls;
 	int			references;
-	isc_boolean_t		needshutdown; 	/*
-						 * Used by clienttest to get
-						 * the client to go from
-						 * inactive to free state
-						 * by shutting down the
-						 * client's task.
-						 */
 	unsigned int		attributes;
 	isc_task_t *		task;
 	dns_view_t *		view;
+	dns_view_t *		lockview;
 	dns_dispatch_t *	dispatch;
-	isc_socket_t *		udpsocket;
+	dns_dispentry_t *	dispentry;
+	dns_dispatchevent_t *	dispevent;
 	isc_socket_t *		tcplistener;
 	isc_socket_t *		tcpsocket;
 	unsigned char *		tcpbuf;
 	dns_tcpmsg_t		tcpmsg;
 	isc_boolean_t		tcpmsg_valid;
 	isc_timer_t *		timer;
-	isc_boolean_t 		timerset;
 	dns_message_t *		message;
-	isc_socketevent_t *	sendevent;
-	isc_socketevent_t *	recvevent;
-	unsigned char *		recvbuf;
+	unsigned char *		sendbuf;
 	dns_rdataset_t *	opt;
 	isc_uint16_t		udpsize;
-	isc_uint16_t		extflags;
-	isc_int16_t		ednsversion;	/* -1 noedns */
 	void			(*next)(ns_client_t *);
 	void			(*shutdown)(void *arg, isc_result_t result);
 	void 			*shutdown_arg;
 	ns_query_t		query;
 	isc_stdtime_t		requesttime;
 	isc_stdtime_t		now;
-	dns_name_t		signername;   /*%< [T]SIG key name */
-	dns_name_t *		signer;	      /*%< NULL if not valid sig */
-	isc_boolean_t		mortal;	      /*%< Die after handling request */
+	dns_name_t		signername;   /* [T]SIG key name */
+	dns_name_t *		signer;	      /* NULL if not valid sig */
+	isc_boolean_t		mortal;	      /* Die after handling request */
 	isc_quota_t		*tcpquota;
 	isc_quota_t		*recursionquota;
 	ns_interface_t		*interface;
 	isc_sockaddr_t		peeraddr;
 	isc_boolean_t		peeraddr_valid;
-	isc_netaddr_t		destaddr;
 	struct in6_pktinfo	pktinfo;
 	isc_event_t		ctlevent;
-	/*%
-	 * Information about recent FORMERR response(s), for
-	 * FORMERR loop avoidance.  This is separate for each
-	 * client object rather than global only to avoid
-	 * the need for locking.
-	 */
-	struct {
-		isc_sockaddr_t		addr;
-		isc_stdtime_t		time;
-		dns_messageid_t		id;
-	} formerrcache;
 	ISC_LINK(ns_client_t)	link;
-	/*%
+	/*
 	 * The list 'link' is part of, or NULL if not on any list.
 	 */
 	client_list_t		*list;
 };
 
-#define NS_CLIENT_MAGIC			ISC_MAGIC('N','S','C','c')
+#define NS_CLIENT_MAGIC			0x4E534363U	/* NSCc */
 #define NS_CLIENT_VALID(c)		ISC_MAGIC_VALID(c, NS_CLIENT_MAGIC)
 
 #define NS_CLIENTATTR_TCP		0x01
-#define NS_CLIENTATTR_RA		0x02 /*%< Client gets recursive service */
-#define NS_CLIENTATTR_PKTINFO		0x04 /*%< pktinfo is valid */
-#define NS_CLIENTATTR_MULTICAST		0x08 /*%< recv'd from multicast */
-#define NS_CLIENTATTR_WANTDNSSEC	0x10 /*%< include dnssec records */
-#define NS_CLIENTATTR_WANTNSID          0x20 /*%< include nameserver ID */
-#ifdef ALLOW_FILTER_AAAA_ON_V4
-#define NS_CLIENTATTR_FILTER_AAAA	0x40 /*%< suppress AAAAs */
-#define NS_CLIENTATTR_FILTER_AAAA_RC	0x80 /*%< recursing for A against AAAA */
-#endif
-
-extern unsigned int ns_client_requests;
+#define NS_CLIENTATTR_RA		0x02 /* Client gets recusive service */
+#define NS_CLIENTATTR_PKTINFO		0x04 /* pktinfo is valid */
+#define NS_CLIENTATTR_MULTICAST		0x08 /* recv'd from multicast */
 
 /***
  *** Functions
  ***/
 
-/*%
+/*
  * Note!  These ns_client_ routines MUST be called ONLY from the client's
  * task in order to ensure synchronization.
  */
 
 void
 ns_client_send(ns_client_t *client);
-/*%
+/*
  * Finish processing the current client request and
  * send client->message as a response.
- * \brief
- * Note!  These ns_client_ routines MUST be called ONLY from the client's
- * task in order to ensure synchronization.
- */
-
-void
-ns_client_sendraw(ns_client_t *client, dns_message_t *msg);
-/*%
- * Finish processing the current client request and
- * send msg as a response using client->message->id for the id.
  */
 
 void
 ns_client_error(ns_client_t *client, isc_result_t result);
-/*%
+/*
  * Finish processing the current client request and return
  * an error response to the client.  The error response
  * will have an RCODE determined by 'result'.
@@ -211,53 +164,47 @@ ns_client_error(ns_client_t *client, isc_result_t result);
 
 void
 ns_client_next(ns_client_t *client, isc_result_t result);
-/*%
- * Finish processing the current client request,
+/*
+ * Finish processing the current client request, 
  * return no response to the client.
  */
 
 isc_boolean_t
 ns_client_shuttingdown(ns_client_t *client);
-/*%
+/*
  * Return ISC_TRUE iff the client is currently shutting down.
  */
 
 void
 ns_client_attach(ns_client_t *source, ns_client_t **target);
-/*%
+/*
  * Attach '*targetp' to 'source'.
  */
 
 void
 ns_client_detach(ns_client_t **clientp);
-/*%
+/*
  * Detach '*clientp' from its client.
  */
 
 isc_result_t
 ns_client_replace(ns_client_t *client);
-/*%
+/*
  * Try to replace the current client with a new one, so that the
  * current one can go off and do some lengthy work without
  * leaving the dispatch/socket without service.
  */
 
-void
-ns_client_settimeout(ns_client_t *client, unsigned int seconds);
-/*%
- * Set a timer in the client to go off in the specified amount of time.
- */
-
 isc_result_t
 ns_clientmgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
 		    isc_timermgr_t *timermgr, ns_clientmgr_t **managerp);
-/*%
+/*
  * Create a client manager.
  */
 
 void
 ns_clientmgr_destroy(ns_clientmgr_t **managerp);
-/*%
+/*
  * Destroy a client manager and all ns_client_t objects
  * managed by it.
  */
@@ -265,7 +212,7 @@ ns_clientmgr_destroy(ns_clientmgr_t **managerp);
 isc_result_t
 ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
 			   ns_interface_t *ifp, isc_boolean_t tcp);
-/*%
+/*
  * Create up to 'n' clients listening on interface 'ifp'.
  * If 'tcp' is ISC_TRUE, the clients will listen for TCP connections,
  * otherwise for UDP requests.
@@ -273,106 +220,45 @@ ns_clientmgr_createclients(ns_clientmgr_t *manager, unsigned int n,
 
 isc_sockaddr_t *
 ns_client_getsockaddr(ns_client_t *client);
-/*%
+/*
  * Get the socket address of the client whose request is
  * currently being processed.
  */
 
 isc_result_t
-ns_client_checkaclsilent(ns_client_t *client, isc_netaddr_t *netaddr,
-			 dns_acl_t *acl, isc_boolean_t default_allow);
-
-/*%
+ns_client_checkacl(ns_client_t  *client,
+		   const char *opname, dns_acl_t *acl,
+		   isc_boolean_t default_allow,
+		   isc_boolean_t logfailure);
+/*
  * Convenience function for client request ACL checking.
  *
  * Check the current client request against 'acl'.  If 'acl'
  * is NULL, allow the request iff 'default_allow' is ISC_TRUE.
- * If netaddr is NULL, check the ACL against client->peeraddr;
- * otherwise check it against netaddr.
+ * Log the outcome of the check if deemed appropriate.
+ * Log messages will refer to the request as an 'opname' request.
  *
  * Notes:
- *\li	This is appropriate for checking allow-update,
+ *	This is appropriate for checking allow-update, 
  * 	allow-query, allow-transfer, etc.  It is not appropriate
  * 	for checking the blackhole list because we treat positive
  * 	matches as "allow" and negative matches as "deny"; in
  *	the case of the blackhole list this would be backwards.
  *
  * Requires:
- *\li	'client' points to a valid client.
- *\li	'netaddr' points to a valid address, or is NULL.
- *\li	'acl' points to a valid ACL, or is NULL.
+ *	'client' points to a valid client.
+ *	'opname' points to a null-terminated string.
+ *	'acl' points to a valid ACL, or is NULL.
  *
  * Returns:
- *\li	ISC_R_SUCCESS	if the request should be allowed
- * \li	DNS_R_REFUSED	if the request should be denied
- *\li	No other return values are possible.
- */
-
-isc_result_t
-ns_client_checkacl(ns_client_t  *client,
-		   isc_sockaddr_t *sockaddr,
-		   const char *opname, dns_acl_t *acl,
-		   isc_boolean_t default_allow,
-		   int log_level);
-/*%
- * Like ns_client_checkaclsilent, except the outcome of the check is
- * logged at log level 'log_level' if denied, and at debug 3 if approved.
- * Log messages will refer to the request as an 'opname' request.
- *
- * Requires:
- *\li	'client' points to a valid client.
- *\li	'sockaddr' points to a valid address, or is NULL.
- *\li	'acl' points to a valid ACL, or is NULL.
- *\li	'opname' points to a null-terminated string.
+ *	ISC_R_SUCCESS	if the request should be allowed
+ * 	ISC_R_REFUSED	if the request should be denied
+ *	No other return values are possible.
  */
 
 void
 ns_client_log(ns_client_t *client, isc_logcategory_t *category,
 	      isc_logmodule_t *module, int level,
-	      const char *fmt, ...) ISC_FORMAT_PRINTF(5, 6);
-
-void
-ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
-	       isc_logmodule_t *module, int level, const char *fmt, va_list ap) ISC_FORMAT_PRINTF(5, 0);
-
-void
-ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type,
-		 dns_rdataclass_t rdclass, char *buf, size_t len);
-
-#define NS_CLIENT_ACLMSGSIZE(x) \
-	(DNS_NAME_FORMATSIZE + DNS_RDATATYPE_FORMATSIZE + \
-	 DNS_RDATACLASS_FORMATSIZE + sizeof(x) + sizeof("'/'"))
-
-void
-ns_client_recursing(ns_client_t *client);
-/*%
- * Add client to end of th recursing list.
- */
-
-void
-ns_client_killoldestquery(ns_client_t *client);
-/*%
- * Kill the oldest recursive query (recursing list head).
- */
-
-void
-ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager);
-/*%
- * Dump the outstanding recursive queries to 'f'.
- */
-
-void
-ns_client_qnamereplace(ns_client_t *client, dns_name_t *name);
-/*%
- * Replace the qname.
- */
-
-isc_boolean_t
-ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
-		 isc_sockaddr_t *srcaddr, isc_sockaddr_t *destaddr,
-		 dns_rdataclass_t rdclass, void *arg);
-/*%
- * Isself callback.
- */
+	      const char *fmt, ...);
 
 #endif /* NAMED_CLIENT_H */

bin/named/include/named/control.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007, 2009  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2009-2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: control.h,v 1.27 2009/10/12 23:48:01 tbox Exp $ */
+/* $Id: control.h,v 1.36 2011/10/28 06:20:04 each Exp $ */
 
 #ifndef NAMED_CONTROL_H
 #define NAMED_CONTROL_H 1
@@ -42,10 +42,12 @@
 #define NS_COMMAND_DUMPSTATS	"stats"
 #define NS_COMMAND_QUERYLOG	"querylog"
 #define NS_COMMAND_DUMPDB	"dumpdb"
+#define NS_COMMAND_SECROOTS	"secroots"
 #define NS_COMMAND_TRACE	"trace"
 #define NS_COMMAND_NOTRACE	"notrace"
 #define NS_COMMAND_FLUSH	"flush"
 #define NS_COMMAND_FLUSHNAME	"flushname"
+#define NS_COMMAND_FLUSHTREE	"flushtree"
 #define NS_COMMAND_STATUS	"status"
 #define NS_COMMAND_TSIGLIST	"tsig-list"
 #define NS_COMMAND_TSIGDELETE	"tsig-delete"
@@ -58,6 +60,11 @@
 #define NS_COMMAND_NOTIFY	"notify"
 #define NS_COMMAND_VALIDATION	"validation"
 #define NS_COMMAND_SIGN 	"sign"
+#define NS_COMMAND_LOADKEYS 	"loadkeys"
+#define NS_COMMAND_ADDZONE	"addzone"
+#define NS_COMMAND_DELZONE	"delzone"
+#define NS_COMMAND_SYNC		"sync"
+#define NS_COMMAND_SIGNING	"signing"
 
 isc_result_t
 ns_controls_create(ns_server_t *server, ns_controls_t **ctrlsp);

bin/named/include/named/globals.h

@@ -1,36 +1,30 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: globals.h,v 1.86 2009/10/05 17:30:49 fdupont Exp $ */
+/* $Id: globals.h,v 1.42 2000/06/22 21:49:39 tale Exp $ */
 
 #ifndef NAMED_GLOBALS_H
 #define NAMED_GLOBALS_H 1
 
-/*! \file */
-
 #include <isc/rwlock.h>
 #include <isc/log.h>
 #include <isc/net.h>
 
-#include <isccfg/cfg.h>
-
-#include <dns/zone.h>
-
-#include <dst/dst.h>
+#include <omapi/types.h>
 
 #include <named/types.h>
 
@@ -44,18 +38,11 @@
 #define INIT(v)
 #endif
 
-#ifndef NS_RUN_PID_DIR
-#define NS_RUN_PID_DIR 1
-#endif
-
 EXTERN isc_mem_t *		ns_g_mctx		INIT(NULL);
 EXTERN unsigned int		ns_g_cpus		INIT(0);
 EXTERN isc_taskmgr_t *		ns_g_taskmgr		INIT(NULL);
 EXTERN dns_dispatchmgr_t *	ns_g_dispatchmgr	INIT(NULL);
 EXTERN isc_entropy_t *		ns_g_entropy		INIT(NULL);
-EXTERN isc_entropy_t *		ns_g_fallbackentropy	INIT(NULL);
-EXTERN unsigned int		ns_g_cpus_detected	INIT(1);
-
 /*
  * XXXRTH  We're going to want multiple timer managers eventually.  One
  *         for really short timers, another for client timers, and one
@@ -63,15 +50,13 @@ EXTERN unsigned int		ns_g_cpus_detected	INIT(1);
  */
 EXTERN isc_timermgr_t *		ns_g_timermgr		INIT(NULL);
 EXTERN isc_socketmgr_t *	ns_g_socketmgr		INIT(NULL);
-EXTERN cfg_parser_t *		ns_g_parser		INIT(NULL);
+EXTERN omapi_object_t *		ns_g_omapimgr		INIT(NULL);
 EXTERN const char *		ns_g_version		INIT(VERSION);
-EXTERN const char *		ns_g_configargs		INIT(CONFIGARGS);
 EXTERN in_port_t		ns_g_port		INIT(0);
-EXTERN in_port_t		lwresd_g_listenport	INIT(0);
+EXTERN in_port_t		lwresd_g_queryport	INIT(0);
 
 EXTERN ns_server_t *		ns_g_server		INIT(NULL);
-
-EXTERN isc_boolean_t		ns_g_lwresdonly		INIT(ISC_FALSE);
+EXTERN ns_lwresd_t *		ns_g_lwresd		INIT(NULL);
 
 /*
  * Logging.
@@ -82,34 +67,11 @@ EXTERN isc_logmodule_t *	ns_g_modules		INIT(NULL);
 EXTERN unsigned int		ns_g_debuglevel		INIT(0);
 
 /*
- * Current configuration information.
+ * Current config information
  */
-EXTERN cfg_obj_t *		ns_g_config		INIT(NULL);
-EXTERN const cfg_obj_t *	ns_g_defaults		INIT(NULL);
 EXTERN const char *		ns_g_conffile		INIT(NS_SYSCONFDIR
 							     "/named.conf");
-EXTERN cfg_obj_t *		ns_g_bindkeys		INIT(NULL);
-EXTERN const char *		ns_g_keyfile		INIT(NS_SYSCONFDIR
-							     "/rndc.key");
-
-EXTERN dns_tsigkey_t *		ns_g_sessionkey		INIT(NULL);
-EXTERN dns_name_t		ns_g_sessionkeyname;
-
-EXTERN const char *		lwresd_g_conffile	INIT(NS_SYSCONFDIR
-							     "/lwresd.conf");
-EXTERN const char *		lwresd_g_resolvconffile	INIT("/etc"
-							     "/resolv.conf");
-EXTERN isc_boolean_t		ns_g_conffileset	INIT(ISC_FALSE);
-EXTERN isc_boolean_t		lwresd_g_useresolvconf	INIT(ISC_FALSE);
-EXTERN isc_uint16_t		ns_g_udpsize		INIT(4096);
-
-/*
- * Initial resource limits.
- */
-EXTERN isc_resourcevalue_t	ns_g_initstacksize	INIT(0);
-EXTERN isc_resourcevalue_t	ns_g_initdatasize	INIT(0);
-EXTERN isc_resourcevalue_t	ns_g_initcoresize	INIT(0);
-EXTERN isc_resourcevalue_t	ns_g_initopenfiles	INIT(0);
+EXTERN const char *		lwresd_g_conffile      INIT("/etc/resolv.conf");
 
 /*
  * Misc.
@@ -119,36 +81,16 @@ EXTERN const char *		ns_g_chrootdir		INIT(NULL);
 EXTERN isc_boolean_t		ns_g_foreground		INIT(ISC_FALSE);
 EXTERN isc_boolean_t		ns_g_logstderr		INIT(ISC_FALSE);
 
-EXTERN const char *		ns_g_defaultsessionkeyfile
-					INIT(NS_LOCALSTATEDIR "/run/named/"
-							      "session.key");
-
-#if NS_RUN_PID_DIR
-EXTERN const char *		ns_g_defaultpidfile 	INIT(NS_LOCALSTATEDIR
-							     "/run/named/"
-							     "named.pid");
-EXTERN const char *		lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR
-							     "/run/lwresd/"
-							     "lwresd.pid");
-#else
 EXTERN const char *		ns_g_defaultpidfile 	INIT(NS_LOCALSTATEDIR
 							     "/run/named.pid");
 EXTERN const char *		lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR
 							     "/run/lwresd.pid");
-#endif
-
 EXTERN const char *		ns_g_username		INIT(NULL);
 
-#ifdef USE_PKCS11
-EXTERN const char *		ns_g_engine		INIT("pkcs11");
-#else
-EXTERN const char *		ns_g_engine		INIT(NULL);
-#endif
-
-EXTERN int			ns_g_listen		INIT(3);
-EXTERN isc_time_t		ns_g_boottime;
-EXTERN isc_boolean_t		ns_g_memstatistics	INIT(ISC_FALSE);
-EXTERN isc_boolean_t		ns_g_clienttest		INIT(ISC_FALSE);
+/*
+ * XXX  Temporary.
+ */
+EXTERN const char *		ns_g_cachefile		INIT(NULL);
 
 #undef EXTERN
 #undef INIT

bin/named/include/named/interfacemgr.h

@@ -1,21 +1,21 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: interfacemgr.h,v 1.33 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: interfacemgr.h,v 1.17 2000/06/22 21:49:40 tale Exp $ */
 
 #ifndef NAMED_INTERFACEMGR_H
 #define NAMED_INTERFACEMGR_H 1
@@ -24,23 +24,24 @@
  ***** Module Info
  *****/
 
-/*! \file
- * \brief
- * The interface manager monitors the operating system's list
- * of network interfaces, creating and destroying listeners
+/*
+ * Interface manager
+ *
+ * The interface manager monitors the operating system's list 
+ * of network interfaces, creating and destroying listeners 
  * as needed.
  *
  * Reliability:
- *\li	No impact expected.
+ *	No impact expected.
  *
  * Resources:
  *
  * Security:
- * \li	The server will only be able to bind to the DNS port on
+ * 	The server will only be able to bind to the DNS port on
  *	newly discovered interfaces if it is running as root.
  *
  * Standards:
- *\li	The API for scanning varies greatly among operating systems.
+ *	The API for scanning varies greatly among operating systems.
  *	This module attempts to hide the differences.
  */
 
@@ -61,27 +62,24 @@
  *** Types
  ***/
 
-#define IFACE_MAGIC		ISC_MAGIC('I',':','-',')')
+#define IFACE_MAGIC		0x493A2D29U	/* I:-). */	
 #define NS_INTERFACE_VALID(t)	ISC_MAGIC_VALID(t, IFACE_MAGIC)
 
-#define NS_INTERFACEFLAG_ANYADDR	0x01U	/*%< bound to "any" address */
-
-/*% The nameserver interface structure */
 struct ns_interface {
-	unsigned int		magic;		/*%< Magic number. */
-	ns_interfacemgr_t *	mgr;		/*%< Interface manager. */
+	unsigned int		magic;		/* Magic number. */
+	ns_interfacemgr_t *	mgr;		/* Interface manager. */
 	isc_mutex_t		lock;
-	int			references;	/*%< Locked */
-	unsigned int		generation;     /*%< Generation number. */
-	isc_sockaddr_t		addr;           /*%< Address and port. */
-	unsigned int		flags;		/*%< Interface characteristics */
-	char 			name[32];	/*%< Null terminated. */
-	dns_dispatch_t *	udpdispatch;	/*%< UDP dispatcher. */
-	isc_socket_t *		tcpsocket;	/*%< TCP socket. */
-	int			ntcptarget;	/*%< Desired number of concurrent
-						     TCP accepts */
-	int			ntcpcurrent;	/*%< Current ditto, locked */
-	ns_clientmgr_t *	clientmgr;	/*%< Client manager. */
+	int			references;	/* Locked */
+	unsigned int		generation;     /* Generation number. */
+	isc_sockaddr_t		addr;           /* Address and port. */
+	char 			name[32];	/* Null terminated. */
+	isc_socket_t *		udpsocket; 	/* UDP socket. */
+	dns_dispatch_t *	udpdispatch;	/* UDP dispatcher. */
+	isc_socket_t *		tcpsocket;	/* TCP socket. */
+	isc_task_t *		task;
+	int			ntcptarget;	/* Desired number of concurrent
+						   TCP accepts */
+	int			ntcpcurrent;	/* Current ditto, locked */
 	ISC_LINK(ns_interface_t) link;
 };
 
@@ -93,8 +91,8 @@ isc_result_t
 ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
 		       isc_socketmgr_t *socketmgr,
 		       dns_dispatchmgr_t *dispatchmgr,
-		       ns_interfacemgr_t **mgrp);
-/*%
+		       ns_clientmgr_t *clientmgr, ns_interfacemgr_t **mgrp);
+/*
  * Create a new interface manager.
  *
  * Initially, the new manager will not listen on any interfaces.
@@ -105,7 +103,7 @@ ns_interfacemgr_create(isc_mem_t *mctx, isc_taskmgr_t *taskmgr,
 void
 ns_interfacemgr_attach(ns_interfacemgr_t *source, ns_interfacemgr_t **target);
 
-void
+void 
 ns_interfacemgr_detach(ns_interfacemgr_t **targetp);
 
 void
@@ -113,7 +111,7 @@ ns_interfacemgr_shutdown(ns_interfacemgr_t *mgr);
 
 void
 ns_interfacemgr_scan(ns_interfacemgr_t *mgr, isc_boolean_t verbose);
-/*%
+/*
  * Scan the operatings system's list of network interfaces
  * and create listeners when new interfaces are discovered.
  * Shut down the sockets for interfaces that go away.
@@ -123,54 +121,35 @@ ns_interfacemgr_scan(ns_interfacemgr_t *mgr, isc_boolean_t verbose);
  * in named.conf.
  */
 
-void
-ns_interfacemgr_adjust(ns_interfacemgr_t *mgr, ns_listenlist_t *list,
-		       isc_boolean_t verbose);
-/*%
- * Similar to ns_interfacemgr_scan(), but this function also tries to see the
- * need for an explicit listen-on when a list element in 'list' is going to
- * override an already-listening a wildcard interface.
- *
- * This function does not update localhost and localnets ACLs.
- *
- * This should be called once on server startup, after configuring views and
- * zones.
- */
-
 void
 ns_interfacemgr_setlistenon4(ns_interfacemgr_t *mgr, ns_listenlist_t *value);
-/*%
+/*
  * Set the IPv4 "listen-on" list of 'mgr' to 'value'.
  * The previous IPv4 listen-on list is freed.
  */
 
 void
 ns_interfacemgr_setlistenon6(ns_interfacemgr_t *mgr, ns_listenlist_t *value);
-/*%
+/*
  * Set the IPv6 "listen-on" list of 'mgr' to 'value'.
  * The previous IPv6 listen-on list is freed.
  */
 
+isc_result_t
+ns_interfacemgr_findudpdispatcher(ns_interfacemgr_t *mgr,
+				  isc_sockaddr_t *address,
+				  dns_dispatch_t **dispatchp);
+/*
+ * Find a UDP dispatcher matching 'address', if it exists.
+ */
+
 dns_aclenv_t *
 ns_interfacemgr_getaclenv(ns_interfacemgr_t *mgr);
 
 void
 ns_interface_attach(ns_interface_t *source, ns_interface_t **target);
 
-void
+void 
 ns_interface_detach(ns_interface_t **targetp);
 
-void
-ns_interface_shutdown(ns_interface_t *ifp);
-/*%
- * Stop listening for queries on interface 'ifp'.
- * May safely be called multiple times.
- */
-
-void
-ns_interfacemgr_dumprecursing(FILE *f, ns_interfacemgr_t *mgr);
-
-isc_boolean_t
-ns_interfacemgr_listeningon(ns_interfacemgr_t *mgr, isc_sockaddr_t *addr);
-
 #endif /* NAMED_INTERFACEMGR_H */

bin/named/include/named/listenlist.h

@@ -1,21 +1,21 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: listenlist.h,v 1.15 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: listenlist.h,v 1.7 2000/06/23 01:34:38 gson Exp $ */
 
 #ifndef NAMED_LISTENLIST_H
 #define NAMED_LISTENLIST_H 1
@@ -24,8 +24,7 @@
  ***** Module Info
  *****/
 
-/*! \file
- * \brief
+/*
  * "Listen lists", as in the "listen-on" configuration statement.
  */
 
@@ -63,38 +62,38 @@ struct ns_listenlist {
 isc_result_t
 ns_listenelt_create(isc_mem_t *mctx, in_port_t port,
 		    dns_acl_t *acl, ns_listenelt_t **target);
-/*%
+/*
  * Create a listen-on list element.
  */
 
 void
 ns_listenelt_destroy(ns_listenelt_t *elt);
-/*%
+/*
  * Destroy a listen-on list element.
  */
 
 isc_result_t
 ns_listenlist_create(isc_mem_t *mctx, ns_listenlist_t **target);
-/*%
+/*
  * Create a new, empty listen-on list.
  */
 
 void
 ns_listenlist_attach(ns_listenlist_t *source, ns_listenlist_t **target);
-/*%
+/*
  * Attach '*target' to '*source'.
  */
 
 void
 ns_listenlist_detach(ns_listenlist_t **listp);
-/*%
+/*
  * Detach 'listp'.
  */
 
 isc_result_t
 ns_listenlist_default(isc_mem_t *mctx, in_port_t port,
 		      isc_boolean_t enabled, ns_listenlist_t **target);
-/*%
+/*
  * Create a listen-on list with default contents, matching
  * all addresses with port 'port' (if 'enabled' is ISC_TRUE),
  * or no addresses (if 'enabled' is ISC_FALSE).

bin/named/include/named/log.h

@@ -1,27 +1,25 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: log.h,v 1.27 2009/01/07 23:47:46 tbox Exp $ */
+/* $Id: log.h,v 1.13 2000/06/22 21:49:43 tale Exp $ */
 
 #ifndef NAMED_LOG_H
 #define NAMED_LOG_H 1
 
-/*! \file */
-
 #include <isc/log.h>
 #include <isc/types.h>
 
@@ -33,10 +31,6 @@
 #define NS_LOGCATEGORY_CLIENT		(&ns_g_categories[1])
 #define NS_LOGCATEGORY_NETWORK		(&ns_g_categories[2])
 #define NS_LOGCATEGORY_UPDATE		(&ns_g_categories[3])
-#define NS_LOGCATEGORY_QUERIES		(&ns_g_categories[4])
-#define NS_LOGCATEGORY_UNMATCHED	(&ns_g_categories[5])
-#define NS_LOGCATEGORY_UPDATE_SECURITY	(&ns_g_categories[6])
-#define NS_LOGCATEGORY_QUERY_EERRORS	(&ns_g_categories[7])
 
 /*
  * Backwards compatibility.
@@ -52,16 +46,16 @@
 #define NS_LOGMODULE_XFER_IN		(&ns_g_modules[6])
 #define NS_LOGMODULE_XFER_OUT		(&ns_g_modules[7])
 #define NS_LOGMODULE_NOTIFY		(&ns_g_modules[8])
-#define NS_LOGMODULE_CONTROL		(&ns_g_modules[9])
+#define NS_LOGMODULE_OMAPI		(&ns_g_modules[9])
 #define NS_LOGMODULE_LWRESD		(&ns_g_modules[10])
 
 isc_result_t
 ns_log_init(isc_boolean_t safe);
-/*%
+/*
  * Initialize the logging system and set up an initial default
  * logging default configuration that will be used until the
  * config file has been read.
- *
+ * 
  * If 'safe' is true, use a default configuration that refrains
  * from opening files.  This is to avoid creating log files
  * as root.
@@ -69,7 +63,7 @@ ns_log_init(isc_boolean_t safe);
 
 isc_result_t
 ns_log_setdefaultchannels(isc_logconfig_t *lcfg);
-/*%
+/*
  * Set up logging channels according to the named defaults, which
  * may differ from the logging library defaults.  Currently,
  * this just means setting up default_debug.
@@ -77,22 +71,16 @@ ns_log_setdefaultchannels(isc_logconfig_t *lcfg);
 
 isc_result_t
 ns_log_setsafechannels(isc_logconfig_t *lcfg);
-/*%
+/*
  * Like ns_log_setdefaultchannels(), but omits any logging to files.
  */
 
 isc_result_t
 ns_log_setdefaultcategory(isc_logconfig_t *lcfg);
-/*%
+/*
  * Set up "category default" to go to the right places.
  */
 
-isc_result_t
-ns_log_setunmatchedcategory(isc_logconfig_t *lcfg);
-/*%
- * Set up "category unmatched" to go to the right places.
- */
-
 void
 ns_log_shutdown(void);
 

bin/named/include/named/logconf.h

@@ -1,34 +1,34 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2001  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: logconf.h,v 1.17 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: logconf.h,v 1.6 2000/06/22 21:49:44 tale Exp $ */
 
 #ifndef NAMED_LOGCONF_H
 #define NAMED_LOGCONF_H 1
 
-/*! \file */
-
 #include <isc/log.h>
 
+#include <dns/conflog.h>
+
 isc_result_t
-ns_log_configure(isc_logconfig_t *logconf, const cfg_obj_t *logstmt);
-/*%<
+ns_log_configure(isc_logconfig_t *logconf, dns_c_logginglist_t *clog);
+/*
  * Set up the logging configuration in '*logconf' according to
- * the named.conf data in 'logstmt'.
+ * the named.conf data in 'clog'.
  */
 
 #endif /* NAMED_LOGCONF_H */

bin/named/include/named/lwdclient.h

@@ -1,27 +1,25 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: lwdclient.h,v 1.20 2009/01/17 23:47:42 tbox Exp $ */
+/* $Id: lwdclient.h,v 1.2.2.1 2000/06/26 21:47:36 gson Exp $ */
 
 #ifndef NAMED_LWDCLIENT_H
 #define NAMED_LWDCLIENT_H 1
 
-/*! \file */
-
 #include <isc/event.h>
 #include <isc/eventclass.h>
 #include <isc/netaddr.h>
@@ -33,30 +31,25 @@
 
 #include <lwres/lwres.h>
 
-#include <named/lwsearch.h>
-
 #define LWRD_EVENTCLASS		ISC_EVENTCLASS(4242)
 
 #define LWRD_SHUTDOWN		(LWRD_EVENTCLASS + 0x0001)
 
-/*% Lightweight Resolver Daemon Client */
 struct ns_lwdclient {
-	isc_sockaddr_t		address;	/*%< where to reply */
-	struct in6_pktinfo	pktinfo;
-	isc_boolean_t		pktinfo_valid;
-	ns_lwdclientmgr_t	*clientmgr;	/*%< our parent */
+	isc_sockaddr_t		address;	/* where to reply */
+	ns_lwdclientmgr_t	*clientmgr;	/* our parent */
 	ISC_LINK(ns_lwdclient_t) link;
 	unsigned int		state;
-	void			*arg;		/*%< packet processing state */
+	void		       *arg;		/* packet processing state */
 
 	/*
 	 * Received data info.
 	 */
-	unsigned char		buffer[LWRES_RECVLENGTH]; /*%< receive buffer */
-	isc_uint32_t		recvlength;	/*%< length recv'd */
+	unsigned char		buffer[LWRES_RECVLENGTH]; /* receive buffer */
+	isc_uint32_t		recvlength;	/* length recv'd */
 	lwres_lwpacket_t	pkt;
 
-	/*%
+	/*
 	 * Send data state.  If sendbuf != buffer (that is, the send buffer
 	 * isn't our receive buffer) it will be freed to the lwres_context_t.
 	 */
@@ -64,36 +57,26 @@ struct ns_lwdclient {
 	isc_uint32_t		sendlength;
 	isc_buffer_t		recv_buffer;
 
-	/*%
+	/*
 	 * gabn (get address by name) state info.
 	 */
 	dns_adbfind_t		*find;
 	dns_adbfind_t		*v4find;
 	dns_adbfind_t		*v6find;
-	unsigned int		find_wanted;	/*%< Addresses we want */
-	dns_fixedname_t		query_name;
+	unsigned int		find_wanted;	/* Addresses we want */
 	dns_fixedname_t		target_name;
-	ns_lwsearchctx_t	searchctx;
 	lwres_gabnresponse_t	gabn;
 
-	/*%
+	/*
 	 * gnba (get name by address) state info.
 	 */
 	lwres_gnbaresponse_t	gnba;
 	dns_byaddr_t	       *byaddr;
 	unsigned int		options;
 	isc_netaddr_t		na;
+	dns_adbaddrinfo_t      *addrinfo;
 
-	/*%
-	 * grbn (get rrset by name) state info.
-	 *
-	 * Note: this also uses target_name and searchctx.
-	 */
-	lwres_grbnresponse_t	grbn;
-	dns_lookup_t	       *lookup;
-	dns_rdatatype_t		rdtype;
-
-	/*%
+	/*
 	 * Alias and address info.  This is copied up to the gabn/gnba
 	 * structures eventually.
 	 *
@@ -106,7 +89,7 @@ struct ns_lwdclient {
 	lwres_addr_t		addrs[LWRES_MAX_ADDRS];
 };
 
-/*%
+/*
  * Client states.
  *
  * _IDLE	The client is not doing anything at all.
@@ -159,7 +142,7 @@ struct ns_lwdclient {
 #define NS_LWDCLIENT_ISSEND(c)		\
 			((c)->state == NS_LWDCLIENT_STATESEND)
 
-/*%
+/*
  * Overall magic test that means we're not idle.
  */
 #define NS_LWDCLIENT_ISRUNNING(c)	(!NS_LWDCLIENT_ISIDLE(c))
@@ -177,26 +160,20 @@ struct ns_lwdclient {
 #define NS_LWDCLIENT_SETSENDDONE(c)	\
 			((c)->state = NS_LWDCLIENT_STATESENDDONE)
 
-/*% lightweight daemon client manager */
 struct ns_lwdclientmgr {
-	ns_lwreslistener_t     *listener;
 	isc_mem_t	       *mctx;
-	isc_socket_t	       *sock;		/*%< socket to use */
+	isc_task_t	       *task;		/* owning task */
+	isc_socket_t	       *sock;		/* socket to use */
 	dns_view_t	       *view;
-	lwres_context_t	       *lwctx;		/*%< lightweight proto context */
-	isc_task_t	       *task;		/*%< owning task */
 	unsigned int		flags;
-	ISC_LINK(ns_lwdclientmgr_t)	link;
-	ISC_LIST(ns_lwdclient_t)	idle;		/*%< idle client slots */
-	ISC_LIST(ns_lwdclient_t)	running;	/*%< running clients */
+	lwres_context_t	       *lwctx;		/* lightweight proto context */
+	ISC_LIST(ns_lwdclient_t)	idle;		/* idle client slots */
+	ISC_LIST(ns_lwdclient_t)	running;	/* running clients */
 };
 
 #define NS_LWDCLIENTMGR_FLAGRECVPENDING		0x00000001
 #define NS_LWDCLIENTMGR_FLAGSHUTTINGDOWN	0x00000002
 
-isc_result_t
-ns_lwdclientmgr_create(ns_lwreslistener_t *, unsigned int, isc_taskmgr_t *);
-
 void
 ns_lwdclient_initialize(ns_lwdclient_t *, ns_lwdclientmgr_t *);
 
@@ -215,20 +192,15 @@ ns_lwdclient_shutdown(isc_task_t *, isc_event_t *);
 void
 ns_lwdclient_send(isc_task_t *, isc_event_t *);
 
-isc_result_t
-ns_lwdclient_sendreply(ns_lwdclient_t *client, isc_region_t *r);
-
 /*
  * Processing functions of various types.
  */
 void ns_lwdclient_processgabn(ns_lwdclient_t *, lwres_buffer_t *);
 void ns_lwdclient_processgnba(ns_lwdclient_t *, lwres_buffer_t *);
-void ns_lwdclient_processgrbn(ns_lwdclient_t *, lwres_buffer_t *);
 void ns_lwdclient_processnoop(ns_lwdclient_t *, lwres_buffer_t *);
 
 void ns_lwdclient_errorpktsend(ns_lwdclient_t *, isc_uint32_t);
 
-void ns_lwdclient_log(int level, const char *format, ...)
-     ISC_FORMAT_PRINTF(2, 3);
+void ns_lwdclient_log(int level, const char *format, ...);
 
 #endif /* NAMED_LWDCLIENT_H */

bin/named/include/named/lwresd.h

@@ -1,121 +1,45 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: lwresd.h,v 1.19 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: lwresd.h,v 1.2.2.1 2000/06/28 00:19:06 gson Exp $ */
 
 #ifndef NAMED_LWRESD_H
 #define NAMED_LWRESD_H 1
 
-/*! \file */
-
 #include <isc/types.h>
 #include <isc/sockaddr.h>
 
-#include <isccfg/cfg.h>
-
 #include <dns/types.h>
 
 struct ns_lwresd {
-	unsigned int magic;
-
-	isc_mutex_t lock;
-	dns_view_t *view;
-	ns_lwsearchlist_t *search;
-	unsigned int ndots;
-	isc_mem_t *mctx;
-	isc_boolean_t shutting_down;
-	unsigned int refs;
-};
-
-struct ns_lwreslistener {
-	unsigned int magic;
-
-	isc_mutex_t lock;
-	isc_mem_t *mctx;
-	isc_sockaddr_t address;
-	ns_lwresd_t *manager;
+	isc_uint32_t magic;
+	ns_lwdclientmgr_t *cmgr;
 	isc_socket_t *sock;
-	unsigned int refs;
-	ISC_LIST(ns_lwdclientmgr_t) cmgrs;
-	ISC_LINK(ns_lwreslistener_t) link;
+	unsigned int ntasks;
+	dns_view_t *view;
+	isc_mem_t *mctx;
+	isc_task_t *task;
+	dns_dispatchmgr_t *dispmgr;
 };
 
-/*%
- * Configure lwresd.
- */
-isc_result_t
-ns_lwresd_configure(isc_mem_t *mctx, const cfg_obj_t *config);
-
-isc_result_t
-ns_lwresd_parseeresolvconf(isc_mem_t *mctx, cfg_parser_t *pctx,
-			   cfg_obj_t **configp);
-
-/*%
- * Trigger shutdown.
- */
 void
-ns_lwresd_shutdown(void);
-
-/*
- * Manager functions
- */
-/*% create manager */
-isc_result_t
-ns_lwdmanager_create(isc_mem_t *mctx, const cfg_obj_t *lwres,
-		      ns_lwresd_t **lwresdp);
-
-/*% attach to manager */
-void
-ns_lwdmanager_attach(ns_lwresd_t *source, ns_lwresd_t **targetp);
-
-/*% detach from manager */
-void
-ns_lwdmanager_detach(ns_lwresd_t **lwresdp);
-
-/*
- * Listener functions
- */
-/*% attach to listener */
-void
-ns_lwreslistener_attach(ns_lwreslistener_t *source,
-			ns_lwreslistener_t **targetp);
-
-/*% detach from lister */
-void
-ns_lwreslistener_detach(ns_lwreslistener_t **listenerp);
-
-/*% link client manager */
-void
-ns_lwreslistener_unlinkcm(ns_lwreslistener_t *listener, ns_lwdclientmgr_t *cm);
-
-/*% unlink client manager */
-void
-ns_lwreslistener_linkcm(ns_lwreslistener_t *listener, ns_lwdclientmgr_t *cm);
-
-
-
-
-/*
- * INTERNAL FUNCTIONS.
- */
-void *
-ns__lwresd_memalloc(void *arg, size_t size);
+ns_lwresd_create(isc_mem_t *mctx, dns_view_t *view, ns_lwresd_t **lwresdp);
 
 void
-ns__lwresd_memfree(void *arg, void *mem, size_t size);
+ns_lwresd_destroy(ns_lwresd_t **lwresdp);
 
 #endif /* NAMED_LWRESD_H */

bin/named/include/named/main.h

@@ -1,35 +1,26 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: main.h,v 1.17 2009/09/29 23:48:03 tbox Exp $ */
+/* $Id: main.h,v 1.4 2000/06/22 21:49:47 tale Exp $ */
 
 #ifndef NAMED_MAIN_H
 #define NAMED_MAIN_H 1
 
-/*! \file */
-
-ISC_PLATFORM_NORETURN_PRE void
-ns_main_earlyfatal(const char *format, ...)
-ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
-
 void
-ns_main_earlywarning(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
-
-void
-ns_main_setmemstats(const char *);
+ns_main_earlyfatal(const char *format, ...);
 
 #endif /* NAMED_MAIN_H */

bin/named/include/named/notify.h

@@ -1,21 +1,21 @@
 /*
- * Copyright (C) 2004, 2005, 2007, 2009  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2001  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: notify.h,v 1.16 2009/01/17 23:47:42 tbox Exp $ */
+/* $Id: notify.h,v 1.6 2000/06/22 21:49:48 tale Exp $ */
 
 #ifndef NAMED_NOTIFY_H
 #define NAMED_NOTIFY_H 1
@@ -27,9 +27,8 @@
  ***	Module Info
  ***/
 
-/*! \file
- * \brief
- *	RFC1996
+/*
+ *	RFC 1996
  *	A Mechanism for Prompt Notification of Zone Changes (DNS NOTIFY)
  */
 
@@ -40,15 +39,15 @@
 void
 ns_notify_start(ns_client_t *client);
 
-/*%<
- *	Examines the incoming message to determine appropriate zone.
+/*
+ *	Examines the incoming message to determine apporiate zone.
  *	Returns FORMERR if there is not exactly one question.
  *	Returns REFUSED if we do not serve the listed zone.
  *	Pass the message to the zone module for processing
  *	and returns the return status.
  *
  * Requires
- *\li	client to be valid.
+ *	client to be valid.
  */
 
 #endif /* NAMED_NOTIFY_H */

bin/named/include/named/omapi.h

@@ -0,0 +1,49 @@
+/*
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/* $Id: omapi.h,v 1.7.2.1 2000/07/11 17:23:07 gson Exp $ */
+
+#ifndef NAMED_OMAPI_H
+#define NAMED_OMAPI_H 1
+
+#include <dns/aclconf.h>
+#include <dns/confctx.h>
+
+#include <omapi/omapi.h>
+
+#define NS_OMAPI_PORT			953
+
+/*
+ * This string is the registration name of objects of type control_object_t.
+ */
+#define NS_OMAPI_CONTROL		"control"
+
+#define NS_OMAPI_COMMAND_RELOAD		"reload"
+#define NS_OMAPI_COMMAND_RELOADCONFIG	"reload-config"
+#define NS_OMAPI_COMMAND_RELOADZONES	"reload-zones"
+
+isc_result_t
+ns_omapi_init(void);
+
+isc_result_t
+ns_omapi_configure(isc_mem_t *mctx, dns_c_ctx_t *cctx,
+		   dns_aclconfctx_t *aclconfctx);
+
+void
+ns_omapi_shutdown(isc_boolean_t exiting);
+
+#endif /* NAMED_OMAPI_H */

bin/named/include/named/query.h

@@ -1,36 +1,33 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: query.h,v 1.40 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: query.h,v 1.17.2.1 2000/07/28 17:56:09 gson Exp $ */
 
 #ifndef NAMED_QUERY_H
 #define NAMED_QUERY_H 1
 
-/*! \file */
-
 #include <isc/types.h>
 #include <isc/buffer.h>
-#include <isc/netaddr.h>
 
 #include <dns/types.h>
+#include <dns/a6.h>
 
 #include <named/types.h>
 
-/*% nameserver database version structure */
 typedef struct ns_dbversion {
 	dns_db_t			*db;
 	dns_dbversion_t			*version;
@@ -38,39 +35,30 @@ typedef struct ns_dbversion {
 	ISC_LINK(struct ns_dbversion)	link;
 } ns_dbversion_t;
 
-/*% nameserver query structure */
 struct ns_query {
 	unsigned int			attributes;
 	unsigned int			restarts;
-	isc_boolean_t			timerset;
 	dns_name_t *			qname;
 	dns_name_t *			origqname;
+	dns_rdataset_t *		qrdataset;
 	unsigned int			dboptions;
 	unsigned int			fetchoptions;
 	dns_db_t *			gluedb;
-	dns_db_t *			authdb;
-	dns_zone_t *			authzone;
-	isc_boolean_t			authdbset;
-	isc_boolean_t			isreferral;
-	isc_mutex_t			fetchlock;
 	dns_fetch_t *			fetch;
+	dns_a6context_t			a6ctx;
 	isc_bufferlist_t		namebufs;
 	ISC_LIST(ns_dbversion_t)	activeversions;
 	ISC_LIST(ns_dbversion_t)	freeversions;
 };
 
-#define NS_QUERYATTR_RECURSIONOK	0x0001
-#define NS_QUERYATTR_CACHEOK		0x0002
-#define NS_QUERYATTR_PARTIALANSWER	0x0004
-#define NS_QUERYATTR_NAMEBUFUSED	0x0008
-#define NS_QUERYATTR_RECURSING		0x0010
-#define NS_QUERYATTR_CACHEGLUEOK	0x0020
-#define NS_QUERYATTR_QUERYOKVALID	0x0040
-#define NS_QUERYATTR_QUERYOK		0x0080
-#define NS_QUERYATTR_WANTRECURSION	0x0100
-#define NS_QUERYATTR_SECURE		0x0200
-#define NS_QUERYATTR_NOAUTHORITY	0x0400
-#define NS_QUERYATTR_NOADDITIONAL	0x0800
+#define NS_QUERYATTR_RECURSIONOK	0x01
+#define NS_QUERYATTR_CACHEOK		0x02
+#define NS_QUERYATTR_PARTIALANSWER	0x04
+#define NS_QUERYATTR_NAMEBUFUSED	0x08
+#define NS_QUERYATTR_RECURSING		0x10
+#define NS_QUERYATTR_CACHEGLUEOK	0x20
+#define NS_QUERYATTR_QUERYOKVALID	0x40
+#define NS_QUERYATTR_QUERYOK		0x80
 
 isc_result_t
 ns_query_init(ns_client_t *client);
@@ -81,7 +69,4 @@ ns_query_free(ns_client_t *client);
 void
 ns_query_start(ns_client_t *client);
 
-void
-ns_query_cancel(ns_client_t *client);
-
 #endif /* NAMED_QUERY_H */

bin/named/include/named/server.h

@@ -1,175 +1,77 @@
 /*
- * Copyright (C) 2004-2010  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2003  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: server.h,v 1.106 2010/05/14 23:50:39 tbox Exp $ */
+/* $Id: server.h,v 1.32.2.1 2000/07/26 23:51:35 bwelling Exp $ */
 
 #ifndef NAMED_SERVER_H
 #define NAMED_SERVER_H 1
 
-/*! \file */
-
 #include <isc/log.h>
-#include <isc/magic.h>
-#include <isc/quota.h>
 #include <isc/sockaddr.h>
 #include <isc/types.h>
-#include <isc/xml.h>
+#include <isc/quota.h>
 
-#include <dns/acl.h>
 #include <dns/types.h>
-
-#include <named/types.h>
+#include <dns/acl.h>
 
 #define NS_EVENTCLASS		ISC_EVENTCLASS(0x4E43)
 #define NS_EVENT_RELOAD		(NS_EVENTCLASS + 0)
 #define NS_EVENT_CLIENTCONTROL	(NS_EVENTCLASS + 1)
 
-/*%
+/*
  * Name server state.  Better here than in lots of separate global variables.
  */
 struct ns_server {
-	unsigned int		magic;
+	isc_uint32_t		magic;
 	isc_mem_t *		mctx;
 
 	isc_task_t *		task;
 
+	/* Common rwlock for the server's configurable data. */
+	isc_rwlock_t		conflock;
+	
 	/* Configurable data. */
 	isc_quota_t		xfroutquota;
 	isc_quota_t		tcpquota;
 	isc_quota_t		recursionquota;
-	dns_acl_t		*blackholeacl;
-	char *			statsfile;	/*%< Statistics file name */
-	char *			dumpfile;	/*%< Dump file name */
-	char *			bindkeysfile;	/*%< bind.keys file name */
-	char *			recfile;	/*%< Recursive file name */
-	isc_boolean_t		version_set;	/*%< User has set version */
-	char *			version;	/*%< User-specified version */
-	isc_boolean_t		hostname_set;	/*%< User has set hostname */
-	char *			hostname;	/*%< User-specified hostname */
-	/*% Use hostname for server id */
-	isc_boolean_t		server_usehostname;
-	char *			server_id;	/*%< User-specified server id */
 
-	/*%
-	 * Current ACL environment.  This defines the
-	 * current values of the localhost and localnets
-	 * ACLs.
-	 */
+	/* Not really configurable, but covered by conflock. */
 	dns_aclenv_t		aclenv;
 
 	/* Server data structures. */
-	dns_loadmgr_t *		loadmgr;
 	dns_zonemgr_t *		zonemgr;
+	ns_clientmgr_t *	clientmgr;
 	dns_viewlist_t		viewlist;
 	ns_interfacemgr_t *	interfacemgr;
 	dns_db_t *		in_roothints;
 	dns_tkeyctx_t *		tkeyctx;
-
 	isc_timer_t *		interface_timer;
-	isc_timer_t *		heartbeat_timer;
-	isc_timer_t *		pps_timer;
-
-	isc_uint32_t		interface_interval;
-	isc_uint32_t		heartbeat_interval;
-
+	
 	isc_mutex_t		reload_event_lock;
 	isc_event_t *		reload_event;
-
-	isc_boolean_t		flushonshutdown;
-	isc_boolean_t		log_queries;	/*%< For BIND 8 compatibility */
-
-	ns_cachelist_t		cachelist;	/*%< Possibly shared caches */
-	isc_stats_t *		nsstats;	/*%< Server stats */
-	dns_stats_t *		rcvquerystats;	/*% Incoming query stats */
-	dns_stats_t *		opcodestats;	/*%< Incoming message stats */
-	isc_stats_t *		zonestats;	/*% Zone management stats */
-	isc_stats_t  *		resolverstats;	/*% Resolver stats */
-	isc_stats_t *		sockstats;	/*%< Socket stats */
-
-	ns_controls_t *		controls;	/*%< Control channels */
-	unsigned int		dispatchgen;
-	ns_dispatchlist_t	dispatches;
-
-	dns_acache_t		*acache;
-
-	ns_statschannellist_t	statschannels;
-
-	dns_tsigkey_t		*sessionkey;
-	char			*session_keyfile;
-	dns_name_t		*session_keyname;
-	unsigned int		session_keyalg;
-	isc_uint16_t		session_keybits;
 };
 
-#define NS_SERVER_MAGIC			ISC_MAGIC('S','V','E','R')
-#define NS_SERVER_VALID(s)		ISC_MAGIC_VALID(s, NS_SERVER_MAGIC)
-
-/*%
- * Server statistics counters.  Used as isc_statscounter_t values.
- */
-enum {
-	dns_nsstatscounter_requestv4 = 0,
-	dns_nsstatscounter_requestv6 = 1,
-	dns_nsstatscounter_edns0in = 2,
-	dns_nsstatscounter_badednsver = 3,
-	dns_nsstatscounter_tsigin = 4,
-	dns_nsstatscounter_sig0in = 5,
-	dns_nsstatscounter_invalidsig = 6,
-	dns_nsstatscounter_tcp = 7,
-
-	dns_nsstatscounter_authrej = 8,
-	dns_nsstatscounter_recurserej = 9,
-	dns_nsstatscounter_xfrrej = 10,
-	dns_nsstatscounter_updaterej = 11,
-
-	dns_nsstatscounter_response = 12,
-	dns_nsstatscounter_truncatedresp = 13,
-	dns_nsstatscounter_edns0out = 14,
-	dns_nsstatscounter_tsigout = 15,
-	dns_nsstatscounter_sig0out = 16,
-
-	dns_nsstatscounter_success = 17,
-	dns_nsstatscounter_authans = 18,
-	dns_nsstatscounter_nonauthans = 19,
-	dns_nsstatscounter_referral = 20,
-	dns_nsstatscounter_nxrrset = 21,
-	dns_nsstatscounter_servfail = 22,
-	dns_nsstatscounter_formerr = 23,
-	dns_nsstatscounter_nxdomain = 24,
-	dns_nsstatscounter_recursion = 25,
-	dns_nsstatscounter_duplicate = 26,
-	dns_nsstatscounter_dropped = 27,
-	dns_nsstatscounter_failure = 28,
-
-	dns_nsstatscounter_xfrdone = 29,
-
-	dns_nsstatscounter_updatereqfwd = 30,
-	dns_nsstatscounter_updaterespfwd = 31,
-	dns_nsstatscounter_updatefwdfail = 32,
-	dns_nsstatscounter_updatedone = 33,
-	dns_nsstatscounter_updatefail = 34,
-	dns_nsstatscounter_updatebadprereq = 35,
-
-	dns_nsstatscounter_max = 36
-};
+#define NS_SERVER_MAGIC			0x53564552	/* SVER */
+#define NS_SERVER_VALID(s)		((s) != NULL && \
+					 (s)->magic == NS_SERVER_MAGIC)
 
 void
 ns_server_create(isc_mem_t *mctx, ns_server_t **serverp);
-/*%<
+/*
  * Create a server object with default settings.
  * This function either succeeds or causes the program to exit
  * with a fatal error.
@@ -177,139 +79,18 @@ ns_server_create(isc_mem_t *mctx, ns_server_t **serverp);
 
 void
 ns_server_destroy(ns_server_t **serverp);
-/*%<
+/*
  * Destroy a server object, freeing its memory.
  */
 
 void
 ns_server_reloadwanted(ns_server_t *server);
-/*%<
+/*
  * Inform a server that a reload is wanted.  This function
  * may be called asynchronously, from outside the server's task.
  * If a reload is already scheduled or in progress, the call
  * is ignored.
  */
 
-void
-ns_server_flushonshutdown(ns_server_t *server, isc_boolean_t flush);
-/*%<
- * Inform the server that the zones should be flushed to disk on shutdown.
- */
-
-isc_result_t
-ns_server_reloadcommand(ns_server_t *server, char *args, isc_buffer_t *text);
-/*%<
- * Act on a "reload" command from the command channel.
- */
-
-isc_result_t
-ns_server_reconfigcommand(ns_server_t *server, char *args);
-/*%<
- * Act on a "reconfig" command from the command channel.
- */
-
-isc_result_t
-ns_server_notifycommand(ns_server_t *server, char *args, isc_buffer_t *text);
-/*%<
- * Act on a "notify" command from the command channel.
- */
-
-isc_result_t
-ns_server_refreshcommand(ns_server_t *server, char *args, isc_buffer_t *text);
-/*%<
- * Act on a "refresh" command from the command channel.
- */
-
-isc_result_t
-ns_server_retransfercommand(ns_server_t *server, char *args);
-/*%<
- * Act on a "retransfer" command from the command channel.
- */
-
-isc_result_t
-ns_server_togglequerylog(ns_server_t *server);
-/*%<
- * Toggle logging of queries, as in BIND 8.
- */
-
-/*%
- * Dump the current statistics to the statistics file.
- */
-isc_result_t
-ns_server_dumpstats(ns_server_t *server);
-
-/*%
- * Dump the current cache to the dump file.
- */
-isc_result_t
-ns_server_dumpdb(ns_server_t *server, char *args);
-
-/*%
- * Change or increment the server debug level.
- */
-isc_result_t
-ns_server_setdebuglevel(ns_server_t *server, char *args);
-
-/*%
- * Flush the server's cache(s)
- */
-isc_result_t
-ns_server_flushcache(ns_server_t *server, char *args);
-
-/*%
- * Flush a particular name from the server's cache(s)
- */
-isc_result_t
-ns_server_flushname(ns_server_t *server, char *args);
-
-/*%
- * Report the server's status.
- */
-isc_result_t
-ns_server_status(ns_server_t *server, isc_buffer_t *text);
-
-/*%
- * Report a list of dynamic and static tsig keys, per view.
- */
-isc_result_t
-ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text);
-
-/*%
- * Delete a specific key (with optional view).
- */
-isc_result_t
-ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text);
-
-/*%
- * Enable or disable updates for a zone.
- */
-isc_result_t
-ns_server_freeze(ns_server_t *server, isc_boolean_t freeze, char *args,
-		 isc_buffer_t *text);
-
-/*%
- * Update a zone's DNSKEY set from the key repository, and re-sign the
- * zone if there were any changes.
- */
-isc_result_t
-ns_server_sign(ns_server_t *server, char *args);
-
-/*%
- * Dump the current recursive queries.
- */
-isc_result_t
-ns_server_dumprecursing(ns_server_t *server);
-
-/*%
- * Maintain a list of dispatches that require reserved ports.
- */
-void
-ns_add_reserved_dispatch(ns_server_t *server, const isc_sockaddr_t *addr);
-
-/*%
- * Enable or disable dnssec validation.
- */
-isc_result_t
-ns_server_validation(ns_server_t *server, char *args);
 
 #endif /* NAMED_SERVER_H */

bin/named/include/named/types.h

@@ -1,48 +1,35 @@
 /*
- * Copyright (C) 2004-2009  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2001  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: types.h,v 1.31 2009/01/09 23:47:45 tbox Exp $ */
+/* $Id: types.h,v 1.13 2000/06/22 21:49:52 tale Exp $ */
 
 #ifndef NAMED_TYPES_H
 #define NAMED_TYPES_H 1
 
-/*! \file */
-
 #include <dns/types.h>
 
-typedef struct ns_cache			ns_cache_t;
-typedef ISC_LIST(ns_cache_t)		ns_cachelist_t;
 typedef struct ns_client		ns_client_t;
 typedef struct ns_clientmgr		ns_clientmgr_t;
 typedef struct ns_query			ns_query_t;
 typedef struct ns_server 		ns_server_t;
-typedef struct ns_xmld			ns_xmld_t;
-typedef struct ns_xmldmgr		ns_xmldmgr_t;
 typedef struct ns_interface 		ns_interface_t;
 typedef struct ns_interfacemgr		ns_interfacemgr_t;
 typedef struct ns_lwresd		ns_lwresd_t;
-typedef struct ns_lwreslistener		ns_lwreslistener_t;
 typedef struct ns_lwdclient		ns_lwdclient_t;
 typedef struct ns_lwdclientmgr		ns_lwdclientmgr_t;
-typedef struct ns_lwsearchlist		ns_lwsearchlist_t;
-typedef struct ns_lwsearchctx		ns_lwsearchctx_t;
-typedef struct ns_controls		ns_controls_t;
-typedef struct ns_dispatch		ns_dispatch_t;
-typedef ISC_LIST(ns_dispatch_t)		ns_dispatchlist_t;
-typedef struct ns_statschannel		ns_statschannel_t;
-typedef ISC_LIST(ns_statschannel_t)	ns_statschannellist_t;
+
 #endif /* NAMED_TYPES_H */

bin/named/include/named/update.h

@@ -1,21 +1,21 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2001  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: update.h,v 1.13 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: update.h,v 1.4 2000/06/22 21:49:54 tale Exp $ */
 
 #ifndef NAMED_UPDATE_H
 #define NAMED_UPDATE_H 1
@@ -24,8 +24,7 @@
  ***** Module Info
  *****/
 
-/*! \file
- * \brief
+/*
  * RFC2136 Dynamic Update
  */
 
@@ -45,6 +44,6 @@
  ***/
 
 void
-ns_update_start(ns_client_t *client, isc_result_t sigresult);
+ns_update_start(ns_client_t *client);
 
 #endif /* NAMED_UPDATE_H */

bin/named/include/named/xfrout.h

@@ -1,21 +1,21 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2001  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: xfrout.h,v 1.12 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: xfrout.h,v 1.4 2000/06/22 21:49:55 tale Exp $ */
 
 #ifndef NAMED_XFROUT_H
 #define NAMED_XFROUT_H 1
@@ -24,8 +24,7 @@
  ***** Module Info
  *****/
 
-/*! \file 
- * \brief
+/*
  * Outgoing zone transfers (AXFR + IXFR).
  */
 

bin/named/include/named/zoneconf.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2007, 2010, 2011  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and/or distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.h,v 1.26 2007/06/19 23:46:59 tbox Exp $ */
+/* $Id: zoneconf.h,v 1.30 2011/08/30 23:46:51 tbox Exp $ */
 
 #ifndef NS_ZONECONF_H
 #define NS_ZONECONF_H 1
@@ -33,7 +33,7 @@ ISC_LANG_BEGINDECLS
 isc_result_t
 ns_zone_configure(const cfg_obj_t *config, const cfg_obj_t *vconfig,
 		  const cfg_obj_t *zconfig, cfg_aclconfctx_t *ac,
-		  dns_zone_t *zone);
+		  dns_zone_t *zone, dns_zone_t *raw);
 /*%<
  * Configure or reconfigure a zone according to the named.conf
  * data in 'cctx' and 'czone'.
@@ -58,6 +58,21 @@ ns_zone_reusable(dns_zone_t *zone, const cfg_obj_t *zconfig);
  * and recreated, return ISC_FALSE.
  */
 
+
+isc_result_t
+ns_zone_configure_writeable_dlz(dns_dlzdb_t *dlzdatabase, dns_zone_t *zone,
+				dns_rdataclass_t rdclass, dns_name_t *name);
+/*%>
+ * configure a DLZ zone, setting up the database methods and calling
+ * postload to load the origin values
+ *
+ * Require:
+ * \li	'dlzdatabase' to be a valid dlz database
+ * \li	'zone' to be initialized.
+ * \li	'rdclass' to be a valid rdataclass
+ * \li	'name' to be a valid zone origin name
+ */
+
 ISC_LANG_ENDDECLS
 
 #endif /* NS_ZONECONF_H */

bin/named/listenlist.c

@@ -1,23 +1,21 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 2000, 2001  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: listenlist.c,v 1.14 2007/06/19 23:46:59 tbox Exp $ */
-
-/*! \file */
+/* $Id: listenlist.c,v 1.6 2000/06/23 01:34:36 gson Exp $ */
 
 #include <config.h>
 
@@ -79,7 +77,7 @@ destroy(ns_listenlist_t *list) {
 		next = ISC_LIST_NEXT(elt, link);
 		ns_listenelt_destroy(elt);
 	}
-	isc_mem_put(list->mctx, list, sizeof(*list));
+	isc_mem_put(list->mctx, list, sizeof(*list));	
 }
 
 void
@@ -115,7 +113,7 @@ ns_listenlist_default(isc_mem_t *mctx, in_port_t port,
 		result = dns_acl_none(mctx, &acl);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup;
-
+	
 	result = ns_listenelt_create(mctx, port, acl, &elt);
 	if (result != ISC_R_SUCCESS)
 		goto cleanup_acl;

bin/named/log.c

@@ -1,56 +1,41 @@
 /*
- * Copyright (C) 2004-2007, 2009  Internet Systems Consortium, Inc. ("ISC")
- * Copyright (C) 1999-2002  Internet Software Consortium.
- *
- * Permission to use, copy, modify, and/or distribute this software for any
+ * Copyright (C) 1999, 2000  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
  * purpose with or without fee is hereby granted, provided that the above
  * copyright notice and this permission notice appear in all copies.
- *
- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- * AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- * PERFORMANCE OF THIS SOFTWARE.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
  */
 
-/* $Id: log.c,v 1.49 2009/01/07 01:46:40 jinmei Exp $ */
-
-/*! \file */
+/* $Id: log.c,v 1.20 2000/06/22 21:49:22 tale Exp $ */
 
 #include <config.h>
 
-#include <isc/result.h>
-
-#include <isccfg/log.h>
-
 #include <named/log.h>
 
-#ifndef ISC_FACILITY
-#define ISC_FACILITY LOG_DAEMON
-#endif
-
-/*%
+/*
  * When adding a new category, be sure to add the appropriate
- * \#define to <named/log.h> and to update the list in
- * bin/check/check-tool.c.
+ * #define to <named/log.h>.
  */
 static isc_logcategory_t categories[] = {
 	{ "",		 		0 },
 	{ "client",	 		0 },
 	{ "network",	 		0 },
 	{ "update",	 		0 },
-	{ "queries",	 		0 },
-	{ "unmatched",	 		0 },
-	{ "update-security",		0 },
-	{ "query-errors",		0 },
 	{ NULL, 			0 }
 };
 
-/*%
+/*
  * When adding a new module, be sure to add the appropriate
- * \#define to <dns/log.h>.
+ * #define to <dns/log.h>.
  */
 static isc_logmodule_t modules[] = {
 	{ "main",	 		0 },
@@ -62,7 +47,7 @@ static isc_logmodule_t modules[] = {
 	{ "xfer-in",	 		0 },
 	{ "xfer-out",	 		0 },
 	{ "notify",	 		0 },
-	{ "control",	 		0 },
+	{ "omapi",	 		0 },
 	{ "lwresd",	 		0 },
 	{ NULL, 			0 }
 };
@@ -70,7 +55,7 @@ static isc_logmodule_t modules[] = {
 isc_result_t
 ns_log_init(isc_boolean_t safe) {
 	isc_result_t result;
-	isc_logconfig_t *lcfg = NULL;
+	isc_logconfig_t *lcfg;
 
 	ns_g_categories = categories;
 	ns_g_modules = modules;
@@ -82,15 +67,11 @@ ns_log_init(isc_boolean_t safe) {
 	if (result != ISC_R_SUCCESS)
 		return (result);
 
-	/*
-	 * named-checktool.c:setup_logging() needs to be kept in sync.
-	 */
 	isc_log_registercategories(ns_g_lctx, ns_g_categories);
 	isc_log_registermodules(ns_g_lctx, ns_g_modules);
 	isc_log_setcontext(ns_g_lctx);
 	dns_log_init(ns_g_lctx);
 	dns_log_setcontext(ns_g_lctx);
-	cfg_log_init(ns_g_lctx);
 
 	if (safe)
 		result = ns_log_setsafechannels(lcfg);
@@ -107,8 +88,6 @@ ns_log_init(isc_boolean_t safe) {
 
  cleanup:
 	isc_log_destroy(&ns_g_lctx);
-	isc_log_setcontext(NULL);
-	dns_log_setcontext(NULL);
 
 	return (result);
 }
@@ -117,11 +96,11 @@ isc_result_t
 ns_log_setdefaultchannels(isc_logconfig_t *lcfg) {
 	isc_result_t result;
 	isc_logdestination_t destination;
-
+	
 	/*
 	 * By default, the logging library makes "default_debug" log to
 	 * stderr.  In BIND, we want to override this and log to named.run
-	 * instead, unless the -g option was given.
+	 * instead, unless the the -g option was given.
 	 */
 	if (! ns_g_logstderr) {
 		destination.file.stream = NULL;
@@ -129,24 +108,15 @@ ns_log_setdefaultchannels(isc_logconfig_t *lcfg) {
 		destination.file.versions = ISC_LOG_ROLLNEVER;
 		destination.file.maximum_size = 0;
 		result = isc_log_createchannel(lcfg, "default_debug",
-					       ISC_LOG_TOFILE,
-					       ISC_LOG_DYNAMIC,
-					       &destination,
-					       ISC_LOG_PRINTTIME|
+                                               ISC_LOG_TOFILE,
+                                               ISC_LOG_DYNAMIC,
+                                               &destination,
+                                               ISC_LOG_PRINTTIME|
 					       ISC_LOG_DEBUGONLY);
 		if (result != ISC_R_SUCCESS)
 			goto cleanup;
 	}
 
-#if ISC_FACILITY != LOG_DAEMON
-	destination.facility = ISC_FACILITY;
-	result = isc_log_createchannel(lcfg, "default_syslog",
-				       ISC_LOG_TOSYSLOG, ISC_LOG_INFO,
-				       &destination, 0);
-	if (result != ISC_R_SUCCESS)
-		goto cleanup;
-#endif
-
 	/*
 	 * Set the initial debug level.
 	 */
@@ -161,35 +131,21 @@ ns_log_setdefaultchannels(isc_logconfig_t *lcfg) {
 isc_result_t
 ns_log_setsafechannels(isc_logconfig_t *lcfg) {
 	isc_result_t result;
-#if ISC_FACILITY != LOG_DAEMON
-	isc_logdestination_t destination;
-#endif
-
+	
 	if (! ns_g_logstderr) {
 		result = isc_log_createchannel(lcfg, "default_debug",
-					       ISC_LOG_TONULL,
-					       ISC_LOG_DYNAMIC,
-					       NULL, 0);
+                                               ISC_LOG_TONULL,
+                                               ISC_LOG_DYNAMIC,
+                                               NULL, 0);
 		if (result != ISC_R_SUCCESS)
 			goto cleanup;
-
-		/*
-		 * Setting the debug level to zero should get the output
-		 * discarded a bit faster.
-		 */
-		isc_log_setdebuglevel(ns_g_lctx, 0);
-	} else {
-		isc_log_setdebuglevel(ns_g_lctx, ns_g_debuglevel);
 	}
 
-#if ISC_FACILITY != LOG_DAEMON
-	destination.facility = ISC_FACILITY;
-	result = isc_log_createchannel(lcfg, "default_syslog",
-				       ISC_LOG_TOSYSLOG, ISC_LOG_INFO,
-				       &destination, 0);
-	if (result != ISC_R_SUCCESS)
-		goto cleanup;
-#endif
+	/*
+	 * Setting the debug level to zero should get the output
+	 * discarded a bit faster.
+	 */
+	isc_log_setdebuglevel(ns_g_lctx, 0);
 
 	result = ISC_R_SUCCESS;
 
@@ -201,12 +157,10 @@ isc_result_t
 ns_log_setdefaultcategory(isc_logconfig_t *lcfg) {
 	isc_result_t result;
 
-	if (! ns_g_logstderr) {
-		result = isc_log_usechannel(lcfg, "default_syslog",
-					    ISC_LOGCATEGORY_DEFAULT, NULL);
-		if (result != ISC_R_SUCCESS)
-			goto cleanup;
-	}
+	result = isc_log_usechannel(lcfg, "default_syslog",
+				    ISC_LOGCATEGORY_DEFAULT, NULL);
+	if (result != ISC_R_SUCCESS)
+		goto cleanup;
 
 	result = isc_log_usechannel(lcfg, "default_debug",
 				    ISC_LOGCATEGORY_DEFAULT, NULL);
@@ -219,18 +173,7 @@ ns_log_setdefaultcategory(isc_logconfig_t *lcfg) {
 	return (result);
 }
 
-isc_result_t
-ns_log_setunmatchedcategory(isc_logconfig_t *lcfg) {
-	isc_result_t result;
-
-	result = isc_log_usechannel(lcfg, "null",
-				    NS_LOGCATEGORY_UNMATCHED, NULL);
-	return (result);
-}
-
 void
 ns_log_shutdown(void) {
 	isc_log_destroy(&ns_g_lctx);
-	isc_log_setcontext(NULL);
-	dns_log_setcontext(NULL);
 }