This commit was manufactured by cvs2git to create tag 'v9_4_0rc1'.

[RT #16906]

2192.   [port]          win32: use vcredist_x86.exe to install Visual
                        Studio's redistributable dlls if building with
                        Visual Stdio 2005 or later.

CHANGES

@@ -1,198 +1,5 @@
-2181.	[port]		sunos: libbind: add paths.h from BIND 8. [RT #16462]
 
-2180.	[cleanup]	Remove bit test from 'compress_test' as they
-			are no longer needed. [RT #16497]
-
-2179.	[func]		'rndc command zone' will now find 'zone' if it is
-			unique to all the views. [RT #16821]
-
-2178.	[bug]		'rndc reload' of a slave or stub zone resulted in
-			a reference leak. [RT #16867]
-
-2177.	[bug]		Array bounds overrun on read (rcodetext). [RT #16798]
-
-2176.	[contrib]	dbus update to handle race condition during
-			initialisation (Bugzilla 235809). [RT #16842]
-
-2175.	[bug]		win32: windows broadcast condition variable support
-			was broken. [RT #16592]
-
-2174.	[bug]		I/O errors should always be fatal when reading
-			master files. [RT #16825]
-
-2173.	[port]		win32: When compiling with MSVS 2005 SP1 we also
-			need to ship Microsoft.VC80.MFCLOC.
-
-	--- 9.5.0a4 released ---
-
-2172.	[bug]		query_addsoa() was being called with a non zone db.
-			[RT #16834]
-
-2171.	[bug]		Handle breaks in DNSSEC trust chains where the parent
-			servers are not DS aware (DS queries to the parent
-			return a referral to the child).
-
-2170.	[func]		Add acache processing to test suite. [RT #16711]
-
-2169.	[bug]		host, nslookup: when reporting NXDOMAIN report the
-			given name and not the last name searched for.
-			[RT #16763]
-
-2168.	[bug]		nsupdate: in non-interactive mode treat syntax errors
-			as fatal errors. [RT #16785]
-
-2167.	[bug]		When re-using a automatic zone named failed to
-			attach it to the new view. [RT #16786]
-
-	--- 9.5.0a3 released ---
-
-2166.	[bug]		When running in batch mode, dig could misinterpret
-			a server address as a name to be looked up, causing
-			unexpected output. [RT #16743]
-
-2165.	[func]		Allow the destination address of a query to determine
-			if we will answer the query or recurse.
-			allow-query-on, allow-recursion-on and
-			allow-query-cache-on. [RT #16291]
-
-2164.	[bug]		The code to determine how named-checkzone / 
-			named-compilezone was called failed under windows.
-			[RT #16764]
-
-2163.	[bug]		If only one of query-source and query-source-v6
-			specified a port the query pools code broke (change
-			2129).  [RT #16768]
-
-2162.	[func]		Allow "rrset-order fixed" to be disabled at compile
-			time. [RT #16665]
-
-2161.	[bug]		Fix which log messages are emitted for 'rndc flush'.
-			[RT #16698]
-
-2160.	[bug]		libisc wasn't handling NULL ifa_addr pointers returned
-			from getifaddrs(). [RT #16708]
-
-	--- 9.5.0a2 released ---
-
-2159.	[bug]		Array bounds overrun in acache processing. [RT #16710]
-
-2158.	[bug]		ns_client_isself() failed to initialise key
-			leading to a REQUIRE failure. [RT #16688]
-
-2157.	[func]		dns_db_transfernode() created. [RT #16685]
-
-2156.	[bug]		Fix node reference leaks in lookup.c:lookup_find(),
-			resolver.c:validated() and resolver.c:cache_name().
-			Fix a memory leak in rbtdb.c:free_noqname().
-			Make lookup.c:lookup_find() robust against
-			event leaks. [RT #16685]
-
-2155.	[contrib]	SQLite sdb module from jaboydjr@netwalk.com.
-			[RT #16694]
-
-2154.	[func]		Scoped (e.g. IPv6 link-local) addresses may now be
-			matched in acls by omitting the scope. [RT #16599]
-
-2153.	[bug]		nsupdate could leak memory. [RT #16691]
-
-2152.	[cleanup]	Use sizeof(buf) instead of fixed number in
-			dighost.c:get_trusted_key(). [RT #16678]
-
-2151.	[bug]		Missing newline in usage message for journalprint.
-			[RT #16679]
-
-2150.	[bug]		'rrset-order cyclic' uniformly distribute the
-			starting point for the first response for a given
-			RRset. [RT #16655]
-
-2149.	[bug]		isc_mem_checkdestroyed() failed to abort on
-			if there were still active memory contexts.
-			[RT #16672]
-
-2148.	[func]		Add positive logging for rndc commands. [RT #14623]
-
-2147.	[bug]		libbind: remove potential buffer overflow from
-			hmac_link.c. [RT #16437]
-
-2146.	[cleanup]	Silence Linux's spurious "obsolete setsockopt
-			SO_BSDCOMPAT" message. [RT #16641]
-
-2145.	[bug]		Check DS/DLV digest lengths for known digests.
-			[RT #16622]
-
-2144.	[cleanup]	Suppress logging of SERVFAIL from forwarders.
-			[RT #16619]
-
-2143.	[bug]		We failed to restart the IPv6 client when the
-			kernel failed to return the destination the
-			packet was sent to. [RT #16613]
-
-2142.	[bug]		Handle master files with a modification time that
-			matches the epoch. [RT# 16612]
-
-2141.	[bug]		dig/host should not be setting IDN_ASCCHECK (IDN
-			equivalent of LDH checks).  [RT #16609]
-
-2140.	[bug]		libbind: missing unlock on pthread_key_create()
-			failures. [RT #16654]
-
-2139.	[bug]		dns_view_find() was being called with wrong type
-			in adb.c. [RT #16670]
-
-2138.	[bug]		Lock order reversal in resolver.c. [RT #16653]
-
-2137.	[port]		Mips little endian and/or mips 64 bit are now
-			supported for atomic operations. [RT#16648]
-
-2136.	[bug]		nslookup/host looped if there was no search list
-			and the host didn't exist. [RT #16657]
-
-2135.	[bug]		Uninitialised rdataset in sdlz.c. [RT# 16656]
-
-2134.	[func]		Additional statistics support. [RT #16666]
-
-2133.	[port]		powerpc:  Support both IBM and MacOS Power PC
-			assembler syntaxes. [RT #16647]
-
-2132.	[bug]		Missing unlock on out of memory in
-			dns_dispatchmgr_setudp().
-
-2131.	[contrib]	dlz/mysql: AXFR was broken. [RT #16630]
-
-2130.	[func]		Log if CD or DO were set. [RT #16640]
-
-2129.	[func]		Provide a pool of UDP sockets for queries to be
-			made over. See use-queryport-pool, queryport-pool-ports
-			and queryport-pool-updateinterval.  [RT #16415]
-
-2128.	[doc]		xsltproc --nonet, update DTD versions.  [RT #16635]
-
-2127.	[port]		Improved OpenSSL 0.9.8 support. [RT #16563]
-
-2126.	[security]	Serialise validation of type ANY responses. [RT #16555]
-
-2125.	[bug]		dns_zone_getzeronosoattl() REQUIRE failure if DLZ
-			was defined. [RT #16574]
-
-2124.	[security]	It was possible to dereference a freed fetch
-			context. [RT #16584]
-
-	--- 9.5.0a1 released ---
-
-2123.	[func]		Use Doxygen to generate internal documention.
-			[RT #11398]
-
-2122.	[func]		Experimental http server and statistics support
-			for named via xml.
-
-2121.	[func]		Add a 10 slot dead masters cache (LRU) with a 600
-			second timeout. [RT #16553]
-
-2120.	[doc]		Fix markup on nsupdate man page. [RT #16556]
-
-2119.	[compat]	libbind: allow res_init() to succeed enough to
-			return the default domain even if it was unable
-			to allocate memory.
+	--- 9.4.0rc1 released ---
 
 2118.	[bug]		Handle response with long chains of domain name
 			compression pointers which point to other compression
@@ -227,14 +34,8 @@
 
 2109.	[port]		libbind: silence aix 5.3 compiler warnings. [RT #16502]
 
-2108.	[func]		DHCID support. [RT #16456]
-
 2107.	[bug]		dighost.c: more cleanup of buffers. [RT #16499]
 
-2106.	[func]		'rndc status' now reports named's version. [RT #16426]
-
-2105.	[func]		GSS-TSIG support (RFC 3645).
-
 2104.	[port]		Fix Solaris SMF error message.
 
 2103.	[port]		Add /usr/sfw to list of locations for OpenSSL
@@ -242,6 +43,8 @@
 
 2102.	[port]		Silence solaris 10 warnings.
 
+	--- 9.4.0b4 released ---
+
 2101.	[bug]		OpenSSL version checks were not quite right.
 			[RT #16476]
 
@@ -254,6 +57,8 @@
 			triggered an INSIST failure about the node lock
 			reference.  [RT #16411]
 
+	--- 9.4.0b3 released ---
+
 2097.	[bug]		named could reference a destroyed memory context
 			after being reloaded / reconfigured. [RT #16428]
 
@@ -263,7 +68,7 @@
 2095.	[port]		libbind: alway prototype inet_cidr_ntop_ipv6() and
 			net_cidr_ntop_ipv6(). [RT #16388]
  
-2094.	[contrib]	Update named-bootconf.  [RT# 16404]
+2094.	[contrib]	Update named-bootconf.	[RT# 16404]
 
 2093.	[bug]		named-checkzone -s was broken.
 
@@ -298,6 +103,8 @@
 
 2082.	[doc]		Document 'cache-file' as a test only option.
 
+	--- 9.4.0b2 released ---
+
 2081.	[port]		libbind: minor 64-bit portability fix in memcluster.c.
 			[RT #16360]
 
@@ -361,6 +168,8 @@
 2060.	[bug]		Enabling DLZ support could leave views partially
 			configured. [RT #16295]
 
+	--- 9.4.0b1 released ---
+
 2059.	[bug]		Search into cache rbtdb could trigger an INSIST
 			failure while cleaning up a stale rdataset.
 			[RT #16292]
@@ -440,15 +249,13 @@
 2036.	[bug]		'rndc recursing' could cause trigger a REQUIRE.
 			[RT #16075]
 
-2035.	[func]		Make falling back to TCP on UDP refresh failure
-			optional. Default "try-tcp-refresh yes;" for BIND 8
-			compatibility. [RT #16123]
-
 2034.	[bug]		gcc: set -fno-strict-aliasing. [RT #16124]
 
 2033.	[bug]		We wern't creating multiple client memory contexts
 			on demand as expected. [RT #16095]
 
+	--- 9.4.0a6 released ---
+
 2032.	[bug]		Remove a INSIST in query_addadditional2(). [RT #16074]
 
 2031.	[bug]		Emit a error message when "rndc refresh" is called on
@@ -495,6 +302,8 @@
 			allowed but requested and we had the answer
 			to the original qname. [RT #15945]
 
+	--- 9.4.0a5 released ---
+
 2015.	[cleanup]	use-additional-cache is now acache-enable for
 			consistancy.  Default acache-enable off in BIND 9.4
 			as it requires memory usage to be configured.
@@ -514,7 +323,7 @@
 			the signed zone, either as an increment or as the
 			system time(). [RT #15633]
 
-2010.	[placeholder]	rt15958
+	--- 9.4.0a4 released ---
 
 2009.	[bug]		libbind: coverity fixes. [RT #15808]
 
@@ -745,6 +554,12 @@
 1943.	[bug]		Set the loadtime after rolling forward the journal.
 			[RT #15647]
 
+1597.	[func]		Allow notify-source and query-source to be specified
+			on a per server basis similar to transfer-source.
+			[RT #6496]
+
+	--- 9.4.0a3 released ---
+
 1942.	[bug]		If the name of a DNSKEY match that of one in
 			trusted-keys do not attempt to validate the DNSKEY
 			using the parents DS RRset. [RT #15649]
@@ -769,9 +584,15 @@
 1935.	[bug]		'acache' was DO sensitive. [RT #15430]
 
 1934.	[func]		Validate pending NS RRsets, in the authority section,
-			prior to returning them if it can be done without
+			prior to returning them if it can be done without 
 			requiring DNSKEYs to be fetched.  [RT #15430]
 
+1919.	[contrib]	queryperf: a set of new features: collecting/printing
+			response delays, printing intermediate results, and
+			adjusting query rate for the "target" qps.
+
+	--- 9.4.0a2 released ---
+
 1933.	[bug]		dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
 
 1932.	[bug]		hpux: LDFLAGS was getting corrupted. [RT #15530]
@@ -810,9 +631,7 @@
 			have the desired performance characteristics.
 			[RT #15454]
 
-1919.	[contrib]	queryperf: a set of new features: collecting/printing
-			response delays, printing intermediate results, and
-			adjusting query rate for the "target" qps.
+	--- 9.4.0a1 released ---
 
 1918.	[bug]		Memory leak when checking acls. [RT #15391]
 
@@ -955,8 +774,6 @@
 
 1872.	[port]		win32: Handle ERROR_NETNAME_DELETED.  [RT #13753]
 
-1871.	[placeholder]
-
 1870.	[func]		Added framework for handling multiple EDNS versions.
 			[RT #14873]
 
@@ -1101,8 +918,6 @@
 
 1822.	[bug]		check-names test for RT was reversed. [RT #13382]
 
-1821.	[placeholder]
-
 1820.	[bug]		Gracefully handle acl loops. [RT #13659]
 
 1819.	[bug]		The validator needed to check both the algorithm and
@@ -1252,10 +1067,6 @@
 
 1773.	[bug]		Fast retry on host / net unreachable. [RT #13153]
 
-1772.	[placeholder]
-
-1771.	[placeholder]
-
 1770.	[bug]		named-checkconf failed to report missing a missing
 			file clause for rbt{64} master/hint zones. [RT#13009]
 
@@ -1559,8 +1370,6 @@
 1670.	[func]		Log UPDATE requests to slave zones without an acl as
 			"disabled" at debug level 3. [RT# 11657]
 
-1669.	[placeholder]
-
 1668.	[bug]		DIG_SIGCHASE was making bin/dig/host dump core.
 
 1667.	[port]		linux: not all versions have IF_NAMESIZE.
@@ -1767,10 +1576,6 @@
 1598.	[func]		Specify that certain parts of the namespace must
 			be secure (dnssec-must-be-secure).
 
-1597.	[func]		Allow notify-source and query-source to be specified
-			on a per server basis similar to transfer-source.
-			[RT #6496]
-
 1596.	[func]		Accept 'notify-source' style syntax for query-source.
 
 1595.	[func]		New notify type 'master-only'.  Enable notify for
@@ -1893,7 +1698,7 @@
 			[RT #6427]
 
 1555.	[func]		'rrset-order cyclic' no longer has a random starting
-			point per query. [RT #7572]
+			point. [RT #7572]
 
 1554.	[bug]		dig, host, nslookup failed when no nameservers
 			were specified in /etc/resolv.conf. [RT #8232]

COPYRIGHT

@@ -1,4 +1,4 @@
-Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
 Copyright (C) 1996-2003  Internet Software Consortium.
 
 Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@ LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
 OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 PERFORMANCE OF THIS SOFTWARE.
 
-$Id: COPYRIGHT,v 1.12 2007/01/03 04:53:20 marka Exp $
+$Id: COPYRIGHT,v 1.9.18.2 2006/01/04 00:37:23 marka Exp $
 
 Portions Copyright (C) 1996-2001  Nominum, Inc.
 

FAQ

@@ -1,9 +1,5 @@
 Frequently Asked Questions about BIND 9
 
-Copyright © 2004-2007 Internet Systems Consortium, Inc. ("ISC")
-
-Copyright © 2000-2003 Internet Software Consortium.
-
 -------------------------------------------------------------------------------
 
 Q: Why doesn't -u work on Linux 2.2.x when I build with --enable-threads?
@@ -75,12 +71,12 @@ Q: Why do I get errors like "dns_zone_load: zone foo/IN: loading master file bar
 A: This is often caused by TXT records with missing close quotes. Check that all
    TXT records containing quoted strings have both open and close quotes.
 
-Q: How do I produce a usable core file from a multi-threaded named on Linux?
+Q: How do I produce a usable core file from a multithreaded named on Linux?
 
-A: If the Linux kernel is 2.4.7 or newer, multi-threaded core dumps are usable
+A: If the Linux kernel is 2.4.7 or newer, multithreaded core dumps are usable
    (that is, the correct thread is dumped). Otherwise, if using a 2.2 kernel,
    apply the kernel patch found in contrib/linux/coredump-patch and rebuild the
-   kernel. This patch will cause multi-threaded programs to dump the correct
+   kernel. This patch will cause multithreaded programs to dump the correct
    thread.
 
 Q: How do I restrict people from looking up the server version?
@@ -310,7 +306,7 @@ A: These indicate a malformed master zone. You can identify the exact records
    named-checkzone example.com tmp
 
    A CNAME record cannot exist with the same name as another record except for the
-   DNSSEC records which prove its existence (NSEC).
+   DNSSEC records which prove its existance (NSEC).
 
    RFC 1034, Section 3.6.2: "If a CNAME RR is present at a node, no other data
    should be present; this ensures that the data for a canonical name and its
@@ -385,11 +381,11 @@ Q: I get a error message like "zone wireless.ietf56.ietf.org/IN: loading master
 A: This error is produced when a line in the master file contains leading white
    space (tab/space) but the is no current record owner name to inherit the name
    from. Usually this is the result of putting white space before a comment.
-   Forgetting the "@" for the SOA record or indenting the master file.
+   Forgeting the "@" for the SOA record or indenting the master file.
 
 Q: Why are my logs in GMT (UTC).
 
-A: You are running chrooted (-t) and have not supplied local timezone information
+A: You are running chrooted (-t) and have not supplied local timzone information
    in the chroot area.
 
    FreeBSD: /etc/localtime
@@ -474,7 +470,7 @@ A: These indicate a filesystem permission error preventing named creating /
            masters { 192.168.4.12; };
    };
 
-Q: How do I integrate BIND 9 and Solaris SMF
+Q: How do I intergrate BIND 9 and Solaris SMF
 
 A: Sun has a blog entry describing how to do this.
 
@@ -487,7 +483,7 @@ A: No. The rules for glue (copies of the *address* records in the parent zones)
 
    You would have to add both the CNAME and address records (A/AAAA) as glue to
    the parent zone and have CNAMEs be followed when doing additional section
-   processing to make it work. No nameserver implementation supports either of
+   processing to make it work. No namesever implementation supports either of
    these requirements.
 
 Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?
@@ -495,7 +491,7 @@ Q: What does "RFC 1918 response from Internet for 0.0.0.10.IN-ADDR.ARPA" mean?
 A: If the IN-ADDR.ARPA name covered refers to a internal address space you are
    using then you have failed to follow RFC 1918 usage rules and are leaking
    queries to the Internet. You should establish your own zones for these
-   addresses to prevent you querying the Internet's name servers for these
+   addresses to prevent you quering the Internet's name servers for these
    addresses. Please see http://as112.net/ for details of the problems you are
    causing and the counter measures that have had to be deployed.
 
@@ -549,7 +545,7 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
    Red Hat have adopted the National Security Agency's SELinux security policy (
    see http://www.nsa.gov/selinux ) and recommendations for BIND security , which
    are more secure than running named in a chroot and make use of the bind-chroot
-   environment unnecessary .
+   environment unecessary .
 
    By default, named is not allowed by the SELinux policy to write, create or
    delete any files EXCEPT in these directories:
@@ -614,19 +610,19 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
    in different locations, you can do so by changing the context of the custom
    file locations .
 
-   To create a custom configuration file location, e.g. '/root/named.conf', to use
+   To create a custom configuration file location, eg. '/root/named.conf', to use
    with the 'named -c' option, do:
 
    # chcon system_u:object_r:named_conf_t /root/named.conf
 
 
-   To create a custom modifiable named data location, e.g. '/var/log/named' for a
+   To create a custom modifiable named data location, eg. '/var/log/named' for a
    log file, do:
 
    # chcon system_u:object_r:named_cache_t /var/log/named
 
 
-   To create a custom zone file location, e.g. /root/zones/, do:
+   To create a custom zone file location, eg. /root/zones/, do:
 
    # chcon system_u:object_r:named_zone_t /root/zones/{.,*}
 
@@ -634,88 +630,3 @@ A: Red Hat Security Enhanced Linux (SELinux) policy security protections :
    See these man-pages for more information : selinux(8), named_selinux(8), chcon
    (1), setsebool(8)
 
-Q: I want to forward all DNS queries from my caching nameserver to another server.
-   But there are some domains which have to be served locally, via rbldnsd.
-
-   How do I achieve this ?
-
-A: options {
-           forward only;
-           forwarders { <ip.of.primary.nameserver>; };
-   };
-
-   zone "sbl-xbl.spamhaus.org" {
-           type forward; forward only;
-           forwarders { <ip.of.rbldns.server> port 530; };
-   };
-
-   zone "list.dsbl.org" {
-           type forward; forward only;
-           forwarders { <ip.of.rbldns.server> port 530; };
-   };
-
-
-Q: Will named be affected by the 2007 changes to daylight savings rules in the US.
-
-A: No, so long as the machines internal clock (as reported by "date -u") remains
-   at UTC. The only visible change if you fail to upgrade your OS, if you are in a
-   affected area, will be that log messages will be a hour out during the period
-   where the old rules do not match the new rules.
-
-   For most OS's this change just means that you need to update the conversion
-   rules from UTC to local time. Normally this involves updating a file in /etc
-   (which sets the default timezone for the machine) and possibly a directory
-   which has all the conversion rules for the world (e.g. /usr/share/zoneinfo).
-   When updating the OS do not forget to update any chroot areas as well. See your
-   OS's documentation for more details.
-
-   The local timezone conversion rules can also be done on a individual basis by
-   setting the TZ environment variable appropriately. See your OS's documentation
-   for more details.
-
-Q: Why do we get the following warning at run time:
-
-   kernel: process `named' is using obsolete setsockopt SO_BSDCOMPAT
-
-A: The early Linux kernels broke sendto() by having it return that a ICMP
-   unreachable had be received for non connected UDP sockets. This made non
-   connected UDP sockets work like connected UDP socket which is fine when you are
-   only talking to one destination. Named however talks to multiple destinations
-   and it caused problems.
-
-   Rather than fix sendto() to just have BSD behaviour they added SO_BSDCOMPAT to
-   turn BSD behaviour on/off on a per socket basis.
-
-   Later they decided to make BSD behaviour the default and to aggressively track
-   down applications that used SO_BSDCOMPAT by issuing a warning. This is the sort
-   of things vendors do in alpha/beta stages of a release so that their code is
-   clean. They then turn the warning *off* for release code.
-
-   We still have customers that have kernels that require SO_BSDCOMPAT to operate.
-   We therefore cannot remove the setsockopt(SO_BSDCOMPAT) call.
-
-   Now most/all portable applications that use SO_BSDCOMPAT use it conditionally
-   manner so just removing SO_BSDCOMPAT from the header file would be safe as long
-   as the binary was not to be moved between systems. BIND's use is conditional.
-
-   In short, the Linux developers should either, remove the #define for
-   SO_BSDCOMPAT, and/or remove the warning.
-
-Q: Isn't "make install" supposed to generate a default named.conf?
-
-A: Short Answer: No.
-
-   Long Answer: There really isn't a default configuration which fits any site
-   perfectly. There are lots of decisions that need to be made and there is no
-   consensus on what the defaults should be. For example FreeBSD uses /etc/namedb
-   as the location where the configuration files for named are stored. Others use
-   /var/named.
-
-   What addresses to listen on? For a laptop on the move a lot you may only want
-   to listen on the loop back interfaces.
-
-   Who do you offer recursive service to? Is there are firewall to consider? If so
-   is it stateless or stateful. Are you directly on the Internet? Are you on a
-   private network? Are you on a NAT'd network? The answers to all these questions
-   change how you configure even a caching name server.
-

FAQ.xml

@@ -1,8 +1,7 @@
-<?xml-stylesheet href="common.css" type="text/css"?>
 <!DOCTYPE article PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
        "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd" []>
 <!--
- - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -18,26 +17,10 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: FAQ.xml,v 1.18 2007/02/05 05:18:22 marka Exp $ -->
+<!-- $Id: FAQ.xml,v 1.4.4.5 2006/02/27 21:10:29 marka Exp $ -->
 
 <article class="faq">
   <title>Frequently Asked Questions about BIND 9</title>
-  <articleinfo>
-    <copyright>
-      <year>2004</year>
-      <year>2005</year>
-      <year>2006</year>
-      <year>2007</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <year>2003</year>
-      <holder>Internet Software Consortium.</holder>
-    </copyright>
-  </articleinfo>
   <qandaset defaultlabel='qanda'>
     <qandaentry>
       <question>
@@ -187,17 +170,17 @@ example.com. 86400 IN SOA ns hostmaster ( 1 3600 1800 1814400 3600 )</programlis
     <qandaentry>
       <question>
 	<para>
-	How do I produce a usable core file from a multi-threaded
+	How do I produce a usable core file from a multithreaded
 	named on Linux?
 	</para>
       </question>
       <answer>
 	<para>
-	If the Linux kernel is 2.4.7 or newer, multi-threaded core
+	If the Linux kernel is 2.4.7 or newer, multithreaded core
 	dumps are usable (that is, the correct thread is dumped).
 	Otherwise, if using a 2.2 kernel, apply the kernel patch
 	found in contrib/linux/coredump-patch and rebuild the kernel.
-	This patch will cause multi-threaded programs to dump the
+	This patch will cause multithreaded programs to dump the
 	correct thread.
 	</para>
       </answer>
@@ -645,7 +628,7 @@ named-checkzone example.com tmp</programlisting>
 	</informalexample>
 	<para>
 	  A CNAME record cannot exist with the same name as another record
-	  except for the DNSSEC records which prove its existence (NSEC).
+	  except for the DNSSEC records which prove its existance (NSEC).
 	</para>
 	<para>
 	  RFC 1034, Section 3.6.2: <quote>If a CNAME RR is present at a node,
@@ -769,7 +752,7 @@ Master 10.0.1.1:
 	  contains leading white space (tab/space) but the is no
 	  current record owner name to inherit the name from.  Usually
 	  this is the result of putting white space before a comment.
-	  Forgetting the "@" for the SOA record or indenting the master
+	  Forgeting the "@" for the SOA record or indenting the master
 	  file.
 	</para>
       </answer>
@@ -783,7 +766,7 @@ Master 10.0.1.1:
       </question>
       <answer>
 	<para>
-	  You are running chrooted (-t) and have not supplied local timezone
+	  You are running chrooted (-t) and have not supplied local timzone
 	  information in the chroot area.
 	</para>
 	<simplelist>
@@ -946,7 +929,7 @@ zone "example.net" {
     <qandaentry>
       <question>
 	<para>
-	  How do I integrate BIND 9 and Solaris SMF
+	  How do I intergrate BIND 9 and Solaris SMF
 	</para>
       </question>
       <answer>
@@ -978,7 +961,7 @@ zone "example.net" {
 	  You would have to add both the CNAME and address records
 	  (A/AAAA) as glue to the parent zone and have CNAMEs be
 	  followed when doing additional section processing to make
-	  it work.  No nameserver implementation supports either of
+	  it work.  No namesever implementation supports either of
 	  these requirements.
 	</para>
       </answer>
@@ -997,7 +980,7 @@ zone "example.net" {
 	  space you are using then you have failed to follow RFC 1918
 	  usage rules and are leaking queries to the Internet.  You
 	  should establish your own zones for these addresses to prevent
-	  you querying the Internet's name servers for these addresses.
+	  you quering the Internet's name servers for these addresses.
 	  Please see <ulink url="http://as112.net/">http://as112.net/</ulink>
 	  for details of the problems you are causing and the counter
 	  measures that have had to be deployed.
@@ -1074,7 +1057,7 @@ empty:
 	   SELinux security policy ( see http://www.nsa.gov/selinux
 	   ) and recommendations for BIND security , which are more
 	   secure than running named in a chroot and make use of
-	   the bind-chroot environment unnecessary .
+	   the bind-chroot environment unecessary .
 	</para>
 
 	<para>
@@ -1175,7 +1158,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
 	</para>
 
 	<para>
-	  To create a custom configuration file location, e.g.
+	  To create a custom configuration file location, eg.
 	  '/root/named.conf', to use with the 'named -c' option,
 	  do:
 	  <informalexample>
@@ -1186,7 +1169,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
 	</para>
   
 	<para>
-	  To create a custom modifiable named data location, e.g.
+	  To create a custom modifiable named data location, eg.
 	  '/var/log/named' for a log file, do:
 	  <informalexample>
 	    <programlisting>
@@ -1196,7 +1179,7 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
 	</para>
    
 	<para>
-   To create a custom zone file location, e.g. /root/zones/, do:
+   To create a custom zone file location, eg. /root/zones/, do:
 	  <informalexample>
 	    <programlisting>
 # chcon system_u:object_r:named_zone_t /root/zones/{.,*}
@@ -1210,148 +1193,5 @@ named_cache_t: for files modifiable by named - $ROOTDIR/var/{tmp,named/{slaves,d
 	</para>
       </answer>
     </qandaentry>
-
-    <qandaentry>
-      <question>
-	<para>
-	  I want to forward all DNS queries from my caching nameserver to
-	  another server. But there are some domains which have to be
-	  served locally, via rbldnsd.
-	</para>
-	<para>
-	  How do I achieve this ?
-	</para>
-      </question>
-      <answer>
-        <programlisting>
-options {
-	forward only;
-	forwarders { &lt;ip.of.primary.nameserver&gt;; };
-};
-
-zone "sbl-xbl.spamhaus.org" {
-	type forward; forward only;
-	forwarders { &lt;ip.of.rbldns.server&gt; port 530; };
-};
-
-zone "list.dsbl.org" {
-	type forward; forward only;
-	forwarders { &lt;ip.of.rbldns.server&gt; port 530; };
-};
-        </programlisting>
-      </answer>
-    </qandaentry>
-
-    <qandaentry>
-      <question>
-	<para>
-	  Will named be affected by the 2007 changes to daylight savings
-	  rules in the US.
-	</para>
-      </question>
-      <answer>
-	<para>
-	  No, so long as the machines internal clock (as reported
-	  by "date -u") remains at UTC.  The only visible change
-	  if you fail to upgrade your OS, if you are in a affected
-	  area, will be that log messages will be a hour out during
-	  the period where the old rules do not match the new rules.
-	</para>
-	<para>
-	  For most OS's this change just means that you need to
-	  update the conversion rules from UTC to local time.
-	  Normally this involves updating a file in /etc (which
-	  sets the default timezone for the machine) and possibly
-	  a directory which has all the conversion rules for the
-	  world (e.g. /usr/share/zoneinfo).  When updating the OS
-	  do not forget to update any chroot areas as well.
-	  See your OS's documentation for more details.
-	</para>
-	<para>
-	  The local timezone conversion rules can also be done on
-	  a individual basis by setting the TZ environment variable
-	  appropriately.  See your OS's documentation for more
-	  details.
-	</para>
-      </answer>
-    </qandaentry>
-
-    <qandaentry>
-      <question>
-	<para>
-	  Why do we get the following warning at run time:
-<programlisting>kernel: process `named' is using obsolete setsockopt SO_BSDCOMPAT</programlisting>
-	</para>
-      </question>
-      <answer>
-	<para>
-          The early Linux kernels broke sendto() by having it return     
-          that a ICMP unreachable had be received for non connected
-          UDP sockets.  This made non connected UDP sockets work like
-          connected UDP socket which is fine when you are only talking
-          to one destination.  Named however talks to multiple
-          destinations and it caused problems.
-	</para>
-	<para>
-          Rather than fix sendto() to just have BSD behaviour they added
-          SO_BSDCOMPAT to turn BSD behaviour on/off on a per socket basis.
-	</para>
-	<para>
-          Later they decided to make BSD behaviour the default and
-          to aggressively track down applications that used SO_BSDCOMPAT
-          by issuing a warning.  This is the sort of things vendors
-          do in alpha/beta stages of a release so that their code is
-          clean.  They then turn the warning *off* for release code.
-	</para>
-	<para>
-          We still have customers that have kernels that require
-          SO_BSDCOMPAT to operate.  We therefore cannot remove the
-          setsockopt(SO_BSDCOMPAT) call.
-	</para>
-	<para>
-          Now most/all portable applications that use SO_BSDCOMPAT use it
-          conditionally manner so just removing SO_BSDCOMPAT from the
-          header file would be safe as long as the binary was not to
-          be moved between systems.  BIND's use is conditional.
-	</para>
-	<para>
-	  In short, the Linux developers should either, remove the #define for
-	  SO_BSDCOMPAT, and/or remove the warning.
-	</para>
-      </answer>
-    </qandaentry>
-
-    <qandaentry>
-      <question>
-	<para>
-	  Isn't "make install"  supposed to generate a default named.conf?
-	</para>
-      </question>
-      <answer>
-	<para>
-	  Short Answer: No. 
-	</para>
-	<para>
-	  Long Answer: There really isn't a default configuration which fits
-	  any site perfectly.  There are lots of decisions that need to
-	  be made and there is no consensus on what the defaults should be.
-	  For example FreeBSD uses /etc/namedb as the location where the
-	  configuration files for named are stored.  Others use /var/named.
-	</para>
-	<para>
-	  What addresses to listen on?  For a laptop on the move a lot
-	  you may only want to listen on the loop back interfaces.
-	</para>
-	<para>
-	  Who do you offer recursive service to?  Is there are firewall
-	  to consider?  If so is it stateless or stateful.  Are you
-	  directly on the Internet?  Are you on a private network? Are
-	  you on a NAT'd network? The answers
-	  to all these questions change how you configure even a
-	  caching name server.
-	</para>
-      </answer>
-    </qandaentry>
-
   </qandaset>
 </article>

Makefile.in

@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.47 2006/05/19 00:04:02 marka Exp $
+# $Id: Makefile.in,v 1.43.18.4 2006/05/19 00:04:01 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

README

@@ -43,25 +43,12 @@ BIND 9
 		Nominum, Inc.
 
 
-BIND 9.5.0
-
-	BIND 9.5.0 has a number of new features over 9.4,
-	including:
-
-	GSS-TSIG support (RFC 3645).
-
-	DHCID support.
-
-	Experimental http server and statistics support for named via xml.
-
-	Use Doxygen to generate internal documention.
-
 BIND 9.4.0
 
 	BIND 9.4.0 has a number of new features over 9.3,
 	including:
 
-	Implemented "additional section caching (or acache)", an
+	Implemented "additional section caching" (or "acache"), an
 	internal cache framework for additional section content to
 	improve response performance.  Several configuration options
 	were provided to control the behavior.
@@ -150,12 +137,11 @@ BIND 9.4.0
 
 	Add support for CH A record.
 
-	Add additional zone data constancy checks.  named-checkzone
+	Add additional zone data consistancy checks.  named-checkzone
 	has extended checking of NS, MX and SRV record and the hosts
 	they reference.  named has extended post zone load checks.
 	New zone options: check-mx and integrity-check.
 
-
 	edns-udp-size can now be overridden on a per server basis.
 
 	dig can now specify the EDNS version when making a query.
@@ -168,7 +154,7 @@ BIND 9.4.0
 	Detect duplicates of UDP queries we are recursing on and
 	drop them.  New stats category "duplicates".
 
-	"USE INTERNAL MALLOC" is now runtime selectable.
+	Memory management. "USE INTERNAL MALLOC" is now runtime selectable.
 
 	The lame cache is now done on a <qname,qclass,qtype> basis
 	as some servers only appear to be lame for certain query
@@ -183,9 +169,9 @@ BIND 9.4.0
 
 	Support for IPSECKEY rdata type.
 
-	Raise the UDP recieve buffer size to 32k if it is less than 32k.
+	Raise the UDP receive buffer size to 32k if it is less than 32k.
 
-	x86 and x86_64 now have seperate atomic locking implementations.
+	x86 and x86_64 now have separate atomic locking implementations.
 
 	named-checkconf now validates update-policy entries.
 
@@ -213,9 +199,69 @@ BIND 9.4.0
 	to set 'RA' when 'RD' is set unless a server is explicitly
 	set.
 
-	Integrate contibuted DLZ code into named.
+	Integrate contributed DLZ code into named.
 
-	Integrate contibuted IDN code from JPNIC.
+	Integrate contributed IDN code from JPNIC.
+
+	Validate pending NS RRsets, in the authority section, prior
+	to returning them if it can be done without requiring DNSKEYs
+	to be fetched.
+
+	It is now possible to configure named to accept expired
+	RRSIGs.  Default "dnssec-accept-expired no;".  Setting
+	"dnssec-accept-expired yes;" leaves named vulnerable to
+	replay attacks.
+
+	Additional memory leakage checks.
+
+	The maximum EDNS UDP response named will send can now be
+	set in named.conf (max-udp-size).  This is independent of
+	the advertised receive buffer (edns-udp-size).
+
+	Named now falls back to advertising EDNS with a 512 byte
+	receive buffer if the initial EDNS queries fail.
+
+	Control the zeroing of the negative response TTL to a soa
+	query.  Defaults "zero-no-soa-ttl yes;" and
+	"zero-no-soa-ttl-cache no;".
+			
+	Separate out MX and SRV to CNAME checks.
+
+	dig/nslookup/host: warn about missing "QR".
+
+	TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
+	HMACSHA512 support.
+
+	dnssec-signzone: output the SOA record as the first record
+	in the signed zone.
+
+	Two new update policies.  "selfsub" and "selfwild".
+
+	dig, nslookup and host now advertise a 4096 byte EDNS UDP
+	buffer size by default.
+
+	Report when a zone is removed.
+
+	DS/DLV SHA256 digest algorithm support.
+
+	Implement "rrset-order fixed".
+
+	Check the KSK flag when updating a secure dynamic zone.
+	New zone option "update-check-ksk yes;".
+
+	It is now possible to explicitly enable DNSSEC validation.
+	default dnssec-validation no; to be changed to yes in 9.5.0.
+
+	It is now possible to enable/disable DNSSEC validation
+	from rndc.  This is useful for the mobile hosts where the
+	current connection point breaks DNSSEC (firewall/proxy).
+
+		rndc validation newstate [view]
+
+	dnssec-signzone can now update the SOA record of the signed
+	zone, either as an increment or as the system time().
+
+	Statistics about acache now recorded and sent to log.
 
 	libbind: corresponds to that from BIND 8.4.7.
 
@@ -362,7 +408,7 @@ Building
 	We've had successful builds and tests on the following systems:
 
 		COMPAQ Tru64 UNIX 5.1B
-		FreeBSD 4.10, 5.2.1, 6.2
+		FreeBSD 4.10, 5.2.1
 		HP-UX 11.11
 		NetBSD 1.5
 		Slackware Linux 8.1
@@ -419,8 +465,6 @@ Building
 				    -DDIG_SIGCHASE_BU=1)
 		Disable dropping queries from particular well known ports.
 		  -DNS_CLIENT_DROPPORT=0
-		Disable support for "rrset-order fixed".
-		  -DDNS_RDATASET_FIXED=0
 
 	    LDFLAGS
 		Linker flags. Defaults to empty string.

README.idnkit

@@ -109,4 +109,4 @@ about idnkit and this patch.
 Bug reports and comments on this kit should be sent to
 mdnkit-bugs@nic.ad.jp and idn-cmt@nic.ad.jp, respectively.
 
-; $Id: README.idnkit,v 1.2 2005/09/09 06:13:57 marka Exp $
+; $Id: README.idnkit,v 1.2.2.2 2005/09/12 02:12:08 marka Exp $

acconfig.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: acconfig.h,v 1.49 2005/04/29 00:22:24 marka Exp $ */
+/* $Id: acconfig.h,v 1.44.18.5 2005/04/29 00:15:20 marka Exp $ */
 
 /*! \file */
 

bin/check/Makefile.in

@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.30 2006/06/09 00:54:09 marka Exp $
+# $Id: Makefile.in,v 1.24.18.6 2006/06/09 00:54:08 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/check/check-tool.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.c,v 1.26 2006/07/21 07:11:56 marka Exp $ */
+/* $Id: check-tool.c,v 1.10.18.14 2006/06/08 01:43:00 marka Exp $ */
 
 /*! \file */
 
@@ -33,9 +33,7 @@
 #include <isc/netdb.h>
 #include <isc/region.h>
 #include <isc/stdio.h>
-#include <isc/symtab.h>
 #include <isc/types.h>
-#include <isc/mem.h>
 
 #include <dns/fixedname.h>
 #include <dns/log.h>
@@ -63,15 +61,6 @@
 			goto cleanup; \
 	} while (0)   
 
-#define ERR_IS_CNAME 1
-#define ERR_NO_ADDRESSES 2
-#define ERR_LOOKUP_FAILURE 3
-#define ERR_EXTRA_A 4
-#define ERR_EXTRA_AAAA 5
-#define ERR_MISSING_GLUE 5
-#define ERR_IS_MXCNAME 6
-#define ERR_IS_SRVCNAME 7
-
 static const char *dbtype[] = { "rbt" };
 
 int debug = 0;
@@ -102,58 +91,6 @@ static isc_logcategory_t categories[] = {
 	{ NULL,		     0 }
 };
 
-static isc_symtab_t *symtab = NULL;
-static isc_mem_t *sym_mctx;
-
-static void
-freekey(char *key, unsigned int type, isc_symvalue_t value, void *userarg) {
-	UNUSED(type);
-	UNUSED(value);
-	isc_mem_free(userarg, key);
-} 
-
-static void
-add(char *key, int value) {
-	isc_result_t result;
-	isc_symvalue_t symvalue;
-
-	if (sym_mctx == NULL) {
-		result = isc_mem_create(0, 0, &sym_mctx);
-		if (result != ISC_R_SUCCESS)
-			return;
-	}
-
-	if (symtab == NULL) {
-		result = isc_symtab_create(sym_mctx, 100, freekey, sym_mctx,
-					   ISC_FALSE, &symtab);
-		if (result != ISC_R_SUCCESS)
-			return;
-	}
-
-	key = isc_mem_strdup(sym_mctx, key);
-	if (key == NULL)
-		return;
-
-	symvalue.as_pointer = NULL;
-	result = isc_symtab_define(symtab, key, value, symvalue,
-				   isc_symexists_reject);
-	if (result != ISC_R_SUCCESS)
-		isc_mem_free(sym_mctx, key);
-}
-
-static isc_boolean_t
-logged(char *key, int value) {
-	isc_result_t result;
-
-	if (symtab == NULL)
-		return (ISC_FALSE);
-
-	result = isc_symtab_lookup(symtab, key, value, NULL);
-	if (result == ISC_R_SUCCESS)
-		return (ISC_TRUE);
-	return (ISC_FALSE);
-}
-
 static isc_boolean_t
 checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	dns_rdataset_t *a, dns_rdataset_t *aaaa)
@@ -188,43 +125,34 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	if (dns_name_countlabels(name) > 1U)
 		strcat(namebuf, ".");
 	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
+	
 	result = getaddrinfo(namebuf, NULL, &hints, &ai);
 	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
 	switch (result) {
 	case 0:
-		if (strcasecmp(ai->ai_canonname, namebuf) != 0 &&
-		    !logged(namebuf, ERR_IS_CNAME)) {
+		if (strcasecmp(ai->ai_canonname, namebuf) != 0) {
 			dns_zone_log(zone, ISC_LOG_ERROR,
 				     "%s/NS '%s' (out of zone) "
 				     "is a CNAME (illegal)",
 				     ownerbuf, namebuf);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = ISC_FALSE; */
-			add(namebuf, ERR_IS_CNAME);
 		}
 		break;
 	case EAI_NONAME:
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
 #endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
 		/* XXX950 make fatal for 9.5.0 */
 		return (ISC_TRUE);
 
 	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s",
-				     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
+		dns_zone_log(zone, ISC_LOG_WARNING,
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
 		return (ISC_TRUE);
 	}
 	if (a == NULL || aaaa == NULL)
@@ -247,13 +175,12 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 				break;
 			}
 		}
-		if (!match && !logged(namebuf, ERR_EXTRA_A)) {
+		if (!match) {
 			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE A record (%s)",
 				     ownerbuf, namebuf,
 				     inet_ntop(AF_INET, rdata.data,
 					       addrbuf, sizeof(addrbuf)));
-			add(namebuf, ERR_EXTRA_A);
 			/* XXX950 make fatal for 9.5.0 */
 			/* answer = ISC_FALSE; */
 		}
@@ -277,13 +204,12 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 				break;
 			}
 		}
-		if (!match && !logged(namebuf, ERR_EXTRA_AAAA)) {
+		if (!match) {
 			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
 				     "extra GLUE AAAA record (%s)",
 				     ownerbuf, namebuf,
 				     inet_ntop(AF_INET6, rdata.data,
 					       addrbuf, sizeof(addrbuf)));
-			add(namebuf, ERR_EXTRA_AAAA);
 			/* XXX950 make fatal for 9.5.0. */
 			/* answer = ISC_FALSE; */
 		}
@@ -295,48 +221,42 @@ checkns(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner,
 	/*
 	 * Check that all addresses appear in the glue.
 	 */
-	if (!logged(namebuf, ERR_MISSING_GLUE)) {
-		isc_boolean_t missing_glue = ISC_FALSE;
-		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			switch (cur->ai_family) {
-			case AF_INET:
-				rdataset = a;
-				ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
-				type = "A";
-				break;
-			case AF_INET6:
-				rdataset = aaaa;
-				ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
-				type = "AAAA";
-				break;
-			default:
-				 continue;
-			}
-			match = ISC_FALSE;
-			if (dns_rdataset_isassociated(rdataset))
-				result = dns_rdataset_first(rdataset);
-			else
-				result = ISC_R_FAILURE;
-			while (result == ISC_R_SUCCESS && !match) {
-				dns_rdataset_current(rdataset, &rdata);
-				if (memcmp(ptr, rdata.data, rdata.length) == 0)
-					match = ISC_TRUE;
-				dns_rdata_reset(&rdata);
-				result = dns_rdataset_next(rdataset);
-			}
-			if (!match) {
-				dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
-					     "missing GLUE %s record (%s)",
-					     ownerbuf, namebuf, type,
-					     inet_ntop(cur->ai_family, ptr,
-						       addrbuf, sizeof(addrbuf)));
-				/* XXX950 make fatal for 9.5.0. */
-				/* answer = ISC_FALSE; */
-				missing_glue = ISC_TRUE;
-			}
+	for (cur = ai; cur != NULL; cur = cur->ai_next) {
+		switch (cur->ai_family) {
+		case AF_INET:
+			rdataset = a;
+			ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
+			type = "A";
+			break;
+		case AF_INET6:
+			rdataset = aaaa;
+			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
+			type = "AAAA";
+			break;
+		default:
+			 continue;
+		}
+		match = ISC_FALSE;
+		if (dns_rdataset_isassociated(rdataset))
+			result = dns_rdataset_first(rdataset);
+		else
+			result = ISC_R_FAILURE;
+		while (result == ISC_R_SUCCESS && !match) {
+			dns_rdataset_current(rdataset, &rdata);
+			if (memcmp(ptr, rdata.data, rdata.length) == 0)
+				match = ISC_TRUE;
+			dns_rdata_reset(&rdata);
+			result = dns_rdataset_next(rdataset);
+		}
+		if (!match) {
+			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
+				     "missing GLUE %s record (%s)",
+				     ownerbuf, namebuf, type,
+				     inet_ntop(cur->ai_family, ptr,
+					       addrbuf, sizeof(addrbuf)));
+			/* XXX950 make fatal for 9.5.0. */
+			/* answer = ISC_FALSE; */
 		}
-		if (missing_glue)
-			add(namebuf, ERR_MISSING_GLUE);
 	}
 	freeaddrinfo(ai);
 	return (answer);
@@ -377,13 +297,10 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 			if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0)
 				level = ISC_LOG_WARNING;
 			if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
-				if (!logged(namebuf, ERR_IS_MXCNAME)) {
-					dns_zone_log(zone, level,
-						     "%s/MX '%s' (out of zone)"
-						     " is a CNAME (illegal)",
-						     ownerbuf, namebuf);
-					add(namebuf, ERR_IS_MXCNAME);
-				}
+				dns_zone_log(zone, ISC_LOG_WARNING,
+					     "%s/MX '%s' (out of zone) "
+					     "is a CNAME (illegal)",
+					     ownerbuf, namebuf);
 				if (level == ISC_LOG_ERROR)
 					answer = ISC_FALSE;
 			}
@@ -395,23 +312,16 @@ checkmx(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
 #endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/MX '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/MX '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
 		/* XXX950 make fatal for 9.5.0. */
 		return (ISC_TRUE);
 
 	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
+		dns_zone_log(zone, ISC_LOG_WARNING,
 			     "getaddrinfo(%s) failed: %s",
 			     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
 		return (ISC_TRUE);
 	}
 #else
@@ -451,13 +361,10 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 			if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0)
 				level = ISC_LOG_WARNING;
 			if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
-				if (!logged(namebuf, ERR_IS_SRVCNAME)) {
-					dns_zone_log(zone, level, "%s/SRV '%s'"
-						     " (out of zone) is a "
-						     "CNAME (illegal)",
-						     ownerbuf, namebuf);
-					add(namebuf, ERR_IS_SRVCNAME);
-				}
+				dns_zone_log(zone, level,
+					     "%s/SRV '%s' (out of zone) "
+					     "is a CNAME (illegal)",
+					     ownerbuf, namebuf);
 				if (level == ISC_LOG_ERROR)
 					answer = ISC_FALSE;
 			}
@@ -469,23 +376,16 @@ checksrv(dns_zone_t *zone, dns_name_t *name, dns_name_t *owner) {
 #if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
 	case EAI_NODATA:
 #endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/SRV '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
+		dns_zone_log(zone, ISC_LOG_ERROR, "%s/SRV '%s' (out of zone) "
+			     "has no addresses records (A or AAAA)",
+			     ownerbuf, namebuf);
 		/* XXX950 make fatal for 9.5.0. */
 		return (ISC_TRUE);
 
 	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s",
-				     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
+		dns_zone_log(zone, ISC_LOG_WARNING,
+			     "getaddrinfo(%s) failed: %s",
+			     namebuf, gai_strerror(result));
 		return (ISC_TRUE);
 	}
 #else

bin/check/check-tool.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: check-tool.h,v 1.11 2005/06/20 01:03:48 marka Exp $ */
+/* $Id: check-tool.h,v 1.7.18.4 2005/06/20 01:19:25 marka Exp $ */
 
 #ifndef CHECK_TOOL_H
 #define CHECK_TOOL_H

bin/check/named-checkconf.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkconf.8,v 1.28 2007/05/09 03:33:50 marka Exp $
+.\" $Id: named-checkconf.8,v 1.16.18.9 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: named\-checkconf
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: June 14, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -39,37 +39,27 @@ named\-checkconf \- named configuration file syntax checking tool
 \fBnamed\-checkconf\fR
 checks the syntax, but not the semantics, of a named configuration file.
 .SH "OPTIONS"
-.PP
+.TP 3n
 \-t \fIdirectory\fR
-.RS 4
-Chroot to
+chroot to
 \fIdirectory\fR
 so that include directives in the configuration file are processed as if run by a similarly chrooted named.
-.RE
-.PP
+.TP 3n
 \-v
-.RS 4
 Print the version of the
 \fBnamed\-checkconf\fR
 program and exit.
-.RE
-.PP
+.TP 3n
 \-z
-.RS 4
-Perform a test load of all master zones found in
+Perform a check load the master zonefiles found in
 \fInamed.conf\fR.
-.RE
-.PP
+.TP 3n
 \-j
-.RS 4
 When loading a zonefile read the journal if it exists.
-.RE
-.PP
+.TP 3n
 filename
-.RS 4
 The name of the configuration file to be checked. If not specified, it defaults to
 \fI/etc/named.conf\fR.
-.RE
 .SH "RETURN VALUES"
 .PP
 \fBnamed\-checkconf\fR
@@ -82,7 +72,4 @@ BIND 9 Administrator Reference Manual.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
-.br
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")

bin/check/named-checkconf.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkconf.c,v 1.42 2006/02/28 02:39:51 marka Exp $ */
+/* $Id: named-checkconf.c,v 1.28.18.14 2006/02/28 03:10:47 marka Exp $ */
 
 /*! \file */
 

bin/check/named-checkconf.docbook

@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkconf.docbook,v 1.16 2007/05/09 01:32:08 marka Exp $ -->
+<!-- $Id: named-checkconf.docbook,v 1.8.18.5 2005/07/19 05:55:41 marka Exp $ -->
 <refentry id="man.named-checkconf">
   <refentryinfo>
     <date>June 14, 2000</date>
@@ -34,7 +34,6 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
-      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -77,7 +76,7 @@
         <term>-t <replaceable class="parameter">directory</replaceable></term>
         <listitem>
           <para>
-            Chroot to <filename>directory</filename> so that
+            chroot to <filename>directory</filename> so that
             include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
@@ -99,8 +98,8 @@
         <term>-z</term>
         <listitem>
           <para>
-	    Perform a test load of all master zones found in
-	    <filename>named.conf</filename>.
+            Perform a check load the master zonefiles found in
+            <filename>named.conf</filename>.
           </para>
         </listitem>
       </varlistentry>

bin/check/named-checkconf.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: named-checkconf.html,v 1.28 2007/05/09 03:33:50 marka Exp $ -->
+<!-- $Id: named-checkconf.html,v 1.9.18.15 2006/06/29 13:03:01 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>named-checkconf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.named-checkconf"></a><div class="titlepage"></div>
@@ -32,18 +32,18 @@
 <div class="cmdsynopsis"><p><code class="command">named-checkconf</code>  [<code class="option">-v</code>] [<code class="option">-j</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] {filename} [<code class="option">-z</code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543383"></a><h2>DESCRIPTION</h2>
+<a name="id2549441"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkconf</strong></span>
       checks the syntax, but not the semantics, of a named
       configuration file.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543395"></a><h2>OPTIONS</h2>
+<a name="id2549452"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
-            Chroot to <code class="filename">directory</code> so that
+            chroot to <code class="filename">directory</code> so that
             include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
@@ -55,8 +55,8 @@
           </p></dd>
 <dt><span class="term">-z</span></dt>
 <dd><p>
-	    Perform a test load of all master zones found in
-	    <code class="filename">named.conf</code>.
+            Perform a check load the master zonefiles found in
+            <code class="filename">named.conf</code>.
           </p></dd>
 <dt><span class="term">-j</span></dt>
 <dd><p>
@@ -70,20 +70,20 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543489"></a><h2>RETURN VALUES</h2>
+<a name="id2549613"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkconf</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543500"></a><h2>SEE ALSO</h2>
+<a name="id2549693"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543522"></a><h2>AUTHOR</h2>
+<a name="id2549715"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/check/named-checkzone.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named-checkzone.8,v 1.40 2007/05/09 13:35:57 marka Exp $
+.\" $Id: named-checkzone.8,v 1.18.18.18 2006/09/29 08:34:49 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: named\-checkzone
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: June 13, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -48,41 +48,30 @@ useful for checking zone files before configuring them into a name server.
 \fBnamed\-compilezone\fR
 is similar to
 \fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by
-\fBnamed\fR. When manually specified otherwise, the check levels must at least be as strict as those specified in the
+\fBnamed\fR. When manaully specified otherwise, the check levels must at least be as strict as those specified in the
 \fBnamed\fR
 configuration file.
 .SH "OPTIONS"
-.PP
+.TP 3n
 \-d
-.RS 4
 Enable debugging.
-.RE
-.PP
+.TP 3n
 \-q
-.RS 4
 Quiet mode \- exit code only.
-.RE
-.PP
+.TP 3n
 \-v
-.RS 4
 Print the version of the
 \fBnamed\-checkzone\fR
 program and exit.
-.RE
-.PP
+.TP 3n
 \-j
-.RS 4
 When loading the zone file read the journal if it exists.
-.RE
-.PP
+.TP 3n
 \-c \fIclass\fR
-.RS 4
 Specify the class of the zone. If not specified "IN" is assumed.
-.RE
-.PP
+.TP 3n
 \-i \fImode\fR
-.RS 4
-Perform post\-load zone integrity checks. Possible modes are
+Perform post load zone integrity checks. Possible modes are
 \fB"full"\fR
 (default),
 \fB"full\-sibling"\fR,
@@ -105,7 +94,7 @@ only checks SRV records which refer to in\-zone hostnames.
 .sp
 Mode
 \fB"full"\fR
-checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). It also checks that glue address records in the zone match those advertised by the child. Mode
+checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames). It also checks that glue addresses records in the zone match those advertised by the child. Mode
 \fB"local"\fR
 only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone.
 .sp
@@ -122,27 +111,21 @@ respectively.
 Mode
 \fB"none"\fR
 disables the checks.
-.RE
-.PP
+.TP 3n
 \-f \fIformat\fR
-.RS 4
 Specify the format of the zone file. Possible formats are
 \fB"text"\fR
 (default) and
 \fB"raw"\fR.
-.RE
-.PP
+.TP 3n
 \-F \fIformat\fR
-.RS 4
 Specify the format of the output file specified. Possible formats are
 \fB"text"\fR
 (default) and
 \fB"raw"\fR. For
 \fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents.
-.RE
-.PP
+.TP 3n
 \-k \fImode\fR
-.RS 4
 Perform
 \fB"check\-names"\fR
 checks with the specified failure mode. Possible modes are
@@ -153,28 +136,22 @@ checks with the specified failure mode. Possible modes are
 (default for
 \fBnamed\-checkzone\fR) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP 3n
 \-m \fImode\fR
-.RS 4
 Specify whether MX records should be checked to see if they are addresses. Possible modes are
 \fB"fail"\fR,
 \fB"warn"\fR
 (default) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP 3n
 \-M \fImode\fR
-.RS 4
 Check if a MX record refers to a CNAME. Possible modes are
 \fB"fail"\fR,
 \fB"warn"\fR
 (default) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP 3n
 \-n \fImode\fR
-.RS 4
 Specify whether NS records should be checked to see if they are addresses. Possible modes are
 \fB"fail"\fR
 (default for
@@ -183,72 +160,53 @@ Specify whether NS records should be checked to see if they are addresses. Possi
 (default for
 \fBnamed\-checkzone\fR) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP 3n
 \-o \fIfilename\fR
-.RS 4
 Write zone output to
 \fIfilename\fR. This is mandatory for
 \fBnamed\-compilezone\fR.
-.RE
-.PP
+.TP 3n
 \-s \fIstyle\fR
-.RS 4
 Specify the style of the dumped zone file. Possible styles are
 \fB"full"\fR
 (default) and
 \fB"relative"\fR. The full format is most suitable for processing automatically by a separate script. On the other hand, the relative format is more human\-readable and is thus suitable for editing by hand. For
 \fBnamed\-checkzone\fR
 this does not cause any effects unless it dumps the zone contents. It also does not have any meaning if the output format is not text.
-.RE
-.PP
+.TP 3n
 \-S \fImode\fR
-.RS 4
 Check if a SRV record refers to a CNAME. Possible modes are
 \fB"fail"\fR,
 \fB"warn"\fR
 (default) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP 3n
 \-t \fIdirectory\fR
-.RS 4
-Chroot to
+chroot to
 \fIdirectory\fR
 so that include directives in the configuration file are processed as if run by a similarly chrooted named.
-.RE
-.PP
+.TP 3n
 \-w \fIdirectory\fR
-.RS 4
 chdir to
 \fIdirectory\fR
 so that relative filenames in master file $INCLUDE directives work. This is similar to the directory clause in
 \fInamed.conf\fR.
-.RE
-.PP
+.TP 3n
 \-D
-.RS 4
 Dump zone file in canonical format. This is always enabled for
 \fBnamed\-compilezone\fR.
-.RE
-.PP
+.TP 3n
 \-W \fImode\fR
-.RS 4
 Specify whether to check for non\-terminal wildcards. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034). Possible modes are
 \fB"warn"\fR
 (default) and
 \fB"ignore"\fR.
-.RE
-.PP
+.TP 3n
 zonename
-.RS 4
 The domain name of the zone being checked.
-.RE
-.PP
+.TP 3n
 filename
-.RS 4
 The name of the zone file.
-.RE
 .SH "RETURN VALUES"
 .PP
 \fBnamed\-checkzone\fR
@@ -262,7 +220,4 @@ BIND 9 Administrator Reference Manual.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
-.br
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")

bin/check/named-checkzone.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: named-checkzone.c,v 1.47 2007/03/29 23:47:04 tbox Exp $ */
+/* $Id: named-checkzone.c,v 1.29.18.16 2006/10/05 05:24:35 marka Exp $ */
 
 /*! \file */
 
@@ -109,8 +109,6 @@ main(int argc, char **argv) {
 	outputstyle = &dns_master_style_full;
 
 	prog_name = strrchr(argv[0], '/');
-	if (prog_name == NULL)
-		prog_name = strrchr(argv[0], '\\');
 	if (prog_name != NULL)
 		prog_name++;
 	else

bin/check/named-checkzone.docbook

@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named-checkzone.docbook,v 1.31 2007/05/09 06:18:44 marka Exp $ -->
+<!-- $Id: named-checkzone.docbook,v 1.11.18.15 2006/09/29 06:33:00 marka Exp $ -->
 <refentry id="man.named-checkzone">
   <refentryinfo>
     <date>June 13, 2000</date>
@@ -35,7 +35,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
-      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -117,7 +116,7 @@
 	Additionally, it applies stricter check levels by default,
         since the dump output will be used as an actual zone file
 	loaded by <command>named</command>.
-	When manually specified otherwise, the check levels must at
+	When manaully specified otherwise, the check levels must at
         least be as strict as those specified in the
 	<command>named</command> configuration file.
      </para>
@@ -177,7 +176,7 @@
         <term>-i <replaceable class="parameter">mode</replaceable></term>
 	<listitem>
 	  <para>
-	      Perform post-load zone integrity checks.  Possible modes are
+	      Perform post load zone integrity checks.  Possible modes are
 	      <command>"full"</command> (default),
 	      <command>"full-sibling"</command>,
 	      <command>"local"</command>,
@@ -199,7 +198,7 @@
 	  <para>
 	      Mode <command>"full"</command> checks that delegation NS
 	      records refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  It also checks that glue address records
+	      hostnames).  It also checks that glue addresses records
 	      in the zone match those advertised by the child.
 	      Mode <command>"local"</command> only checks NS records which
 	      refer to in-zone hostnames or that some required glue exists,
@@ -342,7 +341,7 @@
         <term>-t <replaceable class="parameter">directory</replaceable></term>
         <listitem>
           <para>
-            Chroot to <filename>directory</filename> so that
+            chroot to <filename>directory</filename> so that
             include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.

bin/check/named-checkzone.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: named-checkzone.html,v 1.40 2007/05/09 13:35:57 marka Exp $ -->
+<!-- $Id: named-checkzone.html,v 1.11.18.24 2006/09/29 08:34:49 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>named-checkzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.named-checkzone"></a><div class="titlepage"></div>
@@ -33,7 +33,7 @@
 <div class="cmdsynopsis"><p><code class="command">named-compilezone</code>  [<code class="option">-d</code>] [<code class="option">-j</code>] [<code class="option">-q</code>] [<code class="option">-v</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-f <em class="replaceable"><code>format</code></em></code>] [<code class="option">-F <em class="replaceable"><code>format</code></em></code>] [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>] [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>] [<code class="option">-s <em class="replaceable"><code>style</code></em></code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-D</code>] [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>] {zonename} {filename}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543665"></a><h2>DESCRIPTION</h2>
+<a name="id2549722"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       checks the syntax and integrity of a zone file.  It performs the
       same checks as <span><strong class="command">named</strong></span> does when loading a
@@ -47,13 +47,13 @@
 	Additionally, it applies stricter check levels by default,
         since the dump output will be used as an actual zone file
 	loaded by <span><strong class="command">named</strong></span>.
-	When manually specified otherwise, the check levels must at
+	When manaully specified otherwise, the check levels must at
         least be as strict as those specified in the
 	<span><strong class="command">named</strong></span> configuration file.
      </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543700"></a><h2>OPTIONS</h2>
+<a name="id2549757"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-d</span></dt>
 <dd><p>
@@ -79,7 +79,7 @@
 <dt><span class="term">-i <em class="replaceable"><code>mode</code></em></span></dt>
 <dd>
 <p>
-	      Perform post-load zone integrity checks.  Possible modes are
+	      Perform post load zone integrity checks.  Possible modes are
 	      <span><strong class="command">"full"</strong></span> (default),
 	      <span><strong class="command">"full-sibling"</strong></span>,
 	      <span><strong class="command">"local"</strong></span>,
@@ -101,7 +101,7 @@
 <p>
 	      Mode <span><strong class="command">"full"</strong></span> checks that delegation NS
 	      records refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  It also checks that glue address records
+	      hostnames).  It also checks that glue addresses records
 	      in the zone match those advertised by the child.
 	      Mode <span><strong class="command">"local"</strong></span> only checks NS records which
 	      refer to in-zone hostnames or that some required glue exists,
@@ -195,7 +195,7 @@
 	  </p></dd>
 <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
 <dd><p>
-            Chroot to <code class="filename">directory</code> so that
+            chroot to <code class="filename">directory</code> so that
             include
             directives in the configuration file are processed as if
             run by a similarly chrooted named.
@@ -233,21 +233,21 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544299"></a><h2>RETURN VALUES</h2>
+<a name="id2550425"></a><h2>RETURN VALUES</h2>
 <p><span><strong class="command">named-checkzone</strong></span>
       returns an exit status of 1 if
       errors were detected and 0 otherwise.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544311"></a><h2>SEE ALSO</h2>
+<a name="id2550437"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <em class="citetitle">RFC 1035</em>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544336"></a><h2>AUTHOR</h2>
+<a name="id2550461"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dig/Makefile.in

@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.39 2005/09/09 14:11:37 marka Exp $
+# $Id: Makefile.in,v 1.33.18.6 2005/09/09 14:11:04 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/dig/dig.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dig.1,v 1.45 2007/05/16 06:12:00 marka Exp $
+.\" $Id: dig.1,v 1.23.18.16 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: dig
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: Jun 30, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -50,7 +50,7 @@ Although
 \fBdig\fR
 is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file. A brief summary of its command\-line arguments and options is printed when the
 \fB\-h\fR
-option is given. Unlike earlier versions, the BIND 9 implementation of
+option is given. Unlike earlier versions, the BIND9 implementation of
 \fBdig\fR
 allows multiple lookups to be issued from the command line.
 .PP
@@ -65,30 +65,21 @@ It is possible to set per\-user defaults for
 \fBdig\fR
 via
 \fI${HOME}/.digrc\fR. This file is read and any options in it are applied before the command line arguments.
-.PP
-The IN and CH class names overlap with the IN and CH top level domains names. Either use the
-\fB\-t\fR
-and
-\fB\-c\fR
-options to specify the type and class or use the
-\fB\-q\fR
-the specify the domain name or use "IN." and "CH." when looking up these top level domains.
 .SH "SIMPLE USAGE"
 .PP
 A typical invocation of
 \fBdig\fR
 looks like:
 .sp
-.RS 4
+.RS 3n
 .nf
  dig @server name type 
 .fi
 .RE
 .sp
 where:
-.PP
+.TP 3n
 \fBserver\fR
-.RS 4
 is the name or IP address of the name server to query. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation. When the supplied
 \fIserver\fR
 argument is a hostname,
@@ -100,15 +91,11 @@ argument is provided,
 consults
 \fI/etc/resolv.conf\fR
 and queries the name servers listed there. The reply from the name server that responds is displayed.
-.RE
-.PP
+.TP 3n
 \fBname\fR
-.RS 4
 is the name of the resource record that is to be looked up.
-.RE
-.PP
+.TP 3n
 \fBtype\fR
-.RS 4
 indicates what type of query is required \(em ANY, A, MX, SIG, etc.
 \fItype\fR
 can be any valid query type. If no
@@ -116,7 +103,6 @@ can be any valid query type. If no
 argument is supplied,
 \fBdig\fR
 will perform a lookup for an A record.
-.RE
 .SH "OPTIONS"
 .PP
 The
@@ -128,14 +114,14 @@ The default query class (IN for internet) is overridden by the
 \fB\-c\fR
 option.
 \fIclass\fR
-is any valid class, such as HS for Hesiod records or CH for Chaosnet records.
+is any valid class, such as HS for Hesiod records or CH for CHAOSNET records.
 .PP
 The
 \fB\-f\fR
 option makes
 \fBdig \fR
 operate in batch mode by reading a list of lookup requests to process from the file
-\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organized in the same way they would be presented as queries to
+\fIfilename\fR. The file contains a number of queries, one per line. Each entry in the file should be organised in the same way they would be presented as queries to
 \fBdig\fR
 using the command\-line interface.
 .PP
@@ -160,7 +146,7 @@ to only use IPv6 query transport.
 The
 \fB\-t\fR
 option sets the query type to
-\fItype\fR. It can be any valid query type which is supported in BIND 9. The default query type is "A", unless the
+\fItype\fR. It can be any valid query type which is supported in BIND9. The default query type "A", unless the
 \fB\-x\fR
 option is supplied to indicate a reverse lookup. A zone transfer can be requested by specifying a type of AXFR. When an incremental zone transfer (IXFR) is required,
 \fItype\fR
@@ -171,11 +157,11 @@ ixfr=N. The incremental zone transfer will contain the changes made to the zone
 The
 \fB\-q\fR
 option sets the query name to
-\fIname\fR. This useful do distinguish the
+\fIname\fR. This useful do distingish the
 \fIname\fR
 from other arguments.
 .PP
-Reverse lookups \(em mapping addresses to names \(em are simplified by the
+Reverse lookups \- mapping addresses to names \- are simplified by the
 \fB\-x\fR
 option.
 \fIaddr\fR
@@ -225,26 +211,19 @@ Each query option is identified by a keyword preceded by a plus sign (+). Some k
 no
 to negate the meaning of that keyword. Other keywords assign values to options like the timeout interval. They have the form
 \fB+keyword=value\fR. The query options are:
-.PP
+.TP 3n
 \fB+[no]tcp\fR
-.RS 4
-Use [do not use] TCP when querying name servers. The default behavior is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
-.RE
-.PP
+Use [do not use] TCP when querying name servers. The default behaviour is to use UDP unless an AXFR or IXFR query is requested, in which case a TCP connection is used.
+.TP 3n
 \fB+[no]vc\fR
-.RS 4
 Use [do not use] TCP when querying name servers. This alternate syntax to
 \fI+[no]tcp\fR
 is provided for backwards compatibility. The "vc" stands for "virtual circuit".
-.RE
-.PP
+.TP 3n
 \fB+[no]ignore\fR
-.RS 4
 Ignore truncation in UDP responses instead of retrying with TCP. By default, TCP retries are performed.
-.RE
-.PP
+.TP 3n
 \fB+domain=somename\fR
-.RS 4
 Set the search list to contain the single domain
 \fIsomename\fR, as if specified in a
 \fBdomain\fR
@@ -252,59 +231,39 @@ directive in
 \fI/etc/resolv.conf\fR, and enable search list processing as if the
 \fI+search\fR
 option were given.
-.RE
-.PP
+.TP 3n
 \fB+[no]search\fR
-.RS 4
 Use [do not use] the search list defined by the searchlist or domain directive in
 \fIresolv.conf\fR
 (if any). The search list is not used by default.
-.RE
-.PP
+.TP 3n
 \fB+[no]showsearch\fR
-.RS 4
 Perform [do not perform] a search showing intermediate results.
-.RE
-.PP
+.TP 3n
 \fB+[no]defname\fR
-.RS 4
 Deprecated, treated as a synonym for
 \fI+[no]search\fR
-.RE
-.PP
+.TP 3n
 \fB+[no]aaonly\fR
-.RS 4
 Sets the "aa" flag in the query.
-.RE
-.PP
+.TP 3n
 \fB+[no]aaflag\fR
-.RS 4
 A synonym for
 \fI+[no]aaonly\fR.
-.RE
-.PP
+.TP 3n
 \fB+[no]adflag\fR
-.RS 4
 Set [do not set] the AD (authentic data) bit in the query. The AD bit currently has a standard meaning only in responses, not in queries, but the ability to set the bit in the query is provided for completeness.
-.RE
-.PP
+.TP 3n
 \fB+[no]cdflag\fR
-.RS 4
 Set [do not set] the CD (checking disabled) bit in the query. This requests the server to not perform DNSSEC validation of responses.
-.RE
-.PP
+.TP 3n
 \fB+[no]cl\fR
-.RS 4
 Display [do not display] the CLASS when printing the record.
-.RE
-.PP
+.TP 3n
 \fB+[no]ttlid\fR
-.RS 4
 Display [do not display] the TTL when printing the record.
-.RE
-.PP
+.TP 3n
 \fB+[no]recurse\fR
-.RS 4
 Toggle the setting of the RD (recursion desired) bit in the query. This bit is set by default, which means
 \fBdig\fR
 normally sends recursive queries. Recursion is automatically disabled when the
@@ -312,109 +271,75 @@ normally sends recursive queries. Recursion is automatically disabled when the
 or
 \fI+trace\fR
 query options are used.
-.RE
-.PP
+.TP 3n
 \fB+[no]nssearch\fR
-.RS 4
 When this option is set,
 \fBdig\fR
 attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone.
-.RE
-.PP
+.TP 3n
 \fB+[no]trace\fR
-.RS 4
 Toggle tracing of the delegation path from the root name servers for the name being looked up. Tracing is disabled by default. When tracing is enabled,
 \fBdig\fR
 makes iterative queries to resolve the name being looked up. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup.
-.RE
-.PP
+.TP 3n
 \fB+[no]cmd\fR
-.RS 4
-Toggles the printing of the initial comment in the output identifying the version of
+toggles the printing of the initial comment in the output identifying the version of
 \fBdig\fR
 and the query options that have been applied. This comment is printed by default.
-.RE
-.PP
+.TP 3n
 \fB+[no]short\fR
-.RS 4
 Provide a terse answer. The default is to print the answer in a verbose form.
-.RE
-.PP
+.TP 3n
 \fB+[no]identify\fR
-.RS 4
 Show [or do not show] the IP address and port number that supplied the answer when the
 \fI+short\fR
 option is enabled. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer.
-.RE
-.PP
+.TP 3n
 \fB+[no]comments\fR
-.RS 4
 Toggle the display of comment lines in the output. The default is to print comments.
-.RE
-.PP
+.TP 3n
 \fB+[no]stats\fR
-.RS 4
-This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behavior is to print the query statistics.
-.RE
-.PP
+This query option toggles the printing of statistics: when the query was made, the size of the reply and so on. The default behaviour is to print the query statistics.
+.TP 3n
 \fB+[no]qr\fR
-.RS 4
 Print [do not print] the query as it is sent. By default, the query is not printed.
-.RE
-.PP
+.TP 3n
 \fB+[no]question\fR
-.RS 4
 Print [do not print] the question section of a query when an answer is returned. The default is to print the question section as a comment.
-.RE
-.PP
+.TP 3n
 \fB+[no]answer\fR
-.RS 4
 Display [do not display] the answer section of a reply. The default is to display it.
-.RE
-.PP
+.TP 3n
 \fB+[no]authority\fR
-.RS 4
 Display [do not display] the authority section of a reply. The default is to display it.
-.RE
-.PP
+.TP 3n
 \fB+[no]additional\fR
-.RS 4
 Display [do not display] the additional section of a reply. The default is to display it.
-.RE
-.PP
+.TP 3n
 \fB+[no]all\fR
-.RS 4
 Set or clear all display flags.
-.RE
-.PP
+.TP 3n
 \fB+time=T\fR
-.RS 4
 Sets the timeout for a query to
 \fIT\fR
-seconds. The default timeout is 5 seconds. An attempt to set
+seconds. The default time out is 5 seconds. An attempt to set
 \fIT\fR
 to less than 1 will result in a query timeout of 1 second being applied.
-.RE
-.PP
+.TP 3n
 \fB+tries=T\fR
-.RS 4
 Sets the number of times to try UDP queries to server to
 \fIT\fR
 instead of the default, 3. If
 \fIT\fR
 is less than or equal to zero, the number of tries is silently rounded up to 1.
-.RE
-.PP
+.TP 3n
 \fB+retry=T\fR
-.RS 4
 Sets the number of times to retry UDP queries to server to
 \fIT\fR
 instead of the default, 2. Unlike
 \fI+tries\fR, this does not include the initial query.
-.RE
-.PP
+.TP 3n
 \fB+ndots=D\fR
-.RS 4
 Set the number of dots that have to appear in
 \fIname\fR
 to
@@ -426,51 +351,35 @@ or
 \fBdomain\fR
 directive in
 \fI/etc/resolv.conf\fR.
-.RE
-.PP
+.TP 3n
 \fB+bufsize=B\fR
-.RS 4
 Set the UDP message buffer size advertised using EDNS0 to
 \fIB\fR
 bytes. The maximum and minimum sizes of this buffer are 65535 and 0 respectively. Values outside this range are rounded up or down appropriately. Values other than zero will cause a EDNS query to be sent.
-.RE
-.PP
+.TP 3n
 \fB+edns=#\fR
-.RS 4
 Specify the EDNS version to query with. Valid values are 0 to 255. Setting the EDNS version will cause a EDNS query to be sent.
 \fB+noedns\fR
 clears the remembered EDNS version.
-.RE
-.PP
+.TP 3n
 \fB+[no]multiline\fR
-.RS 4
 Print records like the SOA records in a verbose multi\-line format with human\-readable comments. The default is to print each record on a single line, to facilitate machine parsing of the
 \fBdig\fR
 output.
-.RE
-.PP
+.TP 3n
 \fB+[no]fail\fR
-.RS 4
-Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behavior.
-.RE
-.PP
+Do not try the next server if you receive a SERVFAIL. The default is to not try the next server which is the reverse of normal stub resolver behaviour.
+.TP 3n
 \fB+[no]besteffort\fR
-.RS 4
 Attempt to display the contents of messages which are malformed. The default is to not display malformed answers.
-.RE
-.PP
+.TP 3n
 \fB+[no]dnssec\fR
-.RS 4
 Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query.
-.RE
-.PP
+.TP 3n
 \fB+[no]sigchase\fR
-.RS 4
 Chase DNSSEC signature chains. Requires dig be compiled with \-DDIG_SIGCHASE.
-.RE
-.PP
+.TP 3n
 \fB+trusted\-key=####\fR
-.RS 4
 Specifies a file containing trusted keys to be used with
 \fB+sigchase\fR. Each DNSKEY record must be on its own line.
 .sp
@@ -483,12 +392,9 @@ then
 in the current directory.
 .sp
 Requires dig be compiled with \-DDIG_SIGCHASE.
-.RE
-.PP
+.TP 3n
 \fB+[no]topdown\fR
-.RS 4
-When chasing DNSSEC signature chains perform a top\-down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
-.RE
+When chasing DNSSEC signature chains perform a top down validation. Requires dig be compiled with \-DDIG_SIGCHASE.
 .SH "MULTIPLE QUERIES"
 .PP
 The BIND 9 implementation of
@@ -505,7 +411,7 @@ A global set of query options, which should be applied to all queries, can also
 \fB+[no]cmd\fR
 option) can be overridden by a query\-specific set of query options. For example:
 .sp
-.RS 4
+.RS 3n
 .nf
 dig +qr www.isc.org any \-x 127.0.0.1 isc.org ns +noqr
 .fi
@@ -551,7 +457,4 @@ RFC1035.
 .PP
 There are probably too many query options.
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
-.br
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")

bin/dig/dig.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.c,v 1.216 2007/04/03 23:06:39 marka Exp $ */
+/* $Id: dig.c,v 1.186.18.26 2006/07/21 23:52:21 marka Exp $ */
 
 /*! \file */
 
@@ -650,6 +650,42 @@ printgreeting(int argc, char **argv, dig_lookup_t *lookup) {
 	}
 }
 
+/*%
+ * Reorder an argument list so that server names all come at the end.
+ * This is a bit of a hack, to allow batch-mode processing to properly
+ * handle the server options.
+ */
+static void
+reorder_args(int argc, char *argv[]) {
+	int i, j;
+	char *ptr;
+	int end;
+
+	debug("reorder_args()");
+	end = argc - 1;
+	while (argv[end][0] == '@') {
+		end--;
+		if (end == 0)
+			return;
+	}
+	debug("arg[end]=%s", argv[end]);
+	for (i = 1; i < end - 1; i++) {
+		if (argv[i][0] == '@') {
+			debug("arg[%d]=%s", i, argv[i]);
+			ptr = argv[i];
+			for (j = i + 1; j < end; j++) {
+				debug("Moving %s to %d", argv[j], j - 1);
+				argv[j - 1] = argv[j];
+			}
+			debug("moving %s to end, %d", ptr, end - 1);
+			argv[end - 1] = ptr;
+			end--;
+			if (end < 1)
+				return;
+		}
+	}
+}
+
 static isc_uint32_t
 parse_uint(char *arg, const char *desc, isc_uint32_t max) {
 	isc_result_t result;
@@ -1068,9 +1104,7 @@ static const char *single_dash_opts = "46dhimnv";
 static const char *dash_opts = "46bcdfhikmnptvyx";
 static isc_boolean_t
 dash_option(char *option, char *next, dig_lookup_t **lookup,
-	    isc_boolean_t *open_type_class, isc_boolean_t *need_clone,
-	    isc_boolean_t config_only, int argc, char **argv,
-	    isc_boolean_t *firstarg)
+	    isc_boolean_t *open_type_class, isc_boolean_t config_only)
 {
 	char opt, *value, *ptr, *ptr2, *ptr3;
 	isc_result_t result;
@@ -1207,20 +1241,14 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 		return (value_from_next);
 	case 'q':
 		if (!config_only) {
-			if (*need_clone)
-				(*lookup) = clone_lookup(default_lookup,
-							 ISC_TRUE);
-			*need_clone = ISC_TRUE;
+			(*lookup) = clone_lookup(default_lookup,
+					         ISC_TRUE);
 			strncpy((*lookup)->textname, value, 
 				sizeof((*lookup)->textname));
 			(*lookup)->textname[sizeof((*lookup)->textname)-1]=0;
 			(*lookup)->trace_root = ISC_TF((*lookup)->trace  ||
 						     (*lookup)->ns_search_only);
 			(*lookup)->new_search = ISC_TRUE;
-			if (*firstarg) {
-				printgreeting(argc, argv, *lookup);
-				*firstarg = ISC_FALSE;
-			}
 			ISC_LIST_APPEND(lookup_list, (*lookup), link);
 			debug("looking up %s", (*lookup)->textname);
 		}
@@ -1348,9 +1376,7 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 		keysecret[sizeof(keysecret)-1]=0;
 		return (value_from_next);
 	case 'x':
-		if (*need_clone)
-			*lookup = clone_lookup(default_lookup, ISC_TRUE);
-		*need_clone = ISC_TRUE;
+		*lookup = clone_lookup(default_lookup, ISC_TRUE);
 		if (get_reverse(textname, sizeof(textname), value,
 				ip6_int, ISC_FALSE) == ISC_R_SUCCESS) {
 			strncpy((*lookup)->textname, textname,
@@ -1364,10 +1390,6 @@ dash_option(char *option, char *next, dig_lookup_t **lookup,
 			if (!(*lookup)->rdclassset)
 				(*lookup)->rdclass = dns_rdataclass_in;
 			(*lookup)->new_search = ISC_TRUE;
-			if (*firstarg) {
-				printgreeting(argc, argv, *lookup);
-				*firstarg = ISC_FALSE;
-			}
 			ISC_LIST_APPEND(lookup_list, *lookup, link);
 		} else {
 			fprintf(stderr, "Invalid IP address %s\n", value);
@@ -1459,8 +1481,6 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 	char rcfile[256];
 #endif
 	char *input;
-	int i;
-	isc_boolean_t need_clone = ISC_TRUE;
 
 	/*
 	 * The semantics for parsing the args is a bit complex; if
@@ -1508,9 +1528,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 				bargv[0] = argv[0];
 				argv0 = argv[0];
 
-				for(i = 0; i < bargc; i++)
-					debug(".digrc argv %d: %s",
-					      i, bargv[i]);
+				reorder_args(bargc, (char **)bargv);
 				parse_args(ISC_TRUE, ISC_TRUE, bargc,
 					   (char **)bargv);
 			}
@@ -1519,12 +1537,7 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 #endif
 	}
 
-	if (is_batchfile && !config_only) {
-		/* Processing '-f batchfile'. */
-		lookup = clone_lookup(default_lookup, ISC_TRUE);
-		need_clone = ISC_FALSE;
-	} else
-		lookup = default_lookup;
+	lookup = default_lookup;
 
 	rc = argc;
 	rv = argv;
@@ -1541,16 +1554,14 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 			if (rc <= 1) {
 				if (dash_option(&rv[0][1], NULL,
 						&lookup, &open_type_class,
-						&need_clone, config_only,
-						argc, argv, &firstarg)) {
+						config_only)) {
 					rc--;
 					rv++;
 				}
 			} else {
 				if (dash_option(&rv[0][1], rv[1],
 						&lookup, &open_type_class,
-						&need_clone, config_only,
-						argc, argv, &firstarg)) {
+						config_only)) {
 					rc--;
 					rv++;
 				}
@@ -1618,29 +1629,21 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 					continue;
 				}
 			}
-
 			if (!config_only) {
-				if (need_clone)
-					lookup = clone_lookup(default_lookup,
-								      ISC_TRUE);
-				need_clone = ISC_TRUE;
+				lookup = clone_lookup(default_lookup,
+						      ISC_TRUE);
 				strncpy(lookup->textname, rv[0], 
 					sizeof(lookup->textname));
 				lookup->textname[sizeof(lookup->textname)-1]=0;
 				lookup->trace_root = ISC_TF(lookup->trace  ||
 						     lookup->ns_search_only);
 				lookup->new_search = ISC_TRUE;
-				if (firstarg) {
-					printgreeting(argc, argv, lookup);
-					firstarg = ISC_FALSE;
-				}
 				ISC_LIST_APPEND(lookup_list, lookup, link);
 				debug("looking up %s", lookup->textname);
 			}
 			/* XXX Error message */
 		}
 	}
-
 	/*
 	 * If we have a batchfile, seed the lookup list with the
 	 * first entry, then trust the callback in dighost_shutdown
@@ -1675,20 +1678,15 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 			bargv[0] = argv[0];
 			argv0 = argv[0];
 
-			for(i = 0; i < bargc; i++)
-				debug("batch argv %d: %s", i, bargv[i]);
+			reorder_args(bargc, (char **)bargv);
 			parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv);
-			return;
 		}
-		return;
 	}
 	/*
 	 * If no lookup specified, search for root
 	 */
 	if ((lookup_list.head == NULL) && !config_only) {
-		if (need_clone)
-			lookup = clone_lookup(default_lookup, ISC_TRUE);
-		need_clone = ISC_TRUE;
+		lookup = clone_lookup(default_lookup, ISC_TRUE);
 		lookup->trace_root = ISC_TF(lookup->trace ||
 					    lookup->ns_search_only);
 		lookup->new_search = ISC_TRUE;
@@ -1700,9 +1698,10 @@ parse_args(isc_boolean_t is_batchfile, isc_boolean_t config_only,
 			firstarg = ISC_FALSE;
 		}
 		ISC_LIST_APPEND(lookup_list, lookup, link);
+	} else if (!config_only && firstarg) {
+			printgreeting(argc, argv, lookup);
+			firstarg = ISC_FALSE;
 	}
-	if (!need_clone)
-		destroy_lookup(lookup);
 }
 
 /*
@@ -1716,7 +1715,7 @@ dighost_shutdown(void) {
 	int bargc;
 	char *bargv[16];
 	char *input;
-	int i;
+
 
 	if (batchname == NULL) {
 		isc_app_shutdown();
@@ -1744,8 +1743,7 @@ dighost_shutdown(void) {
 
 		bargv[0] = argv0;
 
-		for(i = 0; i < bargc; i++)
-			debug("batch argv %d: %s", i, bargv[i]);
+		reorder_args(bargc, (char **)bargv);
 		parse_args(ISC_TRUE, ISC_FALSE, bargc, (char **)bargv);
 		start_lookup();
 	} else {
@@ -1761,6 +1759,7 @@ dighost_shutdown(void) {
 int
 main(int argc, char **argv) {
 	isc_result_t result;
+	dig_server_t *s, *s2;
 
 	ISC_LIST_INIT(lookup_list);
 	ISC_LIST_INIT(server_list);
@@ -1781,7 +1780,16 @@ main(int argc, char **argv) {
 	result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
 	check_result(result, "isc_app_onrun");
 	isc_app_run();
-	destroy_lookup(default_lookup);
+	s = ISC_LIST_HEAD(default_lookup->my_server_list);
+	while (s != NULL) {
+		debug("freeing server %p belonging to %p",
+		      s, default_lookup);
+		s2 = s;
+		s = ISC_LIST_NEXT(s, link);
+		ISC_LIST_DEQUEUE(default_lookup->my_server_list, s2, link);
+		isc_mem_free(mctx, s2);
+	}
+	isc_mem_free(mctx, default_lookup);
 	if (batchname != NULL) {
 		if (batchfp != stdin)
 			fclose(batchfp);

bin/dig/dig.docbook

@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dig.docbook,v 1.37 2007/05/16 01:42:26 marka Exp $ -->
+<!-- $Id: dig.docbook,v 1.17.18.13 2006/01/27 23:57:44 marka Exp $ -->
 <refentry id="man.dig">
 
   <refentryinfo>
@@ -41,7 +41,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
-      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -104,7 +103,7 @@
       arguments, it also has a batch mode of operation for reading lookup
       requests from a file.  A brief summary of its command-line arguments
       and options is printed when the <option>-h</option> option is given.
-      Unlike earlier versions, the BIND 9 implementation of
+      Unlike earlier versions, the BIND9 implementation of
       <command>dig</command> allows multiple lookups to be issued
       from the
       command line.
@@ -129,14 +128,6 @@
       are applied before the command line arguments.
     </para>
 
-    <para>
-      The IN and CH class names overlap with the IN and CH top level
-      domains names.  Either use the <option>-t</option> and
-      <option>-c</option> options to specify the type and class or
-      use the <option>-q</option> the specify the domain name or
-      use "IN." and "CH." when looking up these top level domains.
-    </para>
-
   </refsect1>
 
   <refsect1>
@@ -216,7 +207,7 @@
       The default query class (IN for internet) is overridden by the
       <option>-c</option> option.  <parameter>class</parameter> is
       any valid
-      class, such as HS for Hesiod records or CH for Chaosnet records.
+      class, such as HS for Hesiod records or CH for CHAOSNET records.
     </para>
 
     <para>
@@ -225,7 +216,7 @@
       in batch mode by reading a list of lookup requests to process from the
       file <parameter>filename</parameter>.  The file contains a
       number of
-      queries, one per line.  Each entry in the file should be organized in
+      queries, one per line.  Each entry in the file should be organised in
       the same way they would be presented as queries to
       <command>dig</command> using the command-line interface.
     </para>
@@ -251,7 +242,7 @@
       The <option>-t</option> option sets the query type to
       <parameter>type</parameter>.  It can be any valid query type
       which is
-      supported in BIND 9.  The default query type is "A", unless the
+      supported in BIND9.  The default query type "A", unless the
       <option>-x</option> option is supplied to indicate a reverse lookup.
       A zone transfer can be requested by specifying a type of AXFR.  When
       an incremental zone transfer (IXFR) is required,
@@ -263,12 +254,12 @@
 
     <para>
       The <option>-q</option> option sets the query name to 
-      <parameter>name</parameter>.  This useful do distinguish the
+      <parameter>name</parameter>.  This useful do distingish the
       <parameter>name</parameter> from other arguments.
     </para>
 
     <para>
-      Reverse lookups &mdash; mapping addresses to names &mdash; are simplified by the
+      Reverse lookups - mapping addresses to names - are simplified by the
       <option>-x</option> option.  <parameter>addr</parameter> is
       an IPv4
       address in dotted-decimal notation, or a colon-delimited IPv6 address.
@@ -343,7 +334,7 @@
           <listitem>
             <para>
               Use [do not use] TCP when querying name servers.  The default
-              behavior is to use UDP unless an AXFR or IXFR query is
+              behaviour is to use UDP unless an AXFR or IXFR query is
               requested, in
               which case a TCP connection is used.
             </para>
@@ -536,7 +527,7 @@
           <term><option>+[no]cmd</option></term>
           <listitem>
             <para>
-              Toggles the printing of the initial comment in the output
+              toggles the printing of the initial comment in the output
               identifying
               the version of <command>dig</command> and the query
               options that have
@@ -588,7 +579,7 @@
               This query option toggles the printing of statistics: when the
               query
               was made, the size of the reply and so on.  The default
-              behavior is
+              behaviour is
               to print the query statistics.
             </para>
           </listitem>
@@ -662,8 +653,8 @@
             <para>
 
               Sets the timeout for a query to
-              <parameter>T</parameter> seconds.  The default
-	      timeout is 5 seconds.
+              <parameter>T</parameter> seconds.  The default time
+              out is 5 seconds.
               An attempt to set <parameter>T</parameter> to less
               than 1 will result
               in a query timeout of 1 second being applied.
@@ -763,7 +754,7 @@
               default is
               to not try the next server which is the reverse of normal stub
               resolver
-              behavior.
+              behaviour.
             </para>
           </listitem>
         </varlistentry>
@@ -822,7 +813,7 @@
           <term><option>+[no]topdown</option></term>
           <listitem>
             <para>
-              When chasing DNSSEC signature chains perform a top-down
+              When chasing DNSSEC signature chains perform a top down
               validation.
               Requires dig be compiled with -DDIG_SIGCHASE.
             </para>

bin/dig/dig.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dig.html,v 1.41 2007/05/16 06:12:01 marka Exp $ -->
+<!-- $Id: dig.html,v 1.13.18.21 2006/06/29 13:03:01 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dig</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.dig"></a><div class="titlepage"></div>
@@ -34,7 +34,7 @@
 <div class="cmdsynopsis"><p><code class="command">dig</code>  [global-queryopt...] [query...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543508"></a><h2>DESCRIPTION</h2>
+<a name="id2549565"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dig</strong></span>
       (domain information groper) is a flexible tool
       for interrogating DNS name servers.  It performs DNS lookups and
@@ -50,7 +50,7 @@
       arguments, it also has a batch mode of operation for reading lookup
       requests from a file.  A brief summary of its command-line arguments
       and options is printed when the <code class="option">-h</code> option is given.
-      Unlike earlier versions, the BIND 9 implementation of
+      Unlike earlier versions, the BIND9 implementation of
       <span><strong class="command">dig</strong></span> allows multiple lookups to be issued
       from the
       command line.
@@ -71,16 +71,9 @@
       any options in it
       are applied before the command line arguments.
     </p>
-<p>
-      The IN and CH class names overlap with the IN and CH top level
-      domains names.  Either use the <code class="option">-t</code> and
-      <code class="option">-c</code> options to specify the type and class or
-      use the <code class="option">-q</code> the specify the domain name or
-      use "IN." and "CH." when looking up these top level domains.
-    </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543577"></a><h2>SIMPLE USAGE</h2>
+<a name="id2549621"></a><h2>SIMPLE USAGE</h2>
 <p>
       A typical invocation of <span><strong class="command">dig</strong></span> looks like:
       </p>
@@ -126,7 +119,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543668"></a><h2>OPTIONS</h2>
+<a name="id2549848"></a><h2>OPTIONS</h2>
 <p>
       The <code class="option">-b</code> option sets the source IP address of the query
       to <em class="parameter"><code>address</code></em>.  This must be a valid
@@ -139,7 +132,7 @@
       The default query class (IN for internet) is overridden by the
       <code class="option">-c</code> option.  <em class="parameter"><code>class</code></em> is
       any valid
-      class, such as HS for Hesiod records or CH for Chaosnet records.
+      class, such as HS for Hesiod records or CH for CHAOSNET records.
     </p>
 <p>
       The <code class="option">-f</code> option makes <span><strong class="command">dig </strong></span>
@@ -147,7 +140,7 @@
       in batch mode by reading a list of lookup requests to process from the
       file <em class="parameter"><code>filename</code></em>.  The file contains a
       number of
-      queries, one per line.  Each entry in the file should be organized in
+      queries, one per line.  Each entry in the file should be organised in
       the same way they would be presented as queries to
       <span><strong class="command">dig</strong></span> using the command-line interface.
     </p>
@@ -170,7 +163,7 @@
       The <code class="option">-t</code> option sets the query type to
       <em class="parameter"><code>type</code></em>.  It can be any valid query type
       which is
-      supported in BIND 9.  The default query type is "A", unless the
+      supported in BIND9.  The default query type "A", unless the
       <code class="option">-x</code> option is supplied to indicate a reverse lookup.
       A zone transfer can be requested by specifying a type of AXFR.  When
       an incremental zone transfer (IXFR) is required,
@@ -181,11 +174,11 @@
     </p>
 <p>
       The <code class="option">-q</code> option sets the query name to 
-      <em class="parameter"><code>name</code></em>.  This useful do distinguish the
+      <em class="parameter"><code>name</code></em>.  This useful do distingish the
       <em class="parameter"><code>name</code></em> from other arguments.
     </p>
 <p>
-      Reverse lookups &#8212; mapping addresses to names &#8212; are simplified by the
+      Reverse lookups - mapping addresses to names - are simplified by the
       <code class="option">-x</code> option.  <em class="parameter"><code>addr</code></em> is
       an IPv4
       address in dotted-decimal notation, or a colon-delimited IPv6 address.
@@ -226,7 +219,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543939"></a><h2>QUERY OPTIONS</h2>
+<a name="id2550051"></a><h2>QUERY OPTIONS</h2>
 <p><span><strong class="command">dig</strong></span>
       provides a number of query options which affect
       the way in which lookups are made and the results displayed.  Some of
@@ -249,7 +242,7 @@
 <dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
 <dd><p>
               Use [do not use] TCP when querying name servers.  The default
-              behavior is to use UDP unless an AXFR or IXFR query is
+              behaviour is to use UDP unless an AXFR or IXFR query is
               requested, in
               which case a TCP connection is used.
             </p></dd>
@@ -362,7 +355,7 @@
             </p></dd>
 <dt><span class="term"><code class="option">+[no]cmd</code></span></dt>
 <dd><p>
-              Toggles the printing of the initial comment in the output
+              toggles the printing of the initial comment in the output
               identifying
               the version of <span><strong class="command">dig</strong></span> and the query
               options that have
@@ -394,7 +387,7 @@
               This query option toggles the printing of statistics: when the
               query
               was made, the size of the reply and so on.  The default
-              behavior is
+              behaviour is
               to print the query statistics.
             </p></dd>
 <dt><span class="term"><code class="option">+[no]qr</code></span></dt>
@@ -433,8 +426,8 @@
 <dd><p>
 
               Sets the timeout for a query to
-              <em class="parameter"><code>T</code></em> seconds.  The default
-	      timeout is 5 seconds.
+              <em class="parameter"><code>T</code></em> seconds.  The default time
+              out is 5 seconds.
               An attempt to set <em class="parameter"><code>T</code></em> to less
               than 1 will result
               in a query timeout of 1 second being applied.
@@ -499,7 +492,7 @@
               default is
               to not try the next server which is the reverse of normal stub
               resolver
-              behavior.
+              behaviour.
             </p></dd>
 <dt><span class="term"><code class="option">+[no]besteffort</code></span></dt>
 <dd><p>
@@ -535,7 +528,7 @@
 </dd>
 <dt><span class="term"><code class="option">+[no]topdown</code></span></dt>
 <dd><p>
-              When chasing DNSSEC signature chains perform a top-down
+              When chasing DNSSEC signature chains perform a top down
               validation.
               Requires dig be compiled with -DDIG_SIGCHASE.
             </p></dd>
@@ -545,7 +538,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545128"></a><h2>MULTIPLE QUERIES</h2>
+<a name="id2551240"></a><h2>MULTIPLE QUERIES</h2>
 <p>
       The BIND 9 implementation of <span><strong class="command">dig </strong></span>
       supports
@@ -591,7 +584,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545258"></a><h2>IDN SUPPORT</h2>
+<a name="id2551302"></a><h2>IDN SUPPORT</h2>
 <p>
       If <span><strong class="command">dig</strong></span> has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names.
@@ -605,14 +598,14 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545281"></a><h2>FILES</h2>
+<a name="id2551324"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 <p><code class="filename">${HOME}/.digrc</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545298"></a><h2>SEE ALSO</h2>
+<a name="id2551341"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
@@ -620,7 +613,7 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545335"></a><h2>BUGS</h2>
+<a name="id2551379"></a><h2>BUGS</h2>
 <p>
       There are probably too many query options.
     </p>

bin/dig/dighost.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dighost.c,v 1.302 2007/04/03 23:06:39 marka Exp $ */
+/* $Id: dighost.c,v 1.259.18.37 2006/12/07 06:08:02 marka Exp $ */
 
 /*! \file
  *  \note
@@ -144,7 +144,6 @@ static idn_result_t	append_textname(char *name, const char *origin,
 static void		idn_check_result(idn_result_t r, const char *msg);
 
 #define MAXDLEN		256
-int  idnoptions	= 0;
 #endif
 
 /*%
@@ -1276,7 +1275,9 @@ clear_query(dig_query_t *query) {
  */
 static isc_boolean_t
 try_clear_lookup(dig_lookup_t *lookup) {
+	dig_server_t *s;
 	dig_query_t *q;
+	void *ptr;
 
 	REQUIRE(lookup != NULL);
 
@@ -1297,16 +1298,7 @@ try_clear_lookup(dig_lookup_t *lookup) {
 	 * At this point, we know there are no queries on the lookup,
 	 * so can make it go away also.
 	 */
-	destroy_lookup(lookup);
-	return (ISC_TRUE);
-}
-
-void
-destroy_lookup(dig_lookup_t *lookup) {
-	dig_server_t *s;
-	void *ptr;
-
-	debug("destroy");
+	debug("cleared");
 	s = ISC_LIST_HEAD(lookup->my_server_list);
 	while (s != NULL) {
 		debug("freeing server %p belonging to %p", s, lookup);
@@ -1331,6 +1323,7 @@ destroy_lookup(dig_lookup_t *lookup) {
 		dst_context_destroy(&lookup->tsigctx);
 
 	isc_mem_free(mctx, lookup);
+	return (ISC_TRUE);
 }
 
 /*%
@@ -1642,7 +1635,7 @@ next_origin(dns_message_t *msg, dig_query_t *query) {
 	if (query->lookup->origin == NULL && query->lookup->need_search) {
 		lookup = requeue_lookup(query->lookup, ISC_TRUE);
 		lookup->origin = ISC_LIST_HEAD(search_list);
-		lookup->need_search = ISC_FALSE;
+		query->lookup->need_search = ISC_FALSE;
 	} else {
 		search = ISC_LIST_NEXT(query->lookup->origin, link);
 		if (search == NULL && query->lookup->done_as_is)
@@ -1823,7 +1816,7 @@ setup_lookup(dig_lookup_t *lookup) {
 				     sizeof(utf8_textname));
 		idn_check_result(mr, "append origin to textname");
 	}
-	mr = idn_encodename(idnoptions | IDN_LOCALMAP | IDN_NAMEPREP |
+	mr = idn_encodename(IDN_LOCALMAP | IDN_NAMEPREP | IDN_ASCCHECK |
 			    IDN_IDNCONV | IDN_LENCHECK, utf8_textname,
 			    idn_textname, sizeof(idn_textname));
 	idn_check_result(mr, "convert UTF-8 textname to IDN encoding");
@@ -3898,7 +3891,7 @@ get_trusted_key(isc_mem_t *mctx)
 		       filename);
 		return (ISC_R_FAILURE);
 	}
-	while (fgets(buf, sizeof(buf), fp) != NULL) {
+	while (fgets(buf, 1500, fp) != NULL) {
 		result = opentmpkey(mctx,"tmp_file", &filetemp, &fptemp);
 		if (result != ISC_R_SUCCESS) {
 			fclose(fp);

bin/dig/host.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2002 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: host.1,v 1.28 2007/05/09 03:33:50 marka Exp $
+.\" $Id: host.1,v 1.14.18.11 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: host
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: Jun 30, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -130,7 +130,7 @@ makes. This should mean that the name server receiving the query will not attemp
 \fB\-r\fR
 option enables
 \fBhost\fR
-to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
+to mimic the behaviour of a name server by making non\-recursive queries and expecting to receive answers to those queries that are usually referrals to other name servers.
 .PP
 By default
 \fBhost\fR
@@ -152,7 +152,7 @@ The
 \fB\-t\fR
 option is used to select the query type.
 \fItype\fR
-can be any recognized query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
+can be any recognised query type: CNAME, NS, SOA, SIG, KEY, AXFR, etc. When no query type is specified,
 \fBhost\fR
 automatically selects an appropriate query type. By default it looks for A records, but if the
 \fB\-C\fR
@@ -185,7 +185,7 @@ The
 option tells
 \fBhost\fR
 \fInot\fR
-to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior.
+to send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behaviour.
 .PP
 The
 \fB\-m\fR
@@ -213,7 +213,4 @@ runs.
 \fBdig\fR(1),
 \fBnamed\fR(8).
 .SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2002 Internet Software Consortium.
-.br
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")

bin/dig/host.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,25 +15,13 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: host.c,v 1.113 2007/04/24 07:20:45 marka Exp $ */
+/* $Id: host.c,v 1.94.18.14 2006/05/23 04:40:42 marka Exp $ */
 
 /*! \file */
 
 #include <config.h>
-#include <stdlib.h>
 #include <limits.h>
 
-#ifdef HAVE_LOCALE_H
-#include <locale.h>
-#endif
-
-#ifdef WITH_IDN
-#include <idn/result.h>
-#include <idn/log.h>
-#include <idn/resconf.h>
-#include <idn/api.h>
-#endif
-
 #include <isc/app.h>
 #include <isc/commandline.h>
 #include <isc/netaddr.h>
@@ -426,10 +414,8 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 	if (msg->rcode != 0) {
 		char namestr[DNS_NAME_FORMATSIZE];
 		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
-		printf("Host %s not found: %d(%s)\n",
-		       (msg->rcode != dns_rcode_nxdomain) ? namestr :
-		       query->lookup->textname, msg->rcode,
-		       rcodetext[msg->rcode]);
+		printf("Host %s not found: %d(%s)\n", namestr,
+		       msg->rcode, rcodetext[msg->rcode]);
 		return (ISC_R_SUCCESS);
 	}
 
@@ -678,9 +664,6 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			    lookup->rdtype != dns_rdatatype_axfr)
 				lookup->rdtype = rdtype;
 			lookup->rdtypeset = ISC_TRUE;
-#ifdef WITH_IDN
-			idnoptions = 0;
-#endif
 			if (rdtype == dns_rdatatype_axfr) {
 				/* -l -t any -v */
 				list_type = dns_rdatatype_any;
@@ -689,13 +672,6 @@ parse_args(isc_boolean_t is_batchfile, int argc, char **argv) {
 			} else if (rdtype == dns_rdatatype_ixfr) {
 				lookup->ixfr_serial = serial;
 				list_type = rdtype;
-#ifdef WITH_IDN
-			} else if (rdtype == dns_rdatatype_a ||
-				   rdtype == dns_rdatatype_aaaa ||
-				   rdtype == dns_rdatatype_mx) {
-				idnoptions = IDN_ASCCHECK;
-				list_type = rdtype;
-#endif
 			} else
 				list_type = rdtype;
 			list_addresses = ISC_FALSE;
@@ -838,9 +814,6 @@ main(int argc, char **argv) {
 	ISC_LIST_INIT(search_list);
 	
 	fatalexit = 1;
-#ifdef WITH_IDN
-	idnoptions = IDN_ASCCHECK;
-#endif
 
 	debug("main()");
 	progname = argv[0];

bin/dig/host.docbook

@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: host.docbook,v 1.15 2007/05/09 01:32:08 marka Exp $ -->
+<!-- $Id: host.docbook,v 1.5.18.7 2005/09/09 06:22:06 marka Exp $ -->
 <refentry id="man.host">
 
   <refentryinfo>
@@ -40,7 +40,6 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
-      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -173,7 +172,7 @@
       attempt to resolve <parameter>name</parameter>.  The
       <option>-r</option> option enables <command>host</command>
       to mimic
-      the behavior of a name server by making non-recursive queries and
+      the behaviour of a name server by making non-recursive queries and
       expecting to receive answers to those queries that are usually
       referrals to other name servers.
     </para>
@@ -194,7 +193,7 @@
 
     <para>
       The <option>-t</option> option is used to select the query type.
-      <parameter>type</parameter> can be any recognized query
+      <parameter>type</parameter> can be any recognised query
       type: CNAME,
       NS, SOA, SIG, KEY, AXFR, etc.  When no query type is specified,
       <command>host</command> automatically selects an appropriate
@@ -227,7 +226,7 @@
       The <option>-s</option> option tells <command>host</command> 
       <emphasis>not</emphasis> to send the query to the next nameserver
       if any server responds with a SERVFAIL response, which is the
-      reverse of normal stub resolver behavior.
+      reverse of normal stub resolver behaviour.
     </para>
 
     <para>

bin/dig/host.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2002 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: host.html,v 1.27 2007/05/09 03:33:50 marka Exp $ -->
+<!-- $Id: host.html,v 1.7.18.16 2006/06/29 13:03:01 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>host</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.host"></a><div class="titlepage"></div>
@@ -32,7 +32,7 @@
 <div class="cmdsynopsis"><p><code class="command">host</code>  [<code class="option">-aCdlnrsTwv</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>] [<code class="option">-R <em class="replaceable"><code>number</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-4</code>] [<code class="option">-6</code>] {name} [server]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543428"></a><h2>DESCRIPTION</h2>
+<a name="id2549485"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">host</strong></span>
       is a simple utility for performing DNS lookups.
       It is normally used to convert names to IP addresses and vice versa.
@@ -125,7 +125,7 @@
       attempt to resolve <em class="parameter"><code>name</code></em>.  The
       <code class="option">-r</code> option enables <span><strong class="command">host</strong></span>
       to mimic
-      the behavior of a name server by making non-recursive queries and
+      the behaviour of a name server by making non-recursive queries and
       expecting to receive answers to those queries that are usually
       referrals to other name servers.
     </p>
@@ -143,7 +143,7 @@
     </p>
 <p>
       The <code class="option">-t</code> option is used to select the query type.
-      <em class="parameter"><code>type</code></em> can be any recognized query
+      <em class="parameter"><code>type</code></em> can be any recognised query
       type: CNAME,
       NS, SOA, SIG, KEY, AXFR, etc.  When no query type is specified,
       <span><strong class="command">host</strong></span> automatically selects an appropriate
@@ -174,7 +174,7 @@
       The <code class="option">-s</code> option tells <span><strong class="command">host</strong></span> 
       <span class="emphasis"><em>not</em></span> to send the query to the next nameserver
       if any server responds with a SERVFAIL response, which is the
-      reverse of normal stub resolver behavior.
+      reverse of normal stub resolver behaviour.
     </p>
 <p>
       The <code class="option">-m</code> can be used to set the memory usage debugging
@@ -184,7 +184,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543725"></a><h2>IDN SUPPORT</h2>
+<a name="id2549920"></a><h2>IDN SUPPORT</h2>
 <p>
       If <span><strong class="command">host</strong></span> has been built with IDN (internationalized
       domain name) support, it can accept and display non-ASCII domain names. 
@@ -198,12 +198,12 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543748"></a><h2>FILES</h2>
+<a name="id2549942"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543828"></a><h2>SEE ALSO</h2>
+<a name="id2549954"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
     </p>

bin/dig/include/dig/dig.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dig.h,v 1.104 2007/04/03 23:06:39 marka Exp $ */
+/* $Id: dig.h,v 1.82.18.19 2006/12/07 06:08:02 marka Exp $ */
 
 #ifndef DIG_H
 #define DIG_H
@@ -277,9 +277,6 @@ extern isc_boolean_t debugging, memdebugging;
 extern char *progname;
 extern int tries;
 extern int fatalexit;
-#ifdef WITH_IDN
-extern int idnoptions;
-#endif
 
 /*
  * Routines in dighost.c.
@@ -303,9 +300,6 @@ check_result(isc_result_t result, const char *msg);
 void
 setup_lookup(dig_lookup_t *lookup);
 
-void
-destroy_lookup(dig_lookup_t *lookup);
-
 void
 do_lookup(dig_lookup_t *lookup);
 

bin/dig/nslookup.1

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -12,13 +12,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: nslookup.1,v 1.14 2007/05/16 06:12:01 marka Exp $
+.\" $Id: nslookup.1,v 1.1.10.9 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: nslookup
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: Jun 30, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -42,10 +42,10 @@ has two modes: interactive and non\-interactive. Interactive mode allows the use
 .SH "ARGUMENTS"
 .PP
 Interactive mode is entered in the following cases:
-.TP 4
+.TP 3n
 1.
 when no arguments are given (the default name server will be used)
-.TP 4
+.TP 3n
 2.
 when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server.
 .sp
@@ -54,22 +54,17 @@ when the first argument is a hyphen (\-) and the second argument is the host nam
 Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument. The optional second argument specifies the host name or address of a name server.
 .PP
 Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
-.sp .RS 4 .nf nslookup \-query=hinfo \-timeout=10 .fi .RE
+.sp .RS 3n .nf nslookup \-query=hinfo \-timeout=10 .fi .RE
 .SH "INTERACTIVE COMMANDS"
-.PP
-\fBhost\fR [server]
-.RS 4
+.TP 3n
+host [server]
 Look up information for host using the current default server or using server, if specified. If host is an Internet address and the query type is A or PTR, the name of the host is returned. If host is a name and does not have a trailing period, the search list is used to qualify the name.
 .sp
 To look up a host not in the current domain, append a period to the name.
-.RE
-.PP
+.TP 3n
 \fBserver\fR \fIdomain\fR
-.RS 4
-.RE
-.PP
+.TP 3n
 \fBlserver\fR \fIdomain\fR
-.RS 4
 Change the default server to
 \fIdomain\fR;
 \fBlserver\fR
@@ -77,165 +72,112 @@ uses the initial server to look up information about
 \fIdomain\fR, while
 \fBserver\fR
 uses the current default server. If an authoritative answer can't be found, the names of servers that might have the answer are returned.
-.RE
-.PP
+.TP 3n
 \fBroot\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP 3n
 \fBfinger\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP 3n
 \fBls\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP 3n
 \fBview\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP 3n
 \fBhelp\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP 3n
 \fB?\fR
-.RS 4
 not implemented
-.RE
-.PP
+.TP 3n
 \fBexit\fR
-.RS 4
 Exits the program.
-.RE
-.PP
+.TP 3n
 \fBset\fR \fIkeyword\fR\fI[=value]\fR
-.RS 4
 This command is used to change state information that affects the lookups. Valid keywords are:
-.RS 4
-.PP
+.RS 3n
+.TP 3n
 \fBall\fR
-.RS 4
 Prints the current values of the frequently used options to
 \fBset\fR. Information about the current default server and host is also printed.
-.RE
-.PP
+.TP 3n
 \fBclass=\fR\fIvalue\fR
-.RS 4
 Change the query class to one of:
-.RS 4
-.PP
+.RS 3n
+.TP 3n
 \fBIN\fR
-.RS 4
 the Internet class
-.RE
-.PP
+.TP 3n
 \fBCH\fR
-.RS 4
 the Chaos class
-.RE
-.PP
+.TP 3n
 \fBHS\fR
-.RS 4
 the Hesiod class
-.RE
-.PP
+.TP 3n
 \fBANY\fR
-.RS 4
 wildcard
 .RE
-.RE
-.IP "" 4
+.IP "" 3n
 The class specifies the protocol group of the information.
 .sp
 (Default = IN; abbreviation = cl)
-.RE
-.PP
+.TP 3n
 \fB \fR\fB\fI[no]\fR\fR\fBdebug\fR
-.RS 4
-Turn on or off the display of the full response packet and any intermediate response packets when searching.
+Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
 .sp
 (Default = nodebug; abbreviation =
 [no]deb)
-.RE
-.PP
+.TP 3n
 \fB \fR\fB\fI[no]\fR\fR\fBd2\fR
-.RS 4
-Turn debugging mode on or off. This displays more about what nslookup is doing.
+Turn debugging mode on. A lot more information is printed about the packet sent to the server and the resulting answer.
 .sp
 (Default = nod2)
-.RE
-.PP
+.TP 3n
 \fBdomain=\fR\fIname\fR
-.RS 4
 Sets the search list to
 \fIname\fR.
-.RE
-.PP
+.TP 3n
 \fB \fR\fB\fI[no]\fR\fR\fBsearch\fR
-.RS 4
 If the lookup request contains at least one period but doesn't end with a trailing period, append the domain names in the domain search list to the request until an answer is received.
 .sp
 (Default = search)
-.RE
-.PP
+.TP 3n
 \fBport=\fR\fIvalue\fR
-.RS 4
 Change the default TCP/UDP name server port to
 \fIvalue\fR.
 .sp
 (Default = 53; abbreviation = po)
-.RE
-.PP
+.TP 3n
 \fBquerytype=\fR\fIvalue\fR
-.RS 4
-.RE
-.PP
+.TP 3n
 \fBtype=\fR\fIvalue\fR
-.RS 4
 Change the type of the information query.
 .sp
 (Default = A; abbreviations = q, ty)
-.RE
-.PP
+.TP 3n
 \fB \fR\fB\fI[no]\fR\fR\fBrecurse\fR
-.RS 4
 Tell the name server to query other servers if it does not have the information.
 .sp
 (Default = recurse; abbreviation = [no]rec)
-.RE
-.PP
+.TP 3n
 \fBretry=\fR\fInumber\fR
-.RS 4
 Set the number of retries to number.
-.RE
-.PP
+.TP 3n
 \fBtimeout=\fR\fInumber\fR
-.RS 4
 Change the initial timeout interval for waiting for a reply to number seconds.
-.RE
-.PP
+.TP 3n
 \fB \fR\fB\fI[no]\fR\fR\fBvc\fR
-.RS 4
 Always use a virtual circuit when sending requests to the server.
 .sp
 (Default = novc)
-.RE
-.PP
+.TP 3n
 \fB \fR\fB\fI[no]\fR\fR\fBfail\fR
-.RS 4
 Try the next nameserver if a nameserver responds with SERVFAIL or a referral (nofail) or terminate query (fail) on such a response.
 .sp
 (Default = nofail)
 .RE
-.RE
-.IP "" 4
-.RE
+.IP "" 3n
 .SH "FILES"
 .PP
 \fI/etc/resolv.conf\fR
@@ -248,5 +190,4 @@ Try the next nameserver if a nameserver responds with SERVFAIL or a referral (no
 .PP
 Andrew Cherenson
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
-.br
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")

bin/dig/nslookup.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: nslookup.c,v 1.116 2007/04/24 23:46:56 tbox Exp $ */
+/* $Id: nslookup.c,v 1.101.18.12 2006/12/07 06:08:02 marka Exp $ */
 
 #include <config.h>
 
@@ -410,9 +410,8 @@ printmessage(dig_query_t *query, dns_message_t *msg, isc_boolean_t headers) {
 		char nametext[DNS_NAME_FORMATSIZE];
 		dns_name_format(query->lookup->name,
 				nametext, sizeof(nametext));
-		printf("** server can't find %s: %s\n",
-		       (msg->rcode != dns_rcode_nxdomain) ? nametext :
-		       query->lookup->textname, rcodetext[msg->rcode]);
+		printf("** server can't find %s: %s\n", nametext,
+		       rcodetext[msg->rcode]);
 		debug("returning with rcode == 0");
 		return (ISC_R_SUCCESS);
 	}

bin/dig/nslookup.docbook

@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: nslookup.docbook,v 1.15 2007/05/16 01:42:26 marka Exp $ -->
+<!-- $Id: nslookup.docbook,v 1.4.2.7 2006/01/06 00:01:43 marka Exp $ -->
 <!--
  - Copyright (c) 1985, 1989
  -    The Regents of the University of California.  All rights reserved.
@@ -72,7 +72,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
-      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -142,7 +141,7 @@ nslookup -query=hinfo  -timeout=10
     <title>INTERACTIVE COMMANDS</title>
     <variablelist>
       <varlistentry>
-        <term><constant>host</constant> <optional>server</optional></term>
+        <term>host <optional>server</optional></term>
         <listitem>
           <para>
             Look up information for host using the current default server or
@@ -314,8 +313,9 @@ nslookup -query=hinfo  -timeout=10
                     <replaceable><optional>no</optional></replaceable>debug</constant></term>
                 <listitem>
                   <para>
-		    Turn on or off the display of the full response packet and
-		    any intermediate response packets when searching.
+                    Turn debugging mode on.  A lot more information is
+                    printed about the packet sent to the server and the
+                    resulting answer.
                   </para>
 		  <para>
                     (Default = nodebug; abbreviation = <optional>no</optional>deb)
@@ -328,8 +328,9 @@ nslookup -query=hinfo  -timeout=10
                     <replaceable><optional>no</optional></replaceable>d2</constant></term>
                 <listitem>
                   <para>
-                    Turn debugging mode on or off.  This displays more about
-	            what nslookup is doing.
+                    Turn debugging mode on.  A lot more information is
+                    printed about the packet sent to the server and the
+                    resulting answer.
                   </para>
 		  <para>
                     (Default = nod2)

bin/dig/nslookup.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
  - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -13,15 +13,15 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: nslookup.html,v 1.21 2007/05/16 06:12:01 marka Exp $ -->
+<!-- $Id: nslookup.html,v 1.1.10.15 2006/06/29 13:03:01 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>nslookup</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476276"></a><div class="titlepage"></div>
+<a name="id2482694"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
 <p>nslookup &#8212; query Internet name servers interactively</p>
@@ -31,7 +31,7 @@
 <div class="cmdsynopsis"><p><code class="command">nslookup</code>  [<code class="option">-option</code>] [name | -] [server]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543355"></a><h2>DESCRIPTION</h2>
+<a name="id2549413"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">Nslookup</strong></span>
       is a program to query Internet domain name servers.  <span><strong class="command">Nslookup</strong></span>
       has two modes: interactive and non-interactive.  Interactive mode allows
@@ -43,7 +43,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543371"></a><h2>ARGUMENTS</h2>
+<a name="id2549429"></a><h2>ARGUMENTS</h2>
 <p>
       Interactive mode is entered in the following cases:
       </p>
@@ -76,9 +76,9 @@ nslookup -query=hinfo  -timeout=10
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543413"></a><h2>INTERACTIVE COMMANDS</h2>
+<a name="id2549470"></a><h2>INTERACTIVE COMMANDS</h2>
 <div class="variablelist"><dl>
-<dt><span class="term"><code class="constant">host</code> [<span class="optional">server</span>]</span></dt>
+<dt><span class="term">host [<span class="optional">server</span>]</span></dt>
 <dd>
 <p>
             Look up information for host using the current default server or
@@ -180,8 +180,9 @@ nslookup -query=hinfo  -timeout=10
                     <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>debug</code></span></dt>
 <dd>
 <p>
-		    Turn on or off the display of the full response packet and
-		    any intermediate response packets when searching.
+                    Turn debugging mode on.  A lot more information is
+                    printed about the packet sent to the server and the
+                    resulting answer.
                   </p>
 <p>
                     (Default = nodebug; abbreviation = [<span class="optional">no</span>]deb)
@@ -191,8 +192,9 @@ nslookup -query=hinfo  -timeout=10
                     <em class="replaceable"><code>[<span class="optional">no</span>]</code></em>d2</code></span></dt>
 <dd>
 <p>
-                    Turn debugging mode on or off.  This displays more about
-	            what nslookup is doing.
+                    Turn debugging mode on.  A lot more information is
+                    printed about the packet sent to the server and the
+                    resulting answer.
                   </p>
 <p>
                     (Default = nod2)
@@ -286,19 +288,19 @@ nslookup -query=hinfo  -timeout=10
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2546279"></a><h2>FILES</h2>
+<a name="id2550082"></a><h2>FILES</h2>
 <p><code class="filename">/etc/resolv.conf</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2546291"></a><h2>SEE ALSO</h2>
+<a name="id2550093"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dig</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">host</span>(1)</span>,
       <span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2546325"></a><h2>Author</h2>
+<a name="id2552380"></a><h2>Author</h2>
 <p>
       Andrew Cherenson
     </p>

bin/dnssec/Makefile.in

@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.30 2005/05/02 00:26:28 marka Exp $
+# $Id: Makefile.in,v 1.26.18.4 2005/05/02 00:26:11 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@

bin/dnssec/dnssec-keygen.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-keygen.8,v 1.37 2007/05/09 03:33:50 marka Exp $
+.\" $Id: dnssec-keygen.8,v 1.23.18.11 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: dnssec\-keygen
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: June 30, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -37,11 +37,10 @@ dnssec\-keygen \- DNSSEC key generation tool
 .SH "DESCRIPTION"
 .PP
 \fBdnssec\-keygen\fR
-generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC 4034. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
+generates keys for DNSSEC (Secure DNS), as defined in RFC 2535 and RFC <TBA\\>. It can also generate keys for use with TSIG (Transaction Signatures), as defined in RFC 2845.
 .SH "OPTIONS"
-.PP
+.TP 3n
 \-a \fIalgorithm\fR
-.RS 4
 Selects the cryptographic algorithm. The value of
 \fBalgorithm\fR
 must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5. These values are case insensitive.
@@ -49,58 +48,38 @@ must be one of RSAMD5 (RSA) or RSASHA1, DSA, DH (Diffie Hellman), or HMAC\-MD5.
 Note 1: that for DNSSEC, RSASHA1 is a mandatory to implement algorithm, and DSA is recommended. For TSIG, HMAC\-MD5 is mandatory.
 .sp
 Note 2: HMAC\-MD5 and DH automatically set the \-k flag.
-.RE
-.PP
+.TP 3n
 \-b \fIkeysize\fR
-.RS 4
 Specifies the number of bits in the key. The choice of key size depends on the algorithm used. RSAMD5 / RSASHA1 keys must be between 512 and 2048 bits. Diffie Hellman keys must be between 128 and 4096 bits. DSA keys must be between 512 and 1024 bits and an exact multiple of 64. HMAC\-MD5 keys must be between 1 and 512 bits.
-.RE
-.PP
+.TP 3n
 \-n \fInametype\fR
-.RS 4
 Specifies the owner type of the key. The value of
 \fBnametype\fR
 must either be ZONE (for a DNSSEC zone key (KEY/DNSKEY)), HOST or ENTITY (for a key associated with a host (KEY)), USER (for a key associated with a user(KEY)) or OTHER (DNSKEY). These values are case insensitive.
-.RE
-.PP
+.TP 3n
 \-c \fIclass\fR
-.RS 4
 Indicates that the DNS record containing the key should have the specified class. If not specified, class IN is used.
-.RE
-.PP
+.TP 3n
 \-e
-.RS 4
 If generating an RSAMD5/RSASHA1 key, use a large exponent.
-.RE
-.PP
+.TP 3n
 \-f \fIflag\fR
-.RS 4
 Set the specified flag in the flag field of the KEY/DNSKEY record. The only recognized flag is KSK (Key Signing Key) DNSKEY.
-.RE
-.PP
+.TP 3n
 \-g \fIgenerator\fR
-.RS 4
 If generating a Diffie Hellman key, use this generator. Allowed values are 2 and 5. If no generator is specified, a known prime from RFC 2539 will be used if possible; otherwise the default is 2.
-.RE
-.PP
+.TP 3n
 \-h
-.RS 4
 Prints a short summary of the options and arguments to
 \fBdnssec\-keygen\fR.
-.RE
-.PP
+.TP 3n
 \-k
-.RS 4
 Generate KEY records rather than DNSKEY records.
-.RE
-.PP
+.TP 3n
 \-p \fIprotocol\fR
-.RS 4
 Sets the protocol value for the generated key. The protocol is a number between 0 and 255. The default is 3 (DNSSEC). Other possible values for this argument are listed in RFC 2535 and its successors.
-.RE
-.PP
+.TP 3n
 \-r \fIrandomdev\fR
-.RS 4
 Specifies the source of randomness. If the operating system does not provide a
 \fI/dev/random\fR
 or equivalent device, the default source of randomness is keyboard input.
@@ -108,24 +87,17 @@ or equivalent device, the default source of randomness is keyboard input.
 specifies the name of a character device or file containing random data to be used instead of the default. The special value
 \fIkeyboard\fR
 indicates that keyboard input should be used.
-.RE
-.PP
+.TP 3n
 \-s \fIstrength\fR
-.RS 4
 Specifies the strength value of the key. The strength is a number between 0 and 15, and currently has no defined purpose in DNSSEC.
-.RE
-.PP
+.TP 3n
 \-t \fItype\fR
-.RS 4
 Indicates the use of the key.
 \fBtype\fR
 must be one of AUTHCONF, NOAUTHCONF, NOAUTH, or NOCONF. The default is AUTHCONF. AUTH refers to the ability to authenticate data, and CONF the ability to encrypt data.
-.RE
-.PP
+.TP 3n
 \-v \fIlevel\fR
-.RS 4
 Sets the debugging level.
-.RE
 .SH "GENERATED KEYS"
 .PP
 When
@@ -133,21 +105,23 @@ When
 completes successfully, it prints a string of the form
 \fIKnnnn.+aaa+iiiii\fR
 to the standard output. This is an identification string for the key it has generated.
-.TP 4
+.TP 3n
 \(bu
 \fInnnn\fR
 is the key name.
-.TP 4
+.TP 3n
 \(bu
 \fIaaa\fR
 is the numeric representation of the algorithm.
-.TP 4
+.TP 3n
 \(bu
 \fIiiiii\fR
 is the key identifier (or footprint).
+.sp
+.RE
 .PP
 \fBdnssec\-keygen\fR
-creates two files, with names based on the printed string.
+creates two file, with names based on the printed string.
 \fIKnnnn.+aaa+iiiii.key\fR
 contains the public key, and
 \fIKnnnn.+aaa+iiiii.private\fR
@@ -159,13 +133,13 @@ file contains a DNS KEY record that can be inserted into a zone file (directly o
 .PP
 The
 \fI.private\fR
-file contains algorithm\-specific fields. For obvious security reasons, this file does not have general read permission.
+file contains algorithm specific fields. For obvious security reasons, this file does not have general read permission.
 .PP
 Both
 \fI.key\fR
 and
 \fI.private\fR
-files are generated for symmetric encryption algorithms such as HMAC\-MD5, even though the public and private key are equivalent.
+files are generated for symmetric encryption algorithm such as HMAC\-MD5, even though the public and private key are equivalent.
 .SH "EXAMPLE"
 .PP
 To generate a 768\-bit DSA key for the domain
@@ -182,7 +156,7 @@ In this example,
 creates the files
 \fIKexample.com.+003+26160.key\fR
 and
-\fIKexample.com.+003+26160.private\fR.
+\fIKexample.com.+003+26160.private\fR
 .SH "SEE ALSO"
 .PP
 \fBdnssec\-signzone\fR(8),
@@ -194,7 +168,4 @@ RFC 2539.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
-.br
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")

bin/dnssec/dnssec-keygen.c

@@ -1,6 +1,6 @@
 /*
- * Portions Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
- * Portions Copyright (C) 1999-2003  Internet Software Consortium.
+ * Portions Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+ * Portions Copyright (C) 2000-2003  Internet Software Consortium.
  * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -16,7 +16,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-keygen.c,v 1.75 2007/01/09 23:49:38 marka Exp $ */
+/* $Id: dnssec-keygen.c,v 1.66.18.7 2006/01/27 02:50:50 marka Exp $ */
 
 /*! \file */
 

bin/dnssec/dnssec-keygen.docbook

@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-keygen.docbook,v 1.17 2007/05/09 01:32:08 marka Exp $ -->
+<!-- $Id: dnssec-keygen.docbook,v 1.7.18.7 2005/08/30 01:42:12 marka Exp $ -->
 <refentry id="man.dnssec-keygen">
   <refentryinfo>
     <date>June 30, 2000</date>
@@ -39,7 +39,6 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
-      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -76,7 +75,7 @@
     <title>DESCRIPTION</title>
     <para><command>dnssec-keygen</command>
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  It can also generate keys for use with
+      and RFC &lt;TBA\&gt;.  It can also generate keys for use with
       TSIG (Transaction Signatures), as defined in RFC 2845.
     </para>
   </refsect1>
@@ -286,7 +285,7 @@
       </listitem>
     </itemizedlist>
     <para><command>dnssec-keygen</command> 
-      creates two files, with names based
+      creates two file, with names based
       on the printed string.  <filename>Knnnn.+aaa+iiiii.key</filename>
       contains the public key, and
       <filename>Knnnn.+aaa+iiiii.private</filename> contains the
@@ -300,14 +299,14 @@
       statement).
     </para>
     <para>
-      The <filename>.private</filename> file contains
-      algorithm-specific
+      The <filename>.private</filename> file contains algorithm
+      specific
       fields.  For obvious security reasons, this file does not have
       general read permission.
     </para>
     <para>
       Both <filename>.key</filename> and <filename>.private</filename>
-      files are generated for symmetric encryption algorithms such as
+      files are generated for symmetric encryption algorithm such as
       HMAC-MD5, even though the public and private key are equivalent.
     </para>
   </refsect1>
@@ -330,7 +329,7 @@
       In this example, <command>dnssec-keygen</command> creates
       the files <filename>Kexample.com.+003+26160.key</filename>
       and
-      <filename>Kexample.com.+003+26160.private</filename>.
+      <filename>Kexample.com.+003+26160.private</filename>
     </para>
   </refsect1>
 

bin/dnssec/dnssec-keygen.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-keygen.html,v 1.29 2007/05/09 03:33:50 marka Exp $ -->
+<!-- $Id: dnssec-keygen.html,v 1.9.18.16 2006/06/29 13:03:01 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dnssec-keygen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.dnssec-keygen"></a><div class="titlepage"></div>
@@ -32,15 +32,15 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-keygen</code>  {-a <em class="replaceable"><code>algorithm</code></em>} {-b <em class="replaceable"><code>keysize</code></em>} {-n <em class="replaceable"><code>nametype</code></em>} [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-e</code>] [<code class="option">-f <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-g <em class="replaceable"><code>generator</code></em></code>] [<code class="option">-h</code>] [<code class="option">-k</code>] [<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>strength</code></em></code>] [<code class="option">-t <em class="replaceable"><code>type</code></em></code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] {name}</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543474"></a><h2>DESCRIPTION</h2>
+<a name="id2549531"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-keygen</strong></span>
       generates keys for DNSSEC (Secure DNS), as defined in RFC 2535
-      and RFC 4034.  It can also generate keys for use with
+      and RFC &lt;TBA\&gt;.  It can also generate keys for use with
       TSIG (Transaction Signatures), as defined in RFC 2845.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543485"></a><h2>OPTIONS</h2>
+<a name="id2549543"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
 <dd>
@@ -148,7 +148,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543820"></a><h2>GENERATED KEYS</h2>
+<a name="id2549946"></a><h2>GENERATED KEYS</h2>
 <p>
       When <span><strong class="command">dnssec-keygen</strong></span> completes
       successfully,
@@ -168,7 +168,7 @@
         </p></li>
 </ul></div>
 <p><span><strong class="command">dnssec-keygen</strong></span> 
-      creates two files, with names based
+      creates two file, with names based
       on the printed string.  <code class="filename">Knnnn.+aaa+iiiii.key</code>
       contains the public key, and
       <code class="filename">Knnnn.+aaa+iiiii.private</code> contains the
@@ -182,19 +182,19 @@
       statement).
     </p>
 <p>
-      The <code class="filename">.private</code> file contains
-      algorithm-specific
+      The <code class="filename">.private</code> file contains algorithm
+      specific
       fields.  For obvious security reasons, this file does not have
       general read permission.
     </p>
 <p>
       Both <code class="filename">.key</code> and <code class="filename">.private</code>
-      files are generated for symmetric encryption algorithms such as
+      files are generated for symmetric encryption algorithm such as
       HMAC-MD5, even though the public and private key are equivalent.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543902"></a><h2>EXAMPLE</h2>
+<a name="id2550028"></a><h2>EXAMPLE</h2>
 <p>
       To generate a 768-bit DSA key for the domain
       <strong class="userinput"><code>example.com</code></strong>, the following command would be
@@ -211,11 +211,11 @@
       In this example, <span><strong class="command">dnssec-keygen</strong></span> creates
       the files <code class="filename">Kexample.com.+003+26160.key</code>
       and
-      <code class="filename">Kexample.com.+003+26160.private</code>.
+      <code class="filename">Kexample.com.+003+26160.private</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543946"></a><h2>SEE ALSO</h2>
+<a name="id2550072"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-signzone</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 2535</em>,
@@ -224,7 +224,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544045"></a><h2>AUTHOR</h2>
+<a name="id2550103"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dnssec/dnssec-signzone.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000-2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: dnssec-signzone.8,v 1.45 2007/05/09 03:33:50 marka Exp $
+.\" $Id: dnssec-signzone.8,v 1.28.18.14 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: dnssec\-signzone
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: June 30, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -41,72 +41,51 @@ signs a zone. It generates NSEC and RRSIG records and produces a signed version
 \fIkeyset\fR
 file for each child zone.
 .SH "OPTIONS"
-.PP
+.TP 3n
 \-a
-.RS 4
 Verify all generated signatures.
-.RE
-.PP
+.TP 3n
 \-c \fIclass\fR
-.RS 4
 Specifies the DNS class of the zone.
-.RE
-.PP
+.TP 3n
 \-k \fIkey\fR
-.RS 4
 Treat specified key as a key signing key ignoring any key flags. This option may be specified multiple times.
-.RE
-.PP
+.TP 3n
 \-l \fIdomain\fR
-.RS 4
 Generate a DLV set in addition to the key (DNSKEY) and DS sets. The domain is appended to the name of the records.
-.RE
-.PP
+.TP 3n
 \-d \fIdirectory\fR
-.RS 4
 Look for
 \fIkeyset\fR
 files in
 \fBdirectory\fR
 as the directory
-.RE
-.PP
+.TP 3n
 \-g
-.RS 4
 Generate DS records for child zones from keyset files. Existing DS records will be removed.
-.RE
-.PP
+.TP 3n
 \-s \fIstart\-time\fR
-.RS 4
 Specify the date and time when the generated RRSIG records become valid. This can be either an absolute or relative time. An absolute start time is indicated by a number in YYYYMMDDHHMMSS notation; 20000530144500 denotes 14:45:00 UTC on May 30th, 2000. A relative start time is indicated by +N, which is N seconds from the current time. If no
 \fBstart\-time\fR
 is specified, the current time minus 1 hour (to allow for clock skew) is used.
-.RE
-.PP
+.TP 3n
 \-e \fIend\-time\fR
-.RS 4
 Specify the date and time when the generated RRSIG records expire. As with
 \fBstart\-time\fR, an absolute time is indicated in YYYYMMDDHHMMSS notation. A time relative to the start time is indicated with +N, which is N seconds from the start time. A time relative to the current time is indicated with now+N. If no
 \fBend\-time\fR
 is specified, 30 days from the start time is used as a default.
-.RE
-.PP
+.TP 3n
 \-f \fIoutput\-file\fR
-.RS 4
 The name of the output file containing the signed zone. The default is to append
 \fI.signed\fR
-to the input filename.
-.RE
-.PP
+to the input file.
+.TP 3n
 \-h
-.RS 4
 Prints a short summary of the options and arguments to
 \fBdnssec\-signzone\fR.
-.RE
-.PP
+.TP 3n
 \-i \fIinterval\fR
-.RS 4
-When a previously\-signed zone is passed as input, records may be resigned. The
+When a previously signed zone is passed as input, records may be resigned. The
 \fBinterval\fR
 option specifies the cycle interval as an offset from the current time (in seconds). If a RRSIG record expires after the cycle interval, it is retained. Otherwise, it is considered to be expiring soon, and it will be replaced.
 .sp
@@ -117,77 +96,55 @@ or
 are specified,
 \fBdnssec\-signzone\fR
 generates signatures that are valid for 30 days, with a cycle interval of 7.5 days. Therefore, if any existing RRSIG records are due to expire in less than 7.5 days, they would be replaced.
-.RE
-.PP
+.TP 3n
 \-I \fIinput\-format\fR
-.RS 4
 The format of the input zone file. Possible formats are
 \fB"text"\fR
 (default) and
 \fB"raw"\fR. This option is primarily intended to be used for dynamic signed zones so that the dumped zone file in a non\-text format containing updates can be signed directly. The use of this option does not make much sense for non\-dynamic zones.
-.RE
-.PP
+.TP 3n
 \-j \fIjitter\fR
-.RS 4
-When signing a zone with a fixed signature lifetime, all RRSIG records issued at the time of signing expires simultaneously. If the zone is incrementally signed, i.e. a previously\-signed zone is passed as input to the signer, all expired signatures have to be regenerated at about the same time. The
+When signing a zone with a fixed signature lifetime, all RRSIG records issued at the time of signing expires simultaneously. If the zone is incrementally signed, i.e. a previously signed zone is passed as input to the signer, all expired signatures has to be regenerated at about the same time. The
 \fBjitter\fR
 option specifies a jitter window that will be used to randomize the signature expire time, thus spreading incremental signature regeneration over time.
 .sp
 Signature lifetime jitter also to some extent benefits validators and servers by spreading out cache expiration, i.e. if large numbers of RRSIGs don't expire at the same time from all caches there will be less congestion than if all validators need to refetch at mostly the same time.
-.RE
-.PP
+.TP 3n
 \-n \fIncpus\fR
-.RS 4
 Specifies the number of threads to use. By default, one thread is started for each detected CPU.
-.RE
-.PP
+.TP 3n
 \-N \fIsoa\-serial\-format\fR
-.RS 4
 The SOA serial number format of the signed zone. Possible formats are
 \fB"keep"\fR
 (default),
 \fB"increment"\fR
 and
 \fB"unixtime"\fR.
-.RS 4
-.PP
+.RS 3n
+.TP 3n
 \fB"keep"\fR
-.RS 4
 Do not modify the SOA serial number.
-.RE
-.PP
+.TP 3n
 \fB"increment"\fR
-.RS 4
 Increment the SOA serial number using RFC 1982 arithmetics.
-.RE
-.PP
+.TP 3n
 \fB"unixtime"\fR
-.RS 4
 Set the SOA serial number to the number of seconds since epoch.
 .RE
-.RE
-.RE
-.PP
+.TP 3n
 \-o \fIorigin\fR
-.RS 4
 The zone origin. If not specified, the name of the zone file is assumed to be the origin.
-.RE
-.PP
+.TP 3n
 \-O \fIoutput\-format\fR
-.RS 4
 The format of the output file containing the signed zone. Possible formats are
 \fB"text"\fR
 (default) and
 \fB"raw"\fR.
-.RE
-.PP
+.TP 3n
 \-p
-.RS 4
 Use pseudo\-random data when signing the zone. This is faster, but less secure, than using real random data. This option may be useful when signing large zones or when the entropy source is limited.
-.RE
-.PP
+.TP 3n
 \-r \fIrandomdev\fR
-.RS 4
 Specifies the source of randomness. If the operating system does not provide a
 \fI/dev/random\fR
 or equivalent device, the default source of randomness is keyboard input.
@@ -195,68 +152,42 @@ or equivalent device, the default source of randomness is keyboard input.
 specifies the name of a character device or file containing random data to be used instead of the default. The special value
 \fIkeyboard\fR
 indicates that keyboard input should be used.
-.RE
-.PP
+.TP 3n
 \-t
-.RS 4
 Print statistics at completion.
-.RE
-.PP
+.TP 3n
 \-v \fIlevel\fR
-.RS 4
 Sets the debugging level.
-.RE
-.PP
+.TP 3n
 \-z
-.RS 4
 Ignore KSK flag on key when determining what to sign.
-.RE
-.PP
+.TP 3n
 zonefile
-.RS 4
 The file containing the zone to be signed.
-.RE
-.PP
+.TP 3n
 key
-.RS 4
-Specify which keys should be used to sign the zone. If no keys are specified, then the zone will be examined for DNSKEY records at the zone apex. If these are found and there are matching private keys, in the current directory, then these will be used for signing.
-.RE
+The keys used to sign the zone. If no keys are specified, the default all zone keys that have private key files in the current directory.
 .SH "EXAMPLE"
 .PP
 The following command signs the
 \fBexample.com\fR
-zone with the DSA key generated by
+zone with the DSA key generated in the
 \fBdnssec\-keygen\fR
-(Kexample.com.+003+17247). The zone's keys must be in the master file (\fIdb.example.com\fR). This invocation looks for
+man page. The zone's keys must be in the zone. If there are
 \fIkeyset\fR
-files, in the current directory, so that DS records can be generated from them (\fB\-g\fR).
-.sp
-.RS 4
-.nf
-% dnssec\-signzone \-g \-o example.com db.example.com \\
-Kexample.com.+003+17247
-db.example.com.signed
-%
-.fi
-.RE
+files associated with child zones, they must be in the current directory.
+\fBexample.com\fR, the following command would be issued:
 .PP
-In the above example,
+\fBdnssec\-signzone \-o example.com db.example.com Kexample.com.+003+26160\fR
+.PP
+The command would print a string of the form:
+.PP
+In this example,
 \fBdnssec\-signzone\fR
 creates the file
 \fIdb.example.com.signed\fR. This file should be referenced in a zone statement in a
 \fInamed.conf\fR
 file.
-.PP
-This example re\-signs a previously signed zone with default parameters. The private keys are assumed to be in the current directory.
-.sp
-.RS 4
-.nf
-% cp db.example.com.signed db.example.com
-% dnssec\-signzone \-o example.com db.example.com
-db.example.com.signed
-%
-.fi
-.RE
 .SH "SEE ALSO"
 .PP
 \fBdnssec\-keygen\fR(8),
@@ -266,7 +197,4 @@ RFC 2535.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000\-2003 Internet Software Consortium.
-.br
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")

bin/dnssec/dnssec-signzone.c

@@ -16,7 +16,7 @@
  * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssec-signzone.c,v 1.199 2006/08/30 22:57:16 marka Exp $ */
+/* $Id: dnssec-signzone.c,v 1.177.18.21 2006/08/30 23:01:54 marka Exp $ */
 
 /*! \file */
 

bin/dnssec/dnssec-signzone.docbook

@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: dnssec-signzone.docbook,v 1.26 2007/05/09 01:32:08 marka Exp $ -->
+<!-- $Id: dnssec-signzone.docbook,v 1.10.18.13 2006/04/15 22:19:21 marka Exp $ -->
 <refentry id="man.dnssec-signzone">
   <refentryinfo>
     <date>June 30, 2000</date>
@@ -40,7 +40,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
-      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -193,7 +192,7 @@
             The name of the output file containing the signed zone.  The
             default is to append <filename>.signed</filename> to
             the
-            input filename.
+            input file.
           </para>
         </listitem>
       </varlistentry>
@@ -212,7 +211,7 @@
         <term>-i <replaceable class="parameter">interval</replaceable></term>
         <listitem>
           <para>
-            When a previously-signed zone is passed as input, records
+            When a previously signed zone is passed as input, records
             may be resigned.  The <option>interval</option> option
             specifies the cycle interval as an offset from the current
             time (in seconds).  If a RRSIG record expires after the
@@ -256,8 +255,8 @@
             When signing a zone with a fixed signature lifetime, all
             RRSIG records issued at the time of signing expires
             simultaneously.  If the zone is incrementally signed, i.e.
-            a previously-signed zone is passed as input to the signer,
-            all expired signatures have to be regenerated at about the
+            a previously signed zone is passed as input to the signer,
+            all expired signatures has to be regenerated at about the
             same time.  The <option>jitter</option> option specifies a
             jitter window that will be used to randomize the signature
             expire time, thus spreading incremental signature
@@ -411,11 +410,9 @@
         <term>key</term>
         <listitem>
           <para>
-	    Specify which keys should be used to sign the zone.  If
-	    no keys are specified, then the zone will be examined
-	    for DNSKEY records at the zone apex.  If these are found and
-	    there are matching private keys, in the current directory,
-	    then these will be used for signing.
+            The keys used to sign the zone.  If no keys are specified, the
+            default all zone keys that have private key files in the
+            current directory.
           </para>
         </listitem>
       </varlistentry>
@@ -427,30 +424,27 @@
     <title>EXAMPLE</title>
     <para>
       The following command signs the <userinput>example.com</userinput>
-      zone with the DSA key generated by <command>dnssec-keygen</command>
-      (Kexample.com.+003+17247).  The zone's keys must be in the master
-      file (<filename>db.example.com</filename>).  This invocation looks
-      for <filename>keyset</filename> files, in the current directory,
-      so that DS records can be generated from them (<command>-g</command>).
+      zone with the DSA key generated in the <command>dnssec-keygen</command>
+      man page.  The zone's keys must be in the zone.  If there are
+      <filename>keyset</filename> files associated with child
+      zones,
+      they must be in the current directory.
+      <userinput>example.com</userinput>, the following command would be
+      issued:
+    </para>
+    <para><userinput>dnssec-signzone -o example.com db.example.com
+        Kexample.com.+003+26160</userinput>
     </para>
-<programlisting>% dnssec-signzone -g -o example.com db.example.com \
-Kexample.com.+003+17247
-db.example.com.signed
-%</programlisting>
     <para>
-      In the above example, <command>dnssec-signzone</command> creates
+      The command would print a string of the form:
+    </para>
+    <para>
+      In this example, <command>dnssec-signzone</command> creates
       the file <filename>db.example.com.signed</filename>.  This
-      file should be referenced in a zone statement in a
+      file
+      should be referenced in a zone statement in a
       <filename>named.conf</filename> file.
     </para>
-    <para>
-      This example re-signs a previously signed zone with default parameters.
-      The private keys are assumed to be in the current directory.
-    </para>
-<programlisting>% cp db.example.com.signed db.example.com
-% dnssec-signzone -o example.com db.example.com
-db.example.com.signed
-%</programlisting>
   </refsect1>
 
   <refsect1>

bin/dnssec/dnssec-signzone.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000-2003 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and distribute this software for any
@@ -14,12 +14,12 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: dnssec-signzone.html,v 1.31 2007/05/09 03:33:50 marka Exp $ -->
+<!-- $Id: dnssec-signzone.html,v 1.8.18.19 2006/06/29 13:03:01 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>dnssec-signzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
 <a name="man.dnssec-signzone"></a><div class="titlepage"></div>
@@ -32,7 +32,7 @@
 <div class="cmdsynopsis"><p><code class="command">dnssec-signzone</code>  [<code class="option">-a</code>] [<code class="option">-c <em class="replaceable"><code>class</code></em></code>] [<code class="option">-d <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-e <em class="replaceable"><code>end-time</code></em></code>] [<code class="option">-f <em class="replaceable"><code>output-file</code></em></code>] [<code class="option">-g</code>] [<code class="option">-h</code>] [<code class="option">-k <em class="replaceable"><code>key</code></em></code>] [<code class="option">-l <em class="replaceable"><code>domain</code></em></code>] [<code class="option">-i <em class="replaceable"><code>interval</code></em></code>] [<code class="option">-I <em class="replaceable"><code>input-format</code></em></code>] [<code class="option">-j <em class="replaceable"><code>jitter</code></em></code>] [<code class="option">-N <em class="replaceable"><code>soa-serial-format</code></em></code>] [<code class="option">-o <em class="replaceable"><code>origin</code></em></code>] [<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>] [<code class="option">-p</code>] [<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>] [<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>] [<code class="option">-t</code>] [<code class="option">-v <em class="replaceable"><code>level</code></em></code>] [<code class="option">-z</code>] {zonefile} [key...]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543526"></a><h2>DESCRIPTION</h2>
+<a name="id2549584"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">dnssec-signzone</strong></span>
       signs a zone.  It generates
       NSEC and RRSIG records and produces a signed version of the
@@ -43,7 +43,7 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543541"></a><h2>OPTIONS</h2>
+<a name="id2549598"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
 <dt><span class="term">-a</span></dt>
 <dd><p>
@@ -99,7 +99,7 @@
             The name of the output file containing the signed zone.  The
             default is to append <code class="filename">.signed</code> to
             the
-            input filename.
+            input file.
           </p></dd>
 <dt><span class="term">-h</span></dt>
 <dd><p>
@@ -109,7 +109,7 @@
 <dt><span class="term">-i <em class="replaceable"><code>interval</code></em></span></dt>
 <dd>
 <p>
-            When a previously-signed zone is passed as input, records
+            When a previously signed zone is passed as input, records
             may be resigned.  The <code class="option">interval</code> option
             specifies the cycle interval as an offset from the current
             time (in seconds).  If a RRSIG record expires after the
@@ -145,8 +145,8 @@
             When signing a zone with a fixed signature lifetime, all
             RRSIG records issued at the time of signing expires
             simultaneously.  If the zone is incrementally signed, i.e.
-            a previously-signed zone is passed as input to the signer,
-            all expired signatures have to be regenerated at about the
+            a previously signed zone is passed as input to the signer,
+            all expired signatures has to be regenerated at about the
             same time.  The <code class="option">jitter</code> option specifies a
             jitter window that will be used to randomize the signature
             expire time, thus spreading incremental signature
@@ -232,52 +232,47 @@
           </p></dd>
 <dt><span class="term">key</span></dt>
 <dd><p>
-	    Specify which keys should be used to sign the zone.  If
-	    no keys are specified, then the zone will be examined
-	    for DNSKEY records at the zone apex.  If these are found and
-	    there are matching private keys, in the current directory,
-	    then these will be used for signing.
+            The keys used to sign the zone.  If no keys are specified, the
+            default all zone keys that have private key files in the
+            current directory.
           </p></dd>
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544327"></a><h2>EXAMPLE</h2>
+<a name="id2550521"></a><h2>EXAMPLE</h2>
 <p>
       The following command signs the <strong class="userinput"><code>example.com</code></strong>
-      zone with the DSA key generated by <span><strong class="command">dnssec-keygen</strong></span>
-      (Kexample.com.+003+17247).  The zone's keys must be in the master
-      file (<code class="filename">db.example.com</code>).  This invocation looks
-      for <code class="filename">keyset</code> files, in the current directory,
-      so that DS records can be generated from them (<span><strong class="command">-g</strong></span>).
+      zone with the DSA key generated in the <span><strong class="command">dnssec-keygen</strong></span>
+      man page.  The zone's keys must be in the zone.  If there are
+      <code class="filename">keyset</code> files associated with child
+      zones,
+      they must be in the current directory.
+      <strong class="userinput"><code>example.com</code></strong>, the following command would be
+      issued:
+    </p>
+<p><strong class="userinput"><code>dnssec-signzone -o example.com db.example.com
+        Kexample.com.+003+26160</code></strong>
     </p>
-<pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
-Kexample.com.+003+17247
-db.example.com.signed
-%</pre>
 <p>
-      In the above example, <span><strong class="command">dnssec-signzone</strong></span> creates
+      The command would print a string of the form:
+    </p>
+<p>
+      In this example, <span><strong class="command">dnssec-signzone</strong></span> creates
       the file <code class="filename">db.example.com.signed</code>.  This
-      file should be referenced in a zone statement in a
+      file
+      should be referenced in a zone statement in a
       <code class="filename">named.conf</code> file.
     </p>
-<p>
-      This example re-signs a previously signed zone with default parameters.
-      The private keys are assumed to be in the current directory.
-    </p>
-<pre class="programlisting">% cp db.example.com.signed db.example.com
-% dnssec-signzone -o example.com db.example.com
-db.example.com.signed
-%</pre>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544378"></a><h2>SEE ALSO</h2>
+<a name="id2550569"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">dnssec-keygen</span>(8)</span>,
       <em class="citetitle">BIND 9 Administrator Reference Manual</em>,
       <em class="citetitle">RFC 2535</em>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544403"></a><h2>AUTHOR</h2>
+<a name="id2550594"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/dnssec/dnssectool.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: dnssectool.c,v 1.43 2005/07/01 03:28:42 marka Exp $ */
+/* $Id: dnssectool.c,v 1.40.18.3 2005/07/01 03:55:28 marka Exp $ */
 
 /*! \file */
 

bin/named/.cvsignore

@@ -4,4 +4,3 @@ Makefile
 *.lo
 named
 lwresd
-bind9.xsl.h

bin/named/Makefile.in

@@ -1,4 +1,4 @@
-# Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+# Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
 # Copyright (C) 1998-2002  Internet Software Consortium.
 #
 # Permission to use, copy, modify, and distribute this software for any
@@ -13,7 +13,7 @@
 # OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 # PERFORMANCE OF THIS SOFTWARE.
 
-# $Id: Makefile.in,v 1.93 2007/03/28 23:24:00 marka Exp $
+# $Id: Makefile.in,v 1.80.18.7 2005/09/05 00:18:10 marka Exp $
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
@@ -84,8 +84,6 @@ OBJS =		builtin.@O@ client.@O@ config.@O@ control.@O@ \
 
 UOBJS =		unix/os.@O@
 
-GENERATED =	bind9.xsl.h
-
 SRCS =		builtin.c client.c config.c control.c \
 		controlconf.c interfacemgr.c \
 		listenlist.c log.c logconf.c main.c notify.c \
@@ -130,13 +128,7 @@ docclean manclean maintainer-clean::
 	rm -f ${MANOBJS}
 
 clean distclean maintainer-clean::
-	rm -f ${TARGETS} ${OBJS} ${GENERATED}
-
-bind9.xsl.h: bind9.xsl convertxsl.pl
-	${PERL} convertxsl.pl < ${srcdir}/bind9.xsl > bind9.xsl.h
-
-depend: bind9.xsl.h
-server.@O@: bind9.xsl.h
+	rm -f ${TARGETS} ${OBJS}
 
 installdirs:
 	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}

bin/named/bind9.xsl

@@ -1,281 +0,0 @@
-<?xml version="1.0" encoding="UTF-8"?>
-<!--
- - Copyright (C) 2006, 2007  Internet Systems Consortium, Inc. ("ISC")
- -
- - Permission to use, copy, modify, and distribute this software for any
- - purpose with or without fee is hereby granted, provided that the above
- - copyright notice and this permission notice appear in all copies.
- -
- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
- - AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
- - PERFORMANCE OF THIS SOFTWARE.
--->
-
-<!-- $Id: bind9.xsl,v 1.12 2007/02/13 02:49:08 marka Exp $ -->
-
-<xsl:stylesheet version="1.0"
-   xmlns:xsl="http://www.w3.org/1999/XSL/Transform"
-   xmlns="http://www.w3.org/1999/xhtml">
-  <xsl:template match="isc/bind/statistics">
-    <html>
-      <head>
-        <style type="text/css">
-body {
-	font-family: sans-serif;
-	background-color: #ffffff;
-	color: #000000;
-}
-
-table {
-	border-collapse: collapse;
-}
-
-tr.rowh {
-	text-align: center;
-	border: 1px solid #000000;
-	background-color: #8080ff;
-	color: #ffffff;
-}
-
-tr.row {
-	text-align: right;
-	border: 1px solid #000000;
-	background-color: teal;
-	color: #ffffff;
-}
-
-tr.lrow {
-	text-align: left;
-	border: 1px solid #000000;
-	background-color: teal;
-	color: #ffffff;
-}
-
-.header {
-	background-color: teal;
-	color: #ffffff;
-	padding: 4px;
-}
-
-.content {
-	background-color: #ffffff;
-	color: #000000;
-	padding: 4px;
-}
-
-.item {
-	padding: 4px;
-	align: right;
-}
-
-.value {
-	padding: 4px;
-	font-weight: bold;
-}
-        </style>
-        <title>BIND 9 Statistics</title>
-      </head>
-      <body>
-        <div class="header">Bind 9 Configuration and Statistics</div>
-
-	<br/>
-
-	<table>
-	  <tr class="rowh"><th colspan="2">Times</th></tr>
-	  <tr class="lrow">
-	    <td>boot-time</td>
-	    <td><xsl:value-of select="server/boot-time"/></td>
-	  </tr>
-	  <tr class="lrow">
-	    <td>current-time</td>
-	    <td><xsl:value-of select="server/current-time"/></td>
-	  </tr>
-	</table>
-
-	<br/>
-
-	<table>
-	  <tr class="rowh"><th colspan="2">Server statistics</th></tr>
-	  <xsl:for-each select="server/counters/*">
-	    <tr class="lrow">
-	      <td><xsl:value-of select="name()"/></td>
-	      <td><xsl:value-of select="."/></td>
-	    </tr>
-	  </xsl:for-each>
-	</table>
-
-	<br/>	
-
-        <xsl:for-each select="views/view">
-          <table>
-            <tr class="rowh">
-              <th colspan="11">Zones for View <xsl:value-of select="name"/></th>
-            </tr>
-            <tr class="rowh">
-              <th>Name</th>
-              <th>Class</th>
-              <th>Serial</th>
-              <th>Success</th>
-              <th>Referral</th>
-              <th>NXRRSET</th>
-              <th>NXDOMAIN</th>
-              <th>Recursion</th>
-              <th>Failure</th>
-              <th>Duplicate</th>
-              <th>Dropped</th>
-            </tr>
-            <xsl:for-each select="zones/zone">
-              <tr class="lrow">
-                <td>
-                  <xsl:value-of select="name"/>
-                </td>
-                <td>
-                  <xsl:value-of select="rdataclass"/>
-                </td>
-                <td>
-                  <xsl:value-of select="serial"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/success"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/referral"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/nxrrset"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/nxdomain"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/recursion"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/failure"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/duplicate"/>
-                </td>
-                <td>
-                  <xsl:value-of select="counters/dropped"/>
-                </td>
-              </tr>
-            </xsl:for-each>
-          </table>
-          <br/>
-        </xsl:for-each>
-
-        <br/>
-
-        <table>
-          <tr class="rowh">
-            <th colspan="7">Network Status</th>
-          </tr>
-          <tr class="rowh">
-            <th>ID</th>
-	    <th>Name</th>
-            <th>Type</th>
-            <th>References</th>
-            <th>LocalAddress</th>
-            <th>PeerAddress</th>
-            <th>State</th>
-          </tr>
-          <xsl:for-each select="socketmgr/sockets/socket">
-            <tr class="lrow">
-              <td>
-                <xsl:value-of select="id"/>
-              </td>
-              <td>
-                <xsl:value-of select="name"/>
-              </td>
-              <td>
-                <xsl:value-of select="type"/>
-              </td>
-              <td>
-                <xsl:value-of select="references"/>
-              </td>
-              <td>
-                <xsl:value-of select="local-address"/>
-              </td>
-              <td>
-                <xsl:value-of select="peer-address"/>
-              </td>
-              <td>
-                <xsl:for-each select="states">
-                  <xsl:value-of select="."/>
-                </xsl:for-each>
-              </td>
-            </tr>
-          </xsl:for-each>
-        </table>
-        <br/>
-        <table>
-          <tr class="rowh">
-            <th colspan="2">Task Manager Configuration</th>
-          </tr>
-          <tr class="lrow">
-            <td>Thread-Model</td>
-            <td>
-              <xsl:value-of select="taskmgr/thread-model/type"/>
-            </td>
-          </tr>
-          <tr class="lrow">
-            <td>Worker Threads</td>
-            <td>
-              <xsl:value-of select="taskmgr/thread-model/worker-threads"/>
-            </td>
-          </tr>
-          <tr class="lrow">
-            <td>Default Quantum</td>
-            <td>
-              <xsl:value-of select="taskmgr/thread-model/default-quantum"/>
-            </td>
-          </tr>
-          <tr class="lrow">
-            <td>Tasks Running</td>
-            <td>
-              <xsl:value-of select="taskmgr/thread-model/tasks-running"/>
-            </td>
-          </tr>
-        </table>
-        <br/>
-        <table>
-          <tr class="rowh">
-            <th colspan="5">Tasks</th>
-          </tr>
-          <tr class="rowh">
-            <th>ID</th>
-            <th>Name</th>
-            <th>References</th>
-            <th>State</th>
-            <th>Quantum</th>
-          </tr>
-          <xsl:for-each select="taskmgr/tasks/task">
-            <tr class="lrow">
-              <td>
-                <xsl:value-of select="id"/>
-              </td>
-              <td>
-                <xsl:value-of select="name"/>
-              </td>
-              <td>
-                <xsl:value-of select="references"/>
-              </td>
-              <td>
-                <xsl:value-of select="state"/>
-              </td>
-              <td>
-                <xsl:value-of select="quantum"/>
-              </td>
-            </tr>
-          </xsl:for-each>
-        </table>
-
-      </body>
-    </html>
-  </xsl:template>
-</xsl:stylesheet>

bin/named/builtin.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: builtin.c,v 1.10 2005/08/23 04:07:57 marka Exp $ */
+/* $Id: builtin.c,v 1.5.18.5 2005/08/23 04:12:38 marka Exp $ */
 
 /*! \file
  * \brief

bin/named/client.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.c,v 1.246 2007/05/15 21:54:08 marka Exp $ */
+/* $Id: client.c,v 1.219.18.20 2006/07/22 01:02:36 marka Exp $ */
 
 #include <config.h>
 
@@ -119,9 +119,9 @@ struct ns_clientmgr {
 	isc_mutex_t			lock;
 	/* Locked by lock. */
 	isc_boolean_t			exiting;
-	client_list_t			active;		/*%< Active clients */
-	client_list_t			recursing;	/*%< Recursing clients */
-	client_list_t			inactive;	/*%< To be recycled */
+	client_list_t			active; 	/*%< Active clients */
+	client_list_t			recursing; 	/*%< Recursing clients */
+	client_list_t 			inactive;	/*%< To be recycled */
 #if NMCTXS > 0
 	/*%< mctx pool for clients. */
 	unsigned int			nextmctx;
@@ -640,7 +640,7 @@ ns_client_checkactive(ns_client_t *client) {
 		/*
 		 * This client object should normally go inactive
 		 * at this point, but if we have fewer active client
-		 * objects than desired due to earlier quota exhaustion,
+		 * objects than  desired due to earlier quota exhaustion,
 		 * keep it active to make up for the shortage.
 		 */
 		isc_boolean_t need_another_client = ISC_FALSE;
@@ -817,7 +817,7 @@ client_sendpkg(ns_client_t *client, isc_buffer_t *buffer) {
 		isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
 		if (ns_g_server->blackholeacl != NULL &&
 		    dns_acl_match(&netaddr, NULL,
-				  ns_g_server->blackholeacl,
+			    	  ns_g_server->blackholeacl,
 				  &ns_g_server->aclenv,
 				  &match, NULL) == ISC_R_SUCCESS &&
 		    match > 0)
@@ -1180,7 +1180,7 @@ client_addopt(ns_client_t *client) {
 	rdatalist->ttl = (client->extflags & DNS_MESSAGEEXTFLAG_REPLYPRESERVE);
 
 	/*
-	 * No EDNS options in the default case.
+	 * No ENDS options in the default case.
 	 */
 	rdata->data = NULL;
 	rdata->length = 0;
@@ -1226,8 +1226,7 @@ ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
 		 dns_rdataclass_t rdclass, void *arg)
 {
 	dns_view_t *view;
-	dns_tsigkey_t *key = NULL;
-	dns_name_t *tsig = NULL;
+	dns_tsigkey_t *key;
 	isc_netaddr_t netsrc;
 	isc_netaddr_t netdst;
 
@@ -1242,6 +1241,7 @@ ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
 	for (view = ISC_LIST_HEAD(ns_g_server->viewlist);
 	     view != NULL;
 	     view = ISC_LIST_NEXT(view, link)) {
+		dns_name_t *tsig = NULL;
 
 		if (view->matchrecursiveonly)
 			continue;
@@ -1253,14 +1253,14 @@ ns_client_isself(dns_view_t *myview, dns_tsigkey_t *mykey,
 			isc_boolean_t match;
 			isc_result_t result;
 
-			result = dns_view_gettsig(view, &mykey->name, &key);
+			tsig = &mykey->name;
+			result = dns_view_gettsig(view, tsig, &key);
 			if (result != ISC_R_SUCCESS)
 				continue;
 			match = dst_key_compare(mykey->key, key->key);
 			dns_tsigkey_detach(&key);
 			if (!match)
 				continue;
-			tsig = dns_tsigkey_identity(mykey);
 		}
 
 		if (allowed(&netsrc, tsig, view->matchclients) &&
@@ -1284,7 +1284,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	isc_buffer_t tbuffer;
 	dns_view_t *view;
 	dns_rdataset_t *opt;
-	isc_boolean_t ra;	/* Recursion available. */
+	isc_boolean_t ra; 	/* Recursion available. */
 	isc_netaddr_t netaddr;
 	isc_netaddr_t destaddr;
 	int match;
@@ -1576,7 +1576,6 @@ client_request(isc_task_t *task, isc_event_t *event) {
 					 "failed to get request's "
 					 "destination: %s",
 					 isc_result_totext(result));
-			ns_client_next(client, ISC_R_SUCCESS);
 			goto cleanup;
 		}
 	}
@@ -1591,12 +1590,11 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		    client->message->rdclass == dns_rdataclass_any)
 		{
 			dns_name_t *tsig = NULL;
-
 			sigresult = dns_message_rechecksig(client->message,
 							   view);
 			if (sigresult == ISC_R_SUCCESS)
-				tsig = dns_tsigkey_identity(client->message->tsigkey);
-
+				tsig = client->message->tsigname;
+				
 			if (allowed(&netaddr, tsig, view->matchclients) &&
 			    allowed(&destaddr, tsig, view->matchdestinations) &&
 			    !((client->message->flags & DNS_MESSAGEFLAG_RD)
@@ -1674,28 +1672,12 @@ client_request(isc_task_t *task, isc_event_t *event) {
 		/* There is a signature, but it is bad. */
 		if (dns_message_gettsig(client->message, &name) != NULL) {
 			char namebuf[DNS_NAME_FORMATSIZE];
-			char cnamebuf[DNS_NAME_FORMATSIZE];
 			dns_name_format(name, namebuf, sizeof(namebuf));
-			if (client->message->tsigkey->generated) {
-				dns_name_format(client->message->tsigkey->creator,
-						cnamebuf, sizeof(cnamebuf));
-				ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
-					      NS_LOGMODULE_CLIENT,
-					      ISC_LOG_ERROR,
-					      "request has invalid signature: "
-					      "TSIG %s (%s): %s (%s)", namebuf,
-					      cnamebuf,
-					      isc_result_totext(result),
-					      tsigrcode);
-			} else {
-				ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
-					      NS_LOGMODULE_CLIENT,
-					      ISC_LOG_ERROR,
-					      "request has invalid signature: "
-					      "TSIG %s: %s (%s)", namebuf,
-					      isc_result_totext(result),
-					      tsigrcode);
-			}
+			ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
+				      NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
+				      "request has invalid signature: "
+				      "TSIG %s: %s (%s)", namebuf,
+				      isc_result_totext(result), tsigrcode);
 		} else {
 			ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
 				      NS_LOGMODULE_CLIENT, ISC_LOG_ERROR,
@@ -1724,17 +1706,9 @@ client_request(isc_task_t *task, isc_event_t *event) {
 	ra = ISC_FALSE;
 	if (client->view->resolver != NULL &&
 	    client->view->recursion == ISC_TRUE &&
-	    ns_client_checkaclsilent(client, NULL,
-				     client->view->recursionacl,
+	    ns_client_checkaclsilent(client, client->view->recursionacl,
 				     ISC_TRUE) == ISC_R_SUCCESS &&
-	    ns_client_checkaclsilent(client, NULL,
-				     client->view->queryacl,
-				     ISC_TRUE) == ISC_R_SUCCESS &&
-	    ns_client_checkaclsilent(client, &client->interface->addr,
-				     client->view->recursiononacl,
-				     ISC_TRUE) == ISC_R_SUCCESS &&
-	    ns_client_checkaclsilent(client, &client->interface->addr,
-				     client->view->queryonacl,
+	    ns_client_checkaclsilent(client, client->view->queryacl,
 				     ISC_TRUE) == ISC_R_SUCCESS)
 		ra = ISC_TRUE;
 
@@ -1743,7 +1717,7 @@ client_request(isc_task_t *task, isc_event_t *event) {
 
 	ns_client_log(client, DNS_LOGCATEGORY_SECURITY, NS_LOGMODULE_CLIENT,
 		      ISC_LOG_DEBUG(3), ra ? "recursion available" :
-					     "recursion not available");
+		      			     "recursion not available");
 
 	/*
 	 * Adjust maximum UDP response size for this client.
@@ -2073,7 +2047,6 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
 	 */
 	if (nevent->result == ISC_R_SUCCESS) {
 		client->tcpsocket = nevent->newsocket;
-		isc_socket_setname(client->tcpsocket, "client-tcp", NULL);
 		client->state = NS_CLIENTSTATE_READING;
 		INSIST(client->recursionquota == NULL);
 
@@ -2086,7 +2059,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
 	} else {
 		/*
 		 * XXXRTH  What should we do?  We're trying to accept but
-		 *	   it didn't work.  If we just give up, then TCP
+		 *         it didn't work.  If we just give up, then TCP
 		 *	   service may eventually stop.
 		 *
 		 *	   For now, we just go idle.
@@ -2111,7 +2084,7 @@ client_newconn(isc_task_t *task, isc_event_t *event) {
 
 		if (ns_g_server->blackholeacl != NULL &&
 		    dns_acl_match(&netaddr, NULL,
-				  ns_g_server->blackholeacl,
+			    	  ns_g_server->blackholeacl,
 				  &ns_g_server->aclenv,
 				  &match, NULL) == ISC_R_SUCCESS &&
 		    match > 0)
@@ -2167,7 +2140,7 @@ client_accept(ns_client_t *client) {
 				 isc_result_totext(result));
 		/*
 		 * XXXRTH  What should we do?  We're trying to accept but
-		 *	   it didn't work.  If we just give up, then TCP
+		 *         it didn't work.  If we just give up, then TCP
 		 *	   service may eventually stop.
 		 *
 		 *	   For now, we just go idle.
@@ -2460,8 +2433,8 @@ ns_client_getsockaddr(ns_client_t *client) {
 }
 
 isc_result_t
-ns_client_checkaclsilent(ns_client_t *client, isc_sockaddr_t *sockaddr,
-			 dns_acl_t *acl, isc_boolean_t default_allow)
+ns_client_checkaclsilent(ns_client_t *client, dns_acl_t *acl,
+			 isc_boolean_t default_allow)
 {
 	isc_result_t result;
 	int match;
@@ -2474,16 +2447,11 @@ ns_client_checkaclsilent(ns_client_t *client, isc_sockaddr_t *sockaddr,
 			goto deny;
 	}
 
-  
-	if (sockaddr == NULL)
-		isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
-	else
-		isc_netaddr_fromsockaddr(&netaddr, sockaddr);
-  
+	isc_netaddr_fromsockaddr(&netaddr, &client->peeraddr);
+
 	result = dns_acl_match(&netaddr, client->signer, acl,
 			       &ns_g_server->aclenv,
 			       &match, NULL);
-
 	if (result != ISC_R_SUCCESS)
 		goto deny; /* Internal error, already logged. */
 	if (match > 0)
@@ -2498,12 +2466,12 @@ ns_client_checkaclsilent(ns_client_t *client, isc_sockaddr_t *sockaddr,
 }
 
 isc_result_t
-ns_client_checkacl(ns_client_t *client, isc_sockaddr_t *sockaddr,
+ns_client_checkacl(ns_client_t *client,
 		   const char *opname, dns_acl_t *acl,
 		   isc_boolean_t default_allow, int log_level)
 {
 	isc_result_t result =
-		ns_client_checkaclsilent(client, sockaddr, acl, default_allow);
+		ns_client_checkaclsilent(client, acl, default_allow);
 
 	if (result == ISC_R_SUCCESS) 
 		ns_client_log(client, DNS_LOGCATEGORY_SECURITY,
@@ -2526,7 +2494,7 @@ ns_client_name(ns_client_t *client, char *peerbuf, size_t len) {
 
 void
 ns_client_logv(ns_client_t *client, isc_logcategory_t *category,
-	       isc_logmodule_t *module, int level, const char *fmt, va_list ap)
+	   isc_logmodule_t *module, int level, const char *fmt, va_list ap)
 {
 	char msgbuf[2048];
 	char peerbuf[ISC_SOCKADDR_FORMATSIZE];
@@ -2563,14 +2531,14 @@ void
 ns_client_aclmsg(const char *msg, dns_name_t *name, dns_rdatatype_t type,
 		 dns_rdataclass_t rdclass, char *buf, size_t len) 
 {
-	char namebuf[DNS_NAME_FORMATSIZE];
-	char typebuf[DNS_RDATATYPE_FORMATSIZE];
-	char classbuf[DNS_RDATACLASS_FORMATSIZE];
+        char namebuf[DNS_NAME_FORMATSIZE];
+        char typebuf[DNS_RDATATYPE_FORMATSIZE];
+        char classbuf[DNS_RDATACLASS_FORMATSIZE];
 
-	dns_name_format(name, namebuf, sizeof(namebuf));
-	dns_rdatatype_format(type, typebuf, sizeof(typebuf));
-	dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
-	(void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf,
+        dns_name_format(name, namebuf, sizeof(namebuf));
+        dns_rdatatype_format(type, typebuf, sizeof(typebuf));
+        dns_rdataclass_format(rdclass, classbuf, sizeof(classbuf));
+        (void)snprintf(buf, len, "%s '%s/%s/%s'", msg, namebuf, typebuf,
 		       classbuf);
 }
 
@@ -2598,7 +2566,7 @@ ns_client_dumpmessage(ns_client_t *client, const char *reason) {
 			isc_mem_put(client->mctx, buf, len);
 			len += 1024;
 		} else if (result == ISC_R_SUCCESS)
-			ns_client_log(client, NS_LOGCATEGORY_UNMATCHED,
+		        ns_client_log(client, NS_LOGCATEGORY_UNMATCHED,
 				      NS_LOGMODULE_CLIENT, ISC_LOG_DEBUG(1),
 				      "%s\n%.*s", reason,
 				       (int)isc_buffer_usedlength(&buffer),
@@ -2618,7 +2586,7 @@ ns_client_dumprecursing(FILE *f, ns_clientmgr_t *manager) {
 	const char *sep;
 
 	REQUIRE(VALID_MANAGER(manager));
-
+	      
 	LOCK(&manager->lock);
 	client = ISC_LIST_HEAD(manager->recursing);
 	while (client != NULL) {

bin/named/config.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.c,v 1.77 2007/03/29 23:47:04 tbox Exp $ */
+/* $Id: config.c,v 1.47.18.28 2006/05/03 01:46:40 marka Exp $ */
 
 /*! \file */
 
@@ -104,9 +104,7 @@ options {\n\
 	allow-notify {none;};\n\
 	allow-update-forwarding {none;};\n\
 	allow-query-cache { localnets; localhost; };\n\
-	allow-query-cache-on { any; };\n\
 	allow-recursion { localnets; localhost; };\n\
-	allow-recursion-on { any; };\n\
 #	allow-v6-synthesis <obsolete>;\n\
 #	sortlist <none>\n\
 #	topology <none>\n\
@@ -147,7 +145,6 @@ options {\n\
 
 "	/* zone */\n\
 	allow-query {any;};\n\
-	allow-query-on {any;};\n\
 	allow-transfer {any;};\n\
 	notify yes;\n\
 #	also-notify <none>\n\
@@ -181,7 +178,6 @@ options {\n\
 	check-srv-cname warn;\n\
 	zero-no-soa-ttl yes;\n\
 	update-check-ksk yes;\n\
-	try-tcp-refresh yes; /* BIND 8 compat */\n\
 };\n\
 "
 

bin/named/control.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: control.c,v 1.31 2007/02/26 23:46:54 tbox Exp $ */
+/* $Id: control.c,v 1.20.10.8 2006/03/10 00:23:20 marka Exp $ */
 
 /*! \file */
 
@@ -63,7 +63,6 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 	isccc_sexpr_t *data;
 	char *command;
 	isc_result_t result;
-	int log_level;
 #ifdef HAVE_LIBSCF
 	ns_smf_want_disable = 0;
 #endif
@@ -84,20 +83,14 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 		return (result);
 	}
 
-	/*
-	 * Compare the 'command' parameter against all known control commands.
-	 */
-	if (command_compare(command, NS_COMMAND_NULL) ||
-	    command_compare(command, NS_COMMAND_STATUS)) {
-		log_level = ISC_LOG_DEBUG(1);
-	} else {
-		log_level = ISC_LOG_INFO;
-	}
 	isc_log_write(ns_g_lctx, NS_LOGCATEGORY_GENERAL,
-		      NS_LOGMODULE_CONTROL, log_level,
+		      NS_LOGMODULE_CONTROL, ISC_LOG_DEBUG(1),
 		      "received control channel command '%s'",
 		      command);
 
+	/*
+	 * Compare the 'command' parameter against all known control commands.
+	 */
 	if (command_compare(command, NS_COMMAND_RELOAD)) {
 		result = ns_server_reloadcommand(ns_g_server, command, text);
 	} else if (command_compare(command, NS_COMMAND_RECONFIG)) {
@@ -165,10 +158,6 @@ ns_control_docommand(isccc_sexpr_t *message, isc_buffer_t *text) {
 		result = ns_server_flushname(ns_g_server, command);
 	} else if (command_compare(command, NS_COMMAND_STATUS)) {
 		result = ns_server_status(ns_g_server, text);
-	} else if (command_compare(command, NS_COMMAND_TSIGLIST)) {
-		result = ns_server_tsiglist(ns_g_server, text);
-	} else if (command_compare(command, NS_COMMAND_TSIGDELETE)) {
-		result = ns_server_tsigdelete(ns_g_server, command, text);
 	} else if (command_compare(command, NS_COMMAND_FREEZE)) {
 		result = ns_server_freeze(ns_g_server, ISC_TRUE, command);
 	} else if (command_compare(command, NS_COMMAND_UNFREEZE) ||

bin/named/controlconf.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2001-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: controlconf.c,v 1.53 2007/02/14 00:27:26 marka Exp $ */
+/* $Id: controlconf.c,v 1.40.18.10 2006/12/07 04:53:02 marka Exp $ */
 
 /*! \file */
 
@@ -603,7 +603,6 @@ control_newconn(isc_task_t *task, isc_event_t *event) {
 	}
 
 	sock = nevent->newsocket;
-	isc_socket_setname(sock, "control", NULL);
 	(void)isc_socket_getpeername(sock, &peeraddr);
 	if (listener->type == isc_sockettype_tcp &&
 	    !address_ok(&peeraddr, listener->acl)) {
@@ -1150,8 +1149,6 @@ add_listener(ns_controls_t *cp, controllistener_t **listenerp,
 		result = isc_socket_create(ns_g_socketmgr,
 					   isc_sockaddr_pf(&listener->address),
 					   type, &listener->sock);
-	if (result == ISC_R_SUCCESS)
-		isc_socket_setname(listener->sock, "control", NULL);
 
 	if (result == ISC_R_SUCCESS)
 		result = isc_socket_bind(listener->sock,

bin/named/convertxsl.pl

@@ -1,36 +0,0 @@
-#!/usr/bin/env perl
-#
-# Copyright (C) 2006  Internet Systems Consortium, Inc. ("ISC")
-#
-# Permission to use, copy, modify, and distribute this software for any
-# purpose with or without fee is hereby granted, provided that the above
-# copyright notice and this permission notice appear in all copies.
-#
-# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-# AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-# PERFORMANCE OF THIS SOFTWARE.
-
-# $Id: convertxsl.pl,v 1.6 2006/12/22 01:59:43 marka Exp $
-
-use strict;
-use warnings;
-
-print 'static char msg[] = "';
-
-my $lines = '';
-
-while (<>) {
-    chomp;
-    $lines .= $_;
-}
-
-$lines =~ s/[\ \t]+/ /g;
-$lines =~ s/\>\ \</\>\</g;
-$lines =~ s/\"/\\\"/g;
-print $lines;
-
-print '\\n";', "\n";

bin/named/include/named/builtin.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: builtin.h,v 1.4 2005/04/29 00:22:29 marka Exp $ */
+/* $Id: builtin.h,v 1.2.18.2 2005/04/29 00:15:34 marka Exp $ */
 
 #ifndef NAMED_BUILTIN_H
 #define NAMED_BUILTIN_H 1

bin/named/include/named/client.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2003  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: client.h,v 1.81 2007/03/29 23:47:04 tbox Exp $ */
+/* $Id: client.h,v 1.69.18.9 2006/06/06 00:11:41 marka Exp $ */
 
 #ifndef NAMED_CLIENT_H
 #define NAMED_CLIENT_H 1
@@ -266,9 +266,7 @@ ns_client_getsockaddr(ns_client_t *client);
  */
 
 isc_result_t
-ns_client_checkaclsilent(ns_client_t *client,
-			 isc_sockaddr_t *sockaddr,
-			 dns_acl_t *acl,
+ns_client_checkaclsilent(ns_client_t  *client,dns_acl_t *acl,
 			 isc_boolean_t default_allow);
 
 /*%
@@ -276,8 +274,6 @@ ns_client_checkaclsilent(ns_client_t *client,
  *
  * Check the current client request against 'acl'.  If 'acl'
  * is NULL, allow the request iff 'default_allow' is ISC_TRUE.
- * If netaddr is NULL, check the ACL against client->peeraddr;
- * otherwise check it against netaddr.
  *
  * Notes:
  *\li	This is appropriate for checking allow-update,
@@ -288,7 +284,6 @@ ns_client_checkaclsilent(ns_client_t *client,
  *
  * Requires:
  *\li	'client' points to a valid client.
- *\li	'sockaddr' points to a valid address, or is NULL.
  *\li	'acl' points to a valid ACL, or is NULL.
  *
  * Returns:
@@ -299,19 +294,18 @@ ns_client_checkaclsilent(ns_client_t *client,
 
 isc_result_t
 ns_client_checkacl(ns_client_t  *client,
-		   isc_sockaddr_t *sockaddr,
 		   const char *opname, dns_acl_t *acl,
 		   isc_boolean_t default_allow,
 		   int log_level);
 /*%
- * Like ns_client_checkaclsilent, except the outcome of the check is
- * logged at log level 'log_level' if denied, and at debug 3 if approved.
- * Log messages will refer to the request as an 'opname' request.
+ * Like ns_client_checkacl, but also logs the outcome of the
+ * check at log level 'log_level' if denied, and at debug 3
+ * if approved.  Log messages will refer to the request as
+ * an 'opname' request.
  *
  * Requires:
- *\li	'client' points to a valid client.
- *\li	'sockaddr' points to a valid address, or is NULL.
- *\li	'acl' points to a valid ACL, or is NULL.
+ *\li	Those of ns_client_checkaclsilent(), and:
+ *
  *\li	'opname' points to a null-terminated string.
  */
 

bin/named/include/named/config.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: config.h,v 1.12 2006/02/28 02:39:51 marka Exp $ */
+/* $Id: config.h,v 1.6.18.6 2006/02/28 03:10:47 marka Exp $ */
 
 #ifndef NAMED_CONFIG_H
 #define NAMED_CONFIG_H 1

bin/named/include/named/control.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: control.h,v 1.23 2006/12/04 01:52:45 marka Exp $ */
+/* $Id: control.h,v 1.14.18.8 2006/03/09 23:46:20 marka Exp $ */
 
 #ifndef NAMED_CONTROL_H
 #define NAMED_CONTROL_H 1
@@ -47,8 +47,6 @@
 #define NS_COMMAND_FLUSH	"flush"
 #define NS_COMMAND_FLUSHNAME	"flushname"
 #define NS_COMMAND_STATUS	"status"
-#define NS_COMMAND_TSIGLIST	"tsig-list"
-#define NS_COMMAND_TSIGDELETE	"tsig-delete"
 #define NS_COMMAND_FREEZE	"freeze"
 #define NS_COMMAND_UNFREEZE	"unfreeze"
 #define NS_COMMAND_THAW		"thaw"

bin/named/include/named/globals.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: globals.h,v 1.70 2006/12/22 03:07:57 explorer Exp $ */
+/* $Id: globals.h,v 1.64.18.4 2006/03/02 00:37:21 marka Exp $ */
 
 #ifndef NAMED_GLOBALS_H
 #define NAMED_GLOBALS_H 1
@@ -113,7 +113,6 @@ EXTERN const char *		lwresd_g_defaultpidfile INIT(NS_LOCALSTATEDIR
 EXTERN const char *		ns_g_username		INIT(NULL);
 
 EXTERN int			ns_g_listen		INIT(3);
-EXTERN isc_time_t		ns_g_boottime;
 
 #undef EXTERN
 #undef INIT

bin/named/include/named/interfacemgr.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: interfacemgr.h,v 1.31 2005/07/18 05:58:57 marka Exp $ */
+/* $Id: interfacemgr.h,v 1.26.18.4 2005/04/27 05:00:35 sra Exp $ */
 
 #ifndef NAMED_INTERFACEMGR_H
 #define NAMED_INTERFACEMGR_H 1

bin/named/include/named/listenlist.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: listenlist.h,v 1.13 2005/04/29 00:22:30 marka Exp $ */
+/* $Id: listenlist.h,v 1.11.18.2 2005/04/29 00:15:34 marka Exp $ */
 
 #ifndef NAMED_LISTENLIST_H
 #define NAMED_LISTENLIST_H 1

bin/named/include/named/log.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: log.h,v 1.23 2005/04/29 00:22:30 marka Exp $ */
+/* $Id: log.h,v 1.21.18.2 2005/04/29 00:15:35 marka Exp $ */
 
 #ifndef NAMED_LOG_H
 #define NAMED_LOG_H 1

bin/named/include/named/logconf.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: logconf.h,v 1.15 2006/03/02 00:37:23 marka Exp $ */
+/* $Id: logconf.h,v 1.11.18.4 2006/03/02 00:37:21 marka Exp $ */
 
 #ifndef NAMED_LOGCONF_H
 #define NAMED_LOGCONF_H 1

bin/named/include/named/lwaddr.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwaddr.h,v 1.6 2005/04/29 00:22:31 marka Exp $ */
+/* $Id: lwaddr.h,v 1.4.18.2 2005/04/29 00:15:35 marka Exp $ */
 
 /*! \file */
 

bin/named/include/named/lwdclient.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdclient.h,v 1.16 2005/04/29 00:22:31 marka Exp $ */
+/* $Id: lwdclient.h,v 1.14.18.2 2005/04/29 00:15:36 marka Exp $ */
 
 #ifndef NAMED_LWDCLIENT_H
 #define NAMED_LWDCLIENT_H 1

bin/named/include/named/lwresd.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwresd.h,v 1.17 2006/03/02 00:37:23 marka Exp $ */
+/* $Id: lwresd.h,v 1.13.18.4 2006/03/02 00:37:21 marka Exp $ */
 
 #ifndef NAMED_LWRESD_H
 #define NAMED_LWRESD_H 1

bin/named/include/named/lwsearch.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwsearch.h,v 1.7 2005/04/29 00:22:31 marka Exp $ */
+/* $Id: lwsearch.h,v 1.5.18.2 2005/04/29 00:15:36 marka Exp $ */
 
 #ifndef NAMED_LWSEARCH_H
 #define NAMED_LWSEARCH_H 1

bin/named/include/named/main.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: main.h,v 1.13 2005/04/29 00:22:32 marka Exp $ */
+/* $Id: main.h,v 1.11.18.2 2005/04/29 00:15:37 marka Exp $ */
 
 #ifndef NAMED_MAIN_H
 #define NAMED_MAIN_H 1

bin/named/include/named/notify.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: notify.h,v 1.12 2005/04/29 00:22:32 marka Exp $ */
+/* $Id: notify.h,v 1.10.18.2 2005/04/29 00:15:37 marka Exp $ */
 
 #ifndef NAMED_NOTIFY_H
 #define NAMED_NOTIFY_H 1

bin/named/include/named/ns_smf_globals.h

@@ -14,7 +14,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: ns_smf_globals.h,v 1.5 2005/05/13 01:35:41 marka Exp $ */
+/* $Id: ns_smf_globals.h,v 1.2.2.4 2005/05/13 01:32:46 marka Exp $ */
 
 #ifndef NS_SMF_GLOBALS_H
 #define NS_SMF_GLOBALS_H 1

bin/named/include/named/query.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: query.h,v 1.38 2005/04/29 00:22:32 marka Exp $ */
+/* $Id: query.h,v 1.36.18.2 2005/04/29 00:15:37 marka Exp $ */
 
 #ifndef NAMED_QUERY_H
 #define NAMED_QUERY_H 1

bin/named/include/named/server.h

@@ -15,23 +15,21 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: server.h,v 1.85 2006/12/21 06:02:30 marka Exp $ */
+/* $Id: server.h,v 1.73.18.8 2006/03/09 23:46:20 marka Exp $ */
 
 #ifndef NAMED_SERVER_H
 #define NAMED_SERVER_H 1
 
 /*! \file */
 
-#include <isc/httpd.h>
 #include <isc/log.h>
-#include <isc/magic.h>
-#include <isc/quota.h>
 #include <isc/sockaddr.h>
+#include <isc/magic.h>
 #include <isc/types.h>
-#include <isc/xml.h>
+#include <isc/quota.h>
 
-#include <dns/acl.h>
 #include <dns/types.h>
+#include <dns/acl.h>
 
 #include <named/types.h>
 
@@ -99,9 +97,6 @@ struct ns_server {
 	ns_dispatchlist_t	dispatches;
 
 	dns_acache_t		*acache;
-
-	isc_httpdmgr_t		*httpd;
-	isc_sockaddr_t		httpd_sockaddr;
 };
 
 #define NS_SERVER_MAGIC			ISC_MAGIC('S','V','E','R')
@@ -208,18 +203,6 @@ ns_server_flushname(ns_server_t *server, char *args);
 isc_result_t
 ns_server_status(ns_server_t *server, isc_buffer_t *text);
 
-/*%
- * Report a list of dynamic and static tsig keys, per view.
- */
-isc_result_t
-ns_server_tsiglist(ns_server_t *server, isc_buffer_t *text);
-
-/*%
- * Delete a specific key (with optional view).
- */
-isc_result_t
-ns_server_tsigdelete(ns_server_t *server, char *command, isc_buffer_t *text);
-
 /*%
  * Enable or disable updates for a zone.
  */

bin/named/include/named/sortlist.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: sortlist.h,v 1.9 2006/03/02 00:37:23 marka Exp $ */
+/* $Id: sortlist.h,v 1.5.18.4 2006/03/02 00:37:21 marka Exp $ */
 
 #ifndef NAMED_SORTLIST_H
 #define NAMED_SORTLIST_H 1

bin/named/include/named/tkeyconf.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: tkeyconf.h,v 1.14 2006/03/02 00:37:23 marka Exp $ */
+/* $Id: tkeyconf.h,v 1.10.18.4 2006/03/02 00:37:21 marka Exp $ */
 
 #ifndef NS_TKEYCONF_H
 #define NS_TKEYCONF_H 1

bin/named/include/named/tsigconf.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: tsigconf.h,v 1.14 2006/03/02 00:37:23 marka Exp $ */
+/* $Id: tsigconf.h,v 1.10.18.4 2006/03/02 00:37:21 marka Exp $ */
 
 #ifndef NS_TSIGCONF_H
 #define NS_TSIGCONF_H 1

bin/named/include/named/types.h

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: types.h,v 1.25 2006/12/22 01:59:43 marka Exp $ */
+/* $Id: types.h,v 1.21.18.2 2005/04/29 00:15:38 marka Exp $ */
 
 #ifndef NAMED_TYPES_H
 #define NAMED_TYPES_H 1
@@ -28,8 +28,6 @@ typedef struct ns_client		ns_client_t;
 typedef struct ns_clientmgr		ns_clientmgr_t;
 typedef struct ns_query			ns_query_t;
 typedef struct ns_server 		ns_server_t;
-typedef struct ns_xmld			ns_xmld_t;
-typedef struct ns_xmldmgr		ns_xmldmgr_t;
 typedef struct ns_interface 		ns_interface_t;
 typedef struct ns_interfacemgr		ns_interfacemgr_t;
 typedef struct ns_lwresd		ns_lwresd_t;

bin/named/include/named/update.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: update.h,v 1.11 2005/04/29 00:22:33 marka Exp $ */
+/* $Id: update.h,v 1.9.18.2 2005/04/29 00:15:39 marka Exp $ */
 
 #ifndef NAMED_UPDATE_H
 #define NAMED_UPDATE_H 1

bin/named/include/named/xfrout.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: xfrout.h,v 1.10 2005/04/29 00:22:33 marka Exp $ */
+/* $Id: xfrout.h,v 1.8.18.2 2005/04/29 00:15:39 marka Exp $ */
 
 #ifndef NAMED_XFROUT_H
 #define NAMED_XFROUT_H 1

bin/named/include/named/zoneconf.h

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: zoneconf.h,v 1.24 2006/03/02 00:37:23 marka Exp $ */
+/* $Id: zoneconf.h,v 1.19.18.5 2006/03/02 00:37:21 marka Exp $ */
 
 #ifndef NS_ZONECONF_H
 #define NS_ZONECONF_H 1

bin/named/interfacemgr.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 1999-2002  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: interfacemgr.c,v 1.88 2007/02/13 02:49:08 marka Exp $ */
+/* $Id: interfacemgr.c,v 1.76.18.8 2006/07/20 01:10:30 marka Exp $ */
 
 /*! \file */
 
@@ -304,7 +304,6 @@ ns_interface_accepttcp(ns_interface_t *ifp) {
 				 isc_result_totext(result));
 		goto tcp_socket_failure;
 	}
-	isc_socket_setname(ifp->tcpsocket, "dispatcher", NULL);
 #ifndef ISC_ALLOW_MAPPED
 	isc_socket_ipv6only(ifp->tcpsocket, ISC_TRUE);
 #endif
@@ -803,9 +802,7 @@ do_scan(ns_interfacemgr_t *mgr, ns_listenlist_t *ext_listen,
 					(void)dns_acl_match(&listen_netaddr,
 							    NULL, ele->acl,
 							    NULL, &match, NULL);
-					if (match > 0 &&
-					    (ele->port == le->port ||
-					    ele->port == 0))
+					if (match > 0 && ele->port == le->port)
 						break;
 					else
 						match = 0;

bin/named/listenlist.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: listenlist.c,v 1.12 2005/04/29 00:22:27 marka Exp $ */
+/* $Id: listenlist.c,v 1.10.18.2 2005/04/29 00:15:22 marka Exp $ */
 
 /*! \file */
 

bin/named/log.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: log.c,v 1.44 2006/12/22 01:44:59 marka Exp $ */
+/* $Id: log.c,v 1.37.18.6 2006/06/09 00:54:08 marka Exp $ */
 
 /*! \file */
 
@@ -33,7 +33,7 @@
 
 /*%
  * When adding a new category, be sure to add the appropriate
- * \#define to <named/log.h> and to update the list in
+ * #define to <named/log.h> and to update the list in
  * bin/check/check-tool.c.
  */
 static isc_logcategory_t categories[] = {
@@ -49,7 +49,7 @@ static isc_logcategory_t categories[] = {
 
 /*%
  * When adding a new module, be sure to add the appropriate
- * \#define to <dns/log.h>.
+ * #define to <dns/log.h>.
  */
 static isc_logmodule_t modules[] = {
 	{ "main",	 		0 },

bin/named/logconf.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: logconf.c,v 1.40 2006/03/02 00:37:23 marka Exp $ */
+/* $Id: logconf.c,v 1.35.18.5 2006/03/02 00:37:21 marka Exp $ */
 
 /*! \file */
 

bin/named/lwaddr.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwaddr.c,v 1.6 2005/04/29 00:22:27 marka Exp $ */
+/* $Id: lwaddr.c,v 1.4.18.2 2005/04/29 00:15:23 marka Exp $ */
 
 /*! \file */
 

bin/named/lwdclient.c

@@ -1,5 +1,5 @@
 /*
- * Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ * Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  * Copyright (C) 2000, 2001  Internet Software Consortium.
  *
  * Permission to use, copy, modify, and distribute this software for any
@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdclient.c,v 1.21 2007/02/14 00:27:26 marka Exp $ */
+/* $Id: lwdclient.c,v 1.17.18.2 2005/04/29 00:15:23 marka Exp $ */
 
 /*! \file */
 
@@ -102,7 +102,6 @@ ns_lwdclientmgr_create(ns_lwreslistener_t *listener, unsigned int nclients,
 	result = isc_task_create(taskmgr, 0, &cm->task);
 	if (result != ISC_R_SUCCESS)
 		goto errout;
-	isc_task_setname(cm->task, "lwdclient", NULL);
 
 	/*
 	 * This MUST be last, since there is no way to cancel an onshutdown...

bin/named/lwderror.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwderror.c,v 1.10 2005/04/29 00:22:28 marka Exp $ */
+/* $Id: lwderror.c,v 1.8.18.2 2005/04/29 00:15:24 marka Exp $ */
 
 /*! \file */
 

bin/named/lwdgabn.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdgabn.c,v 1.20 2006/03/02 00:37:23 marka Exp $ */
+/* $Id: lwdgabn.c,v 1.15.18.5 2006/03/02 00:37:21 marka Exp $ */
 
 /*! \file */
 

bin/named/lwdgnba.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdgnba.c,v 1.18 2005/04/29 00:22:28 marka Exp $ */
+/* $Id: lwdgnba.c,v 1.16.18.2 2005/04/29 00:15:24 marka Exp $ */
 
 /*! \file */
 

bin/named/lwdgrbn.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdgrbn.c,v 1.18 2006/12/07 23:57:59 marka Exp $ */
+/* $Id: lwdgrbn.c,v 1.13.18.5 2006/12/07 23:57:58 marka Exp $ */
 
 /*! \file */
 

bin/named/lwdnoop.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwdnoop.c,v 1.9 2005/04/29 00:22:28 marka Exp $ */
+/* $Id: lwdnoop.c,v 1.7.18.2 2005/04/29 00:15:25 marka Exp $ */
 
 /*! \file */
 

bin/named/lwresd.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000, 2001 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: lwresd.8,v 1.27 2007/05/16 06:12:01 marka Exp $
+.\" $Id: lwresd.8,v 1.15.18.8 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: lwresd
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: June 30, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -33,7 +33,7 @@
 lwresd \- lightweight resolver daemon
 .SH "SYNOPSIS"
 .HP 7
-\fBlwresd\fR [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-4\fR] [\fB\-6\fR]
+\fBlwresd\fR [\fB\-C\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-i\ \fR\fB\fIpid\-file\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-P\ \fR\fB\fIport\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR]
 .SH "DESCRIPTION"
 .PP
 \fBlwresd\fR
@@ -60,108 +60,42 @@ entries are present, or if forwarding fails,
 \fBlwresd\fR
 resolves the queries autonomously starting at the root name servers, using a built\-in list of root server hints.
 .SH "OPTIONS"
-.PP
-\-4
-.RS 4
-Use IPv4 only even if the host machine is capable of IPv6.
-\fB\-4\fR
-and
-\fB\-6\fR
-are mutually exclusive.
-.RE
-.PP
-\-6
-.RS 4
-Use IPv6 only even if the host machine is capable of IPv4.
-\fB\-4\fR
-and
-\fB\-6\fR
-are mutually exclusive.
-.RE
-.PP
-\-c \fIconfig\-file\fR
-.RS 4
-Use
-\fIconfig\-file\fR
-as the configuration file instead of the default,
-\fI/etc/lwresd.conf\fR.
-<term>\-c</term>
-can not be used with
-<term>\-C</term>.
-.RE
-.PP
+.TP 3n
 \-C \fIconfig\-file\fR
-.RS 4
 Use
 \fIconfig\-file\fR
 as the configuration file instead of the default,
 \fI/etc/resolv.conf\fR.
-<term>\-C</term>
-can not be used with
-<term>\-c</term>.
-.RE
-.PP
+.TP 3n
 \-d \fIdebug\-level\fR
-.RS 4
 Set the daemon's debug level to
 \fIdebug\-level\fR. Debugging traces from
 \fBlwresd\fR
 become more verbose as the debug level increases.
-.RE
-.PP
+.TP 3n
 \-f
-.RS 4
 Run the server in the foreground (i.e. do not daemonize).
-.RE
-.PP
+.TP 3n
 \-g
-.RS 4
 Run the server in the foreground and force all logging to
 \fIstderr\fR.
-.RE
-.PP
-\-i \fIpid\-file\fR
-.RS 4
-Use
-\fIpid\-file\fR
-as the PID file instead of the default,
-\fI/var/run/lwresd.pid\fR.
-.RE
-.PP
-\-m \fIflag\fR
-.RS 4
-Turn on memory usage debugging flags. Possible flags are
-\fIusage\fR,
-\fItrace\fR,
-\fIrecord\fR,
-\fIsize\fR, and
-\fImctx\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in
-\fI<isc/mem.h>\fR.
-.RE
-.PP
+.TP 3n
 \-n \fI#cpus\fR
-.RS 4
 Create
 \fI#cpus\fR
 worker threads to take advantage of multiple CPUs. If not specified,
 \fBlwresd\fR
 will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
-.RE
-.PP
+.TP 3n
 \-P \fIport\fR
-.RS 4
 Listen for lightweight resolver queries on port
 \fIport\fR. If not specified, the default is port 921.
-.RE
-.PP
+.TP 3n
 \-p \fIport\fR
-.RS 4
 Send DNS lookups to port
 \fIport\fR. If not specified, the default is port 53. This provides a way of testing the lightweight resolver daemon with a name server that listens for queries on a non\-standard port number.
-.RE
-.PP
+.TP 3n
 \-s
-.RS 4
 Write memory usage statistics to
 \fIstdout\fR
 on exit.
@@ -169,11 +103,10 @@ on exit.
 .B "Note:"
 This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
 .RE
-.RE
-.PP
+.TP 3n
 \-t \fIdirectory\fR
-.RS 4
-Chroot to
+\fBchroot()\fR
+to
 \fIdirectory\fR
 after processing the command line arguments, but before reading the configuration file.
 .RS
@@ -181,33 +114,25 @@ after processing the command line arguments, but before reading the configuratio
 This option should be used in conjunction with the
 \fB\-u\fR
 option, as chrooting a process running as root doesn't enhance security on most systems; the way
-\fBchroot(2)\fR
+\fBchroot()\fR
 is defined allows a process with root privileges to escape a chroot jail.
 .RE
-.RE
-.PP
+.TP 3n
 \-u \fIuser\fR
-.RS 4
-Setuid to
+\fBsetuid()\fR
+to
 \fIuser\fR
 after completing privileged operations, such as creating sockets that listen on privileged ports.
-.RE
-.PP
+.TP 3n
 \-v
-.RS 4
 Report the version number and exit.
-.RE
 .SH "FILES"
-.PP
+.TP 3n
 \fI/etc/resolv.conf\fR
-.RS 4
 The default configuration file.
-.RE
-.PP
+.TP 3n
 \fI/var/run/lwresd.pid\fR
-.RS 4
 The default process\-id file.
-.RE
 .SH "SEE ALSO"
 .PP
 \fBnamed\fR(8),
@@ -217,7 +142,4 @@ The default process\-id file.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000, 2001 Internet Software Consortium.
-.br
+Copyright \(co 2004, 2005 Internet Systems Consortium, Inc. ("ISC")

bin/named/lwresd.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwresd.c,v 1.53 2006/03/02 00:37:23 marka Exp $ */
+/* $Id: lwresd.c,v 1.46.18.7 2006/03/02 00:37:21 marka Exp $ */
 
 /*! \file 
  * \brief

bin/named/lwresd.docbook

@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004, 2005, 2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000, 2001  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: lwresd.docbook,v 1.14 2007/05/16 01:42:26 marka Exp $ -->
+<!-- $Id: lwresd.docbook,v 1.7.18.3 2005/05/13 01:32:45 marka Exp $ -->
 <refentry>
   <refentryinfo>
     <date>June 30, 2000</date>
@@ -39,7 +39,6 @@
     <copyright>
       <year>2004</year>
       <year>2005</year>
-      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -52,13 +51,11 @@
   <refsynopsisdiv>
     <cmdsynopsis>
       <command>lwresd</command>
-      <arg><option>-c <replaceable class="parameter">config-file</replaceable></option></arg>
       <arg><option>-C <replaceable class="parameter">config-file</replaceable></option></arg>
       <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
       <arg><option>-f</option></arg>
       <arg><option>-g</option></arg>
       <arg><option>-i <replaceable class="parameter">pid-file</replaceable></option></arg>
-      <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
       <arg><option>-P <replaceable class="parameter">port</replaceable></option></arg>
       <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
@@ -66,8 +63,6 @@
       <arg><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
       <arg><option>-u <replaceable class="parameter">user</replaceable></option></arg>
       <arg><option>-v</option></arg>
-      <arg><option>-4</option></arg>
-      <arg><option>-6</option></arg>
     </cmdsynopsis>
   </refsynopsisdiv>
 
@@ -113,43 +108,6 @@
     <title>OPTIONS</title>
 
     <variablelist>
-
-      <varlistentry>
-        <term>-4</term>
-        <listitem>
-          <para>
-            Use IPv4 only even if the host machine is capable of IPv6.
-            <option>-4</option> and <option>-6</option> are mutually
-            exclusive.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-6</term>
-        <listitem>
-          <para>
-            Use IPv6 only even if the host machine is capable of IPv4.
-            <option>-4</option> and <option>-6</option> are mutually
-            exclusive.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <!-- this is in source but not mentioned? does this matter? -->
-      <varlistentry>
-        <term>-c <replaceable class="parameter">config-file</replaceable></term>
-        <listitem>
-          <para>
-            Use <replaceable class="parameter">config-file</replaceable> as the
-            configuration file instead of the default,
-            <filename>/etc/lwresd.conf</filename>.
-	    <!-- Should this be an absolute path name? -->
-	    <term>-c</term> can not be used with <term>-C</term>.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-C <replaceable class="parameter">config-file</replaceable></term>
         <listitem>
@@ -157,7 +115,6 @@
             Use <replaceable class="parameter">config-file</replaceable> as the
             configuration file instead of the default,
             <filename>/etc/resolv.conf</filename>.
-	    <term>-C</term> can not be used with <term>-c</term>.
           </para>
         </listitem>
       </varlistentry>
@@ -192,33 +149,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-i <replaceable class="parameter">pid-file</replaceable></term>
-        <listitem>
-          <para>
-            Use <replaceable class="parameter">pid-file</replaceable> as the
-            PID file instead of the default,
-            <filename>/var/run/lwresd.pid</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-m <replaceable class="parameter">flag</replaceable></term>
-        <listitem>
-          <para>
-            Turn on memory usage debugging flags.  Possible flags are
-            <replaceable class="parameter">usage</replaceable>,
-            <replaceable class="parameter">trace</replaceable>,
-            <replaceable class="parameter">record</replaceable>,
-            <replaceable class="parameter">size</replaceable>, and
-            <replaceable class="parameter">mctx</replaceable>.  
-            These correspond to the ISC_MEM_DEBUGXXXX flags described in
-            <filename>&lt;isc/mem.h&gt;</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-n <replaceable class="parameter">#cpus</replaceable></term>
         <listitem>
@@ -276,7 +206,7 @@
       <varlistentry>
         <term>-t <replaceable class="parameter">directory</replaceable></term>
         <listitem>
-          <para>Chroot
+          <para><function>chroot()</function>
 	    to <replaceable class="parameter">directory</replaceable> after
             processing the command line arguments, but before
             reading the configuration file.
@@ -286,7 +216,7 @@
               This option should be used in conjunction with the
               <option>-u</option> option, as chrooting a process
               running as root doesn't enhance security on most
-              systems; the way <function>chroot(2)</function> is
+              systems; the way <function>chroot()</function> is
               defined allows a process with root privileges to
               escape a chroot jail.
             </para>
@@ -297,7 +227,7 @@
       <varlistentry>
         <term>-u <replaceable class="parameter">user</replaceable></term>
         <listitem>
-          <para>Setuid
+          <para><function>setuid()</function>
 	    to <replaceable class="parameter">user</replaceable> after completing
             privileged operations, such as creating sockets that
             listen on privileged ports.

bin/named/lwresd.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004, 2005 Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000, 2001 Internet Software Consortium.
  - 
  - Permission to use, copy, modify, and distribute this software for any
@@ -14,25 +14,25 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: lwresd.html,v 1.23 2007/05/16 06:12:01 marka Exp $ -->
+<!-- $Id: lwresd.html,v 1.5.18.13 2006/06/29 13:03:01 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>lwresd</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2482688"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
 <p><span class="application">lwresd</span> &#8212; lightweight resolver daemon</p>
 </div>
 <div class="refsynopsisdiv">
 <h2>Synopsis</h2>
-<div class="cmdsynopsis"><p><code class="command">lwresd</code>  [<code class="option">-c <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>] [<code class="option">-4</code>] [<code class="option">-6</code>]</p></div>
+<div class="cmdsynopsis"><p><code class="command">lwresd</code>  [<code class="option">-C <em class="replaceable"><code>config-file</code></em></code>] [<code class="option">-d <em class="replaceable"><code>debug-level</code></em></code>] [<code class="option">-f</code>] [<code class="option">-g</code>] [<code class="option">-i <em class="replaceable"><code>pid-file</code></em></code>] [<code class="option">-n <em class="replaceable"><code>#cpus</code></em></code>] [<code class="option">-P <em class="replaceable"><code>port</code></em></code>] [<code class="option">-p <em class="replaceable"><code>port</code></em></code>] [<code class="option">-s</code>] [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>] [<code class="option">-u <em class="replaceable"><code>user</code></em></code>] [<code class="option">-v</code>]</p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543461"></a><h2>DESCRIPTION</h2>
+<a name="id2549493"></a><h2>DESCRIPTION</h2>
 <p><span><strong class="command">lwresd</strong></span>
       is the daemon providing name lookup
       services to clients that use the BIND 9 lightweight resolver
@@ -67,34 +67,13 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543508"></a><h2>OPTIONS</h2>
+<a name="id2549540"></a><h2>OPTIONS</h2>
 <div class="variablelist"><dl>
-<dt><span class="term">-4</span></dt>
-<dd><p>
-            Use IPv4 only even if the host machine is capable of IPv6.
-            <code class="option">-4</code> and <code class="option">-6</code> are mutually
-            exclusive.
-          </p></dd>
-<dt><span class="term">-6</span></dt>
-<dd><p>
-            Use IPv6 only even if the host machine is capable of IPv4.
-            <code class="option">-4</code> and <code class="option">-6</code> are mutually
-            exclusive.
-          </p></dd>
-<dt><span class="term">-c <em class="replaceable"><code>config-file</code></em></span></dt>
-<dd><p>
-            Use <em class="replaceable"><code>config-file</code></em> as the
-            configuration file instead of the default,
-            <code class="filename">/etc/lwresd.conf</code>.
-	    
-	    <font color="red">&lt;term&gt;-c&lt;/term&gt;</font> can not be used with <font color="red">&lt;term&gt;-C&lt;/term&gt;</font>.
-          </p></dd>
 <dt><span class="term">-C <em class="replaceable"><code>config-file</code></em></span></dt>
 <dd><p>
             Use <em class="replaceable"><code>config-file</code></em> as the
             configuration file instead of the default,
             <code class="filename">/etc/resolv.conf</code>.
-	    <font color="red">&lt;term&gt;-C&lt;/term&gt;</font> can not be used with <font color="red">&lt;term&gt;-c&lt;/term&gt;</font>.
           </p></dd>
 <dt><span class="term">-d <em class="replaceable"><code>debug-level</code></em></span></dt>
 <dd><p>
@@ -111,23 +90,6 @@
             Run the server in the foreground and force all logging
             to <code class="filename">stderr</code>.
           </p></dd>
-<dt><span class="term">-i <em class="replaceable"><code>pid-file</code></em></span></dt>
-<dd><p>
-            Use <em class="replaceable"><code>pid-file</code></em> as the
-            PID file instead of the default,
-            <code class="filename">/var/run/lwresd.pid</code>.
-          </p></dd>
-<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
-<dd><p>
-            Turn on memory usage debugging flags.  Possible flags are
-            <em class="replaceable"><code>usage</code></em>,
-            <em class="replaceable"><code>trace</code></em>,
-            <em class="replaceable"><code>record</code></em>,
-            <em class="replaceable"><code>size</code></em>, and
-            <em class="replaceable"><code>mctx</code></em>.  
-            These correspond to the ISC_MEM_DEBUGXXXX flags described in
-            <code class="filename">&lt;isc/mem.h&gt;</code>.
-          </p></dd>
 <dt><span class="term">-n <em class="replaceable"><code>#cpus</code></em></span></dt>
 <dd><p>
             Create <em class="replaceable"><code>#cpus</code></em> worker threads
@@ -167,7 +129,7 @@
 </dd>
 <dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
 <dd>
-<p>Chroot
+<p><code class="function">chroot()</code>
 	    to <em class="replaceable"><code>directory</code></em> after
             processing the command line arguments, but before
             reading the configuration file.
@@ -178,14 +140,14 @@
               This option should be used in conjunction with the
               <code class="option">-u</code> option, as chrooting a process
               running as root doesn't enhance security on most
-              systems; the way <code class="function">chroot(2)</code> is
+              systems; the way <code class="function">chroot()</code> is
               defined allows a process with root privileges to
               escape a chroot jail.
             </p>
 </div>
 </dd>
 <dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
-<dd><p>Setuid
+<dd><p><code class="function">setuid()</code>
 	    to <em class="replaceable"><code>user</code></em> after completing
             privileged operations, such as creating sockets that
             listen on privileged ports.
@@ -197,7 +159,7 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543925"></a><h2>FILES</h2>
+<a name="id2549940"></a><h2>FILES</h2>
 <div class="variablelist"><dl>
 <dt><span class="term"><code class="filename">/etc/resolv.conf</code></span></dt>
 <dd><p>
@@ -210,14 +172,14 @@
 </dl></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543964"></a><h2>SEE ALSO</h2>
+<a name="id2549979"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">lwres</span>(3)</span>,
       <span class="citerefentry"><span class="refentrytitle">resolver</span>(5)</span>.
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543998"></a><h2>AUTHOR</h2>
+<a name="id2550013"></a><h2>AUTHOR</h2>
 <p><span class="corpauthor">Internet Systems Consortium</span>
     </p>
 </div>

bin/named/lwsearch.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: lwsearch.c,v 1.11 2005/07/12 01:00:13 marka Exp $ */
+/* $Id: lwsearch.c,v 1.8.18.3 2005/07/12 01:22:17 marka Exp $ */
 
 /*! \file */
 

bin/named/main.c

@@ -15,7 +15,7 @@
  * PERFORMANCE OF THIS SOFTWARE.
  */
 
-/* $Id: main.c,v 1.154 2006/12/21 06:02:29 marka Exp $ */
+/* $Id: main.c,v 1.136.18.17 2006/11/10 18:51:14 marka Exp $ */
 
 /*! \file */
 
@@ -670,14 +670,6 @@ setup(void) {
 		ns_g_conffile = absolute_conffile;
 	}
 
-	/*
-	 * Record the server's startup time.
-	 */
-	result = isc_time_now(&ns_g_boottime);
-	if (result != ISC_R_SUCCESS)
-		ns_main_earlyfatal("isc_time_now() failed: %s",
-				   isc_result_totext(result));
-
 	result = create_managers();
 	if (result != ISC_R_SUCCESS)
 		ns_main_earlyfatal("create_managers() failed: %s",

bin/named/named.8

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
 .\" Copyright (C) 2000, 2001, 2003 Internet Software Consortium.
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
@@ -13,13 +13,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named.8,v 1.33 2007/05/16 06:12:01 marka Exp $
+.\" $Id: named.8,v 1.20.18.10 2006/06/29 13:03:01 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: named
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: June 30, 2000
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -33,7 +33,7 @@
 named \- Internet domain name server
 .SH "SYNOPSIS"
 .HP 6
-\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
+\fBnamed\fR [\fB\-4\fR] [\fB\-6\fR] [\fB\-c\ \fR\fB\fIconfig\-file\fR\fR] [\fB\-d\ \fR\fB\fIdebug\-level\fR\fR] [\fB\-f\fR] [\fB\-g\fR] [\fB\-n\ \fR\fB\fI#cpus\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIcache\-file\fR\fR]
 .SH "DESCRIPTION"
 .PP
 \fBnamed\fR
@@ -44,27 +44,22 @@ When invoked without arguments,
 will read the default configuration file
 \fI/etc/named.conf\fR, read any initial data, and listen for queries.
 .SH "OPTIONS"
-.PP
+.TP 3n
 \-4
-.RS 4
 Use IPv4 only even if the host machine is capable of IPv6.
 \fB\-4\fR
 and
 \fB\-6\fR
 are mutually exclusive.
-.RE
-.PP
+.TP 3n
 \-6
-.RS 4
 Use IPv6 only even if the host machine is capable of IPv4.
 \fB\-4\fR
 and
 \fB\-6\fR
 are mutually exclusive.
-.RE
-.PP
+.TP 3n
 \-c \fIconfig\-file\fR
-.RS 4
 Use
 \fIconfig\-file\fR
 as the configuration file instead of the default,
@@ -73,55 +68,32 @@ as the configuration file instead of the default,
 option in the configuration file,
 \fIconfig\-file\fR
 should be an absolute pathname.
-.RE
-.PP
+.TP 3n
 \-d \fIdebug\-level\fR
-.RS 4
 Set the daemon's debug level to
 \fIdebug\-level\fR. Debugging traces from
 \fBnamed\fR
 become more verbose as the debug level increases.
-.RE
-.PP
+.TP 3n
 \-f
-.RS 4
 Run the server in the foreground (i.e. do not daemonize).
-.RE
-.PP
+.TP 3n
 \-g
-.RS 4
 Run the server in the foreground and force all logging to
 \fIstderr\fR.
-.RE
-.PP
-\-m \fIflag\fR
-.RS 4
-Turn on memory usage debugging flags. Possible flags are
-\fIusage\fR,
-\fItrace\fR,
-\fIrecord\fR,
-\fIsize\fR, and
-\fImctx\fR. These correspond to the ISC_MEM_DEBUGXXXX flags described in
-\fI<isc/mem.h>\fR.
-.RE
-.PP
+.TP 3n
 \-n \fI#cpus\fR
-.RS 4
 Create
 \fI#cpus\fR
 worker threads to take advantage of multiple CPUs. If not specified,
 \fBnamed\fR
 will try to determine the number of CPUs present and create one thread per CPU. If it is unable to determine the number of CPUs, a single worker thread will be created.
-.RE
-.PP
+.TP 3n
 \-p \fIport\fR
-.RS 4
 Listen for queries on port
 \fIport\fR. If not specified, the default is port 53.
-.RE
-.PP
+.TP 3n
 \-s
-.RS 4
 Write memory usage statistics to
 \fIstdout\fR
 on exit.
@@ -129,11 +101,10 @@ on exit.
 .B "Note:"
 This option is mainly of interest to BIND 9 developers and may be removed or changed in a future release.
 .RE
-.RE
-.PP
+.TP 3n
 \-t \fIdirectory\fR
-.RS 4
-Chroot to
+\fBchroot()\fR
+to
 \fIdirectory\fR
 after processing the command line arguments, but before reading the configuration file.
 .RS
@@ -141,14 +112,13 @@ after processing the command line arguments, but before reading the configuratio
 This option should be used in conjunction with the
 \fB\-u\fR
 option, as chrooting a process running as root doesn't enhance security on most systems; the way
-\fBchroot(2)\fR
+\fBchroot()\fR
 is defined allows a process with root privileges to escape a chroot jail.
 .RE
-.RE
-.PP
+.TP 3n
 \-u \fIuser\fR
-.RS 4
-Setuid to
+\fBsetuid()\fR
+to
 \fIuser\fR
 after completing privileged operations, such as creating sockets that listen on privileged ports.
 .RS
@@ -156,23 +126,19 @@ after completing privileged operations, such as creating sockets that listen on
 On Linux,
 \fBnamed\fR
 uses the kernel's capability mechanism to drop all root privileges except the ability to
-\fBbind(2)\fR
+\fBbind()\fR
 to a privileged port and set process resource limits. Unfortunately, this means that the
 \fB\-u\fR
 option only works when
 \fBnamed\fR
 is run on kernel 2.2.18 or later, or kernel 2.3.99\-pre3 or later, since previous kernels did not allow privileges to be retained after
-\fBsetuid(2)\fR.
+\fBsetuid()\fR.
 .RE
-.RE
-.PP
+.TP 3n
 \-v
-.RS 4
 Report the version number and exit.
-.RE
-.PP
+.TP 3n
 \-x \fIcache\-file\fR
-.RS 4
 Load data from
 \fIcache\-file\fR
 into the cache of the default view.
@@ -180,22 +146,17 @@ into the cache of the default view.
 .B "Warning:"
 This option must not be used. It is only of interest to BIND 9 developers and may be removed or changed in a future release.
 .RE
-.RE
 .SH "SIGNALS"
 .PP
 In routine operation, signals should not be used to control the nameserver;
 \fBrndc\fR
 should be used instead.
-.PP
+.TP 3n
 SIGHUP
-.RS 4
 Force a reload of the server.
-.RE
-.PP
+.TP 3n
 SIGINT, SIGTERM
-.RS 4
 Shut down the server.
-.RE
 .PP
 The result of sending any other signals to the server is undefined.
 .SH "CONFIGURATION"
@@ -205,16 +166,12 @@ The
 configuration file is too complex to describe in detail here. A complete description is provided in the
 BIND 9 Administrator Reference Manual.
 .SH "FILES"
-.PP
+.TP 3n
 \fI/etc/named.conf\fR
-.RS 4
 The default configuration file.
-.RE
-.PP
+.TP 3n
 \fI/var/run/named.pid\fR
-.RS 4
 The default process\-id file.
-.RE
 .SH "SEE ALSO"
 .PP
 RFC 1033,
@@ -228,7 +185,4 @@ BIND 9 Administrator Reference Manual.
 .PP
 Internet Systems Consortium
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
-.br
-Copyright \(co 2000, 2001, 2003 Internet Software Consortium.
-.br
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")

bin/named/named.conf.5

@@ -1,4 +1,4 @@
-.\" Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+.\" Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
 .\" 
 .\" Permission to use, copy, modify, and distribute this software for any
 .\" purpose with or without fee is hereby granted, provided that the above
@@ -12,13 +12,13 @@
 .\" OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
 .\" PERFORMANCE OF THIS SOFTWARE.
 .\"
-.\" $Id: named.conf.5,v 1.27 2007/05/09 03:33:51 marka Exp $
+.\" $Id: named.conf.5,v 1.1.2.21 2006/09/13 02:56:52 marka Exp $
 .\"
 .hy 0
 .ad l
 .\"     Title: \fInamed.conf\fR
 .\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.71.1 <http://docbook.sf.net/>
+.\" Generator: DocBook XSL Stylesheets v1.70.1 <http://docbook.sf.net/>
 .\"      Date: Aug 13, 2004
 .\"    Manual: BIND9
 .\"    Source: BIND9
@@ -46,14 +46,14 @@ C++ style: // to end of line
 Unix style: # to end of line
 .SH "ACL"
 .sp
-.RS 4
+.RS 3n
 .nf
 acl \fIstring\fR { \fIaddress_match_element\fR; ... };
 .fi
 .RE
 .SH "KEY"
 .sp
-.RS 4
+.RS 3n
 .nf
 key \fIdomain_name\fR {
 	algorithm \fIstring\fR;
@@ -63,7 +63,7 @@ key \fIdomain_name\fR {
 .RE
 .SH "MASTERS"
 .sp
-.RS 4
+.RS 3n
 .nf
 masters \fIstring\fR [ port \fIinteger\fR ] {
 	( \fImasters\fR | \fIipv4_address\fR [port \fIinteger\fR] |
@@ -73,7 +73,7 @@ masters \fIstring\fR [ port \fIinteger\fR ] {
 .RE
 .SH "SERVER"
 .sp
-.RS 4
+.RS 3n
 .nf
 server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen]\fR ) {
 	bogus \fIboolean\fR;
@@ -95,7 +95,7 @@ server ( \fIipv4_address\fR\fI[/prefixlen]\fR | \fIipv6_address\fR\fI[/prefixlen
 .RE
 .SH "TRUSTED\-KEYS"
 .sp
-.RS 4
+.RS 3n
 .nf
 trusted\-keys {
 	\fIdomain_name\fR \fIflags\fR \fIprotocol\fR \fIalgorithm\fR \fIkey\fR; ... 
@@ -104,7 +104,7 @@ trusted\-keys {
 .RE
 .SH "CONTROLS"
 .sp
-.RS 4
+.RS 3n
 .nf
 controls {
 	inet ( \fIipv4_address\fR | \fIipv6_address\fR | * )
@@ -117,7 +117,7 @@ controls {
 .RE
 .SH "LOGGING"
 .sp
-.RS 4
+.RS 3n
 .nf
 logging {
 	channel \fIstring\fR {
@@ -136,7 +136,7 @@ logging {
 .RE
 .SH "LWRES"
 .sp
-.RS 4
+.RS 3n
 .nf
 lwres {
 	listen\-on [ port \fIinteger\fR ] {
@@ -150,7 +150,7 @@ lwres {
 .RE
 .SH "OPTIONS"
 .sp
-.RS 4
+.RS 3n
 .nf
 options {
 	avoid\-v4\-udp\-ports { \fIport\fR; ... };
@@ -192,7 +192,6 @@ options {
 	use\-ixfr \fIboolean\fR;
 	version ( \fIquoted_string\fR | none );
 	allow\-recursion { \fIaddress_match_element\fR; ... };
-	allow\-recursion\-on { \fIaddress_match_element\fR; ... };
 	sortlist { \fIaddress_match_element\fR; ... };
 	topology { \fIaddress_match_element\fR; ... }; // not implemented
 	auth\-nxdomain \fIboolean\fR; // default changed
@@ -209,9 +208,6 @@ options {
 	additional\-from\-cache \fIboolean\fR;
 	query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
 	query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
-	use\-queryport\-pool \fIboolean\fR;
-	queryport\-pool\-ports \fIinteger\fR;
-	queryport\-pool\-updateinterval \fIinteger\fR;
 	cleaning\-interval \fIinteger\fR;
 	min\-roots \fIinteger\fR; // not implemented
 	lame\-ttl \fIinteger\fR;
@@ -252,9 +248,7 @@ options {
 	dialup \fIdialuptype\fR;
 	ixfr\-from\-differences \fIixfrdiff\fR;
 	allow\-query { \fIaddress_match_element\fR; ... };
-	allow\-query\-on { \fIaddress_match_element\fR; ... };
 	allow\-query\-cache { \fIaddress_match_element\fR; ... };
-	allow\-query\-cache\-on { \fIaddress_match_element\fR; ... };
 	allow\-transfer { \fIaddress_match_element\fR; ... };
 	allow\-update { \fIaddress_match_element\fR; ... };
 	allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
@@ -292,7 +286,6 @@ options {
 	use\-alt\-transfer\-source \fIboolean\fR;
 	zone\-statistics \fIboolean\fR;
 	key\-directory \fIquoted_string\fR;
-	try\-tcp\-refresh \fIboolean\fR;
 	zero\-no\-soa\-ttl \fIboolean\fR;
 	zero\-no\-soa\-ttl\-cache \fIboolean\fR;
 	allow\-v6\-synthesis { \fIaddress_match_element\fR; ... }; // obsolete
@@ -312,7 +305,7 @@ options {
 .RE
 .SH "VIEW"
 .sp
-.RS 4
+.RS 3n
 .nf
 view \fIstring\fR \fIoptional_class\fR {
 	match\-clients { \fIaddress_match_element\fR; ... };
@@ -332,7 +325,6 @@ view \fIstring\fR \fIoptional_class\fR {
 		\fIstring\fR \fIinteger\fR \fIinteger\fR \fIinteger\fR \fIquoted_string\fR; ...
 	};
 	allow\-recursion { \fIaddress_match_element\fR; ... };
-	allow\-recursion\-on { \fIaddress_match_element\fR; ... };
 	sortlist { \fIaddress_match_element\fR; ... };
 	topology { \fIaddress_match_element\fR; ... }; // not implemented
 	auth\-nxdomain \fIboolean\fR; // default changed
@@ -349,9 +341,6 @@ view \fIstring\fR \fIoptional_class\fR {
 	additional\-from\-cache \fIboolean\fR;
 	query\-source ( ( \fIipv4_address\fR | * ) | [ address ( \fIipv4_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
 	query\-source\-v6 ( ( \fIipv6_address\fR | * ) | [ address ( \fIipv6_address\fR | * ) ] ) [ port ( \fIinteger\fR | * ) ];
-	use\-queryport\-pool \fIboolean\fR;
-	queryport\-pool\-ports \fIinteger\fR;
-	queryport\-pool\-updateinterval \fIinteger\fR;
 	cleaning\-interval \fIinteger\fR;
 	min\-roots \fIinteger\fR; // not implemented
 	lame\-ttl \fIinteger\fR;
@@ -392,9 +381,7 @@ view \fIstring\fR \fIoptional_class\fR {
 	dialup \fIdialuptype\fR;
 	ixfr\-from\-differences \fIixfrdiff\fR;
 	allow\-query { \fIaddress_match_element\fR; ... };
-	allow\-query\-on { \fIaddress_match_element\fR; ... };
 	allow\-query\-cache { \fIaddress_match_element\fR; ... };
-	allow\-query\-cache\-on { \fIaddress_match_element\fR; ... };
 	allow\-transfer { \fIaddress_match_element\fR; ... };
 	allow\-update { \fIaddress_match_element\fR; ... };
 	allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
@@ -431,7 +418,6 @@ view \fIstring\fR \fIoptional_class\fR {
 		[ port ( \fIinteger\fR | * ) ];
 	use\-alt\-transfer\-source \fIboolean\fR;
 	zone\-statistics \fIboolean\fR;
-	try\-tcp\-refresh \fIboolean\fR;
 	key\-directory \fIquoted_string\fR;
 	zero\-no\-soa\-ttl \fIboolean\fR;
 	zero\-no\-soa\-ttl\-cache \fIboolean\fR;
@@ -444,7 +430,7 @@ view \fIstring\fR \fIoptional_class\fR {
 .RE
 .SH "ZONE"
 .sp
-.RS 4
+.RS 3n
 .nf
 zone \fIstring\fR \fIoptional_class\fR {
 	type ( master | slave | stub | hint |
@@ -467,7 +453,6 @@ zone \fIstring\fR \fIoptional_class\fR {
 	journal \fIquoted_string\fR;
 	zero\-no\-soa\-ttl \fIboolean\fR;
 	allow\-query { \fIaddress_match_element\fR; ... };
-	allow\-query\-on { \fIaddress_match_element\fR; ... };
 	allow\-transfer { \fIaddress_match_element\fR; ... };
 	allow\-update { \fIaddress_match_element\fR; ... };
 	allow\-update\-forwarding { \fIaddress_match_element\fR; ... };
@@ -509,7 +494,6 @@ zone \fIstring\fR \fIoptional_class\fR {
 		[ port ( \fIinteger\fR | * ) ];
 	use\-alt\-transfer\-source \fIboolean\fR;
 	zone\-statistics \fIboolean\fR;
-	try\-tcp\-refresh \fIboolean\fR;
 	key\-directory \fIquoted_string\fR;
 	ixfr\-base \fIquoted_string\fR; // obsolete
 	ixfr\-tmp\-file \fIquoted_string\fR; // obsolete
@@ -526,7 +510,6 @@ zone \fIstring\fR \fIoptional_class\fR {
 .PP
 \fBnamed\fR(8),
 \fBrndc\fR(8),
-BIND 9 Administrator Reference Manual.
+\fBBIND 9 Administrator Reference Manual\fR().
 .SH "COPYRIGHT"
-Copyright \(co 2004\-2007 Internet Systems Consortium, Inc. ("ISC")
-.br
+Copyright \(co 2004\-2006 Internet Systems Consortium, Inc. ("ISC")

bin/named/named.conf.docbook

@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  -
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -17,7 +17,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named.conf.docbook,v 1.29 2007/05/09 01:32:08 marka Exp $ -->
+<!-- $Id: named.conf.docbook,v 1.1.2.23 2006/09/13 00:20:50 marka Exp $ -->
 <refentry>
   <refentryinfo>
     <date>Aug 13, 2004</date>
@@ -39,7 +39,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
-      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
   </docinfo>
@@ -219,7 +218,6 @@ options {
 	use-ixfr <replaceable>boolean</replaceable>;
 	version ( <replaceable>quoted_string</replaceable> | none );
 	allow-recursion { <replaceable>address_match_element</replaceable>; ... };
-	allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
 	sortlist { <replaceable>address_match_element</replaceable>; ... };
 	topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
 	auth-nxdomain <replaceable>boolean</replaceable>; // default changed
@@ -236,9 +234,6 @@ options {
 	additional-from-cache <replaceable>boolean</replaceable>;
 	query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
 	query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
-	use-queryport-pool <replaceable>boolean</replaceable>;
-	queryport-pool-ports <replaceable>integer</replaceable>;
-	queryport-pool-updateinterval <replaceable>integer</replaceable>;
 	cleaning-interval <replaceable>integer</replaceable>;
 	min-roots <replaceable>integer</replaceable>; // not implemented
 	lame-ttl <replaceable>integer</replaceable>;
@@ -282,9 +277,7 @@ options {
 	ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
 
 	allow-query { <replaceable>address_match_element</replaceable>; ... };
-	allow-query-on { <replaceable>address_match_element</replaceable>; ... };
 	allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
-	allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
 	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
 	allow-update { <replaceable>address_match_element</replaceable>; ... };
 	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
@@ -328,7 +321,6 @@ options {
 
 	zone-statistics <replaceable>boolean</replaceable>;
 	key-directory <replaceable>quoted_string</replaceable>;
-	try-tcp-refresh <replaceable>boolean</replaceable>;
 	zero-no-soa-ttl <replaceable>boolean</replaceable>;
 	zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
 
@@ -374,7 +366,6 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	};
 
 	allow-recursion { <replaceable>address_match_element</replaceable>; ... };
-	allow-recursion-on { <replaceable>address_match_element</replaceable>; ... };
 	sortlist { <replaceable>address_match_element</replaceable>; ... };
 	topology { <replaceable>address_match_element</replaceable>; ... }; // not implemented
 	auth-nxdomain <replaceable>boolean</replaceable>; // default changed
@@ -391,9 +382,6 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	additional-from-cache <replaceable>boolean</replaceable>;
 	query-source ( ( <replaceable>ipv4_address</replaceable> | * ) | <optional> address ( <replaceable>ipv4_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
 	query-source-v6 ( ( <replaceable>ipv6_address</replaceable> | * ) | <optional> address ( <replaceable>ipv6_address</replaceable> | * ) </optional> ) <optional> port ( <replaceable>integer</replaceable> | * ) </optional>;
-	use-queryport-pool <replaceable>boolean</replaceable>;
-	queryport-pool-ports <replaceable>integer</replaceable>;
-	queryport-pool-updateinterval <replaceable>integer</replaceable>;
 	cleaning-interval <replaceable>integer</replaceable>;
 	min-roots <replaceable>integer</replaceable>; // not implemented
 	lame-ttl <replaceable>integer</replaceable>;
@@ -437,9 +425,7 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	ixfr-from-differences <replaceable>ixfrdiff</replaceable>;
 
 	allow-query { <replaceable>address_match_element</replaceable>; ... };
-	allow-query-on { <replaceable>address_match_element</replaceable>; ... };
 	allow-query-cache { <replaceable>address_match_element</replaceable>; ... };
-	allow-query-cache-on { <replaceable>address_match_element</replaceable>; ... };
 	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
 	allow-update { <replaceable>address_match_element</replaceable>; ... };
 	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
@@ -482,7 +468,6 @@ view <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	use-alt-transfer-source <replaceable>boolean</replaceable>;
 
 	zone-statistics <replaceable>boolean</replaceable>;
-	try-tcp-refresh <replaceable>boolean</replaceable>;
 	key-directory <replaceable>quoted_string</replaceable>;
 	zero-no-soa-ttl <replaceable>boolean</replaceable>;
 	zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
@@ -522,7 +507,6 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	zero-no-soa-ttl <replaceable>boolean</replaceable>;
 
 	allow-query { <replaceable>address_match_element</replaceable>; ... };
-	allow-query-on { <replaceable>address_match_element</replaceable>; ... };
 	allow-transfer { <replaceable>address_match_element</replaceable>; ... };
 	allow-update { <replaceable>address_match_element</replaceable>; ... };
 	allow-update-forwarding { <replaceable>address_match_element</replaceable>; ... };
@@ -570,7 +554,6 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
 	use-alt-transfer-source <replaceable>boolean</replaceable>;
 
 	zone-statistics <replaceable>boolean</replaceable>;
-	try-tcp-refresh <replaceable>boolean</replaceable>;
 	key-directory <replaceable>quoted_string</replaceable>;
 
 	ixfr-base <replaceable>quoted_string</replaceable>; // obsolete
@@ -596,7 +579,9 @@ zone <replaceable>string</replaceable> <replaceable>optional_class</replaceable>
       <citerefentry>
         <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
       </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
+      <citerefentry>
+        <refentrytitle>BIND 9 Administrator Reference Manual</refentrytitle>
+      </citerefentry>.
     </para>
   </refsect1>
 

bin/named/named.conf.html

@@ -1,5 +1,5 @@
 <!--
- - Copyright (C) 2004-2007 Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006 Internet Systems Consortium, Inc. ("ISC")
  - 
  - Permission to use, copy, modify, and distribute this software for any
  - purpose with or without fee is hereby granted, provided that the above
@@ -13,15 +13,15 @@
  - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
  - PERFORMANCE OF THIS SOFTWARE.
 -->
-<!-- $Id: named.conf.html,v 1.36 2007/05/09 03:33:51 marka Exp $ -->
+<!-- $Id: named.conf.html,v 1.1.2.29 2006/09/13 02:56:52 marka Exp $ -->
 <html>
 <head>
 <meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
 <title>named.conf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.71.1">
+<meta name="generator" content="DocBook XSL Stylesheets V1.70.1">
 </head>
 <body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry" lang="en">
-<a name="id2476275"></a><div class="titlepage"></div>
+<a name="id2482688"></a><div class="titlepage"></div>
 <div class="refnamediv">
 <h2>Name</h2>
 <p><code class="filename">named.conf</code> &#8212; configuration file for named</p>
@@ -31,7 +31,7 @@
 <div class="cmdsynopsis"><p><code class="command">named.conf</code> </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2542042"></a><h2>DESCRIPTION</h2>
+<a name="id2549397"></a><h2>DESCRIPTION</h2>
 <p><code class="filename">named.conf</code> is the configuration file
       for
       <span><strong class="command">named</strong></span>.  Statements are enclosed
@@ -50,14 +50,14 @@
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543367"></a><h2>ACL</h2>
+<a name="id2549425"></a><h2>ACL</h2>
 <div class="literallayout"><p><br>
 acl <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 <br>
 </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543383"></a><h2>KEY</h2>
+<a name="id2549441"></a><h2>KEY</h2>
 <div class="literallayout"><p><br>
 key <em class="replaceable"><code>domain_name</code></em> {<br>
 	algorithm <em class="replaceable"><code>string</code></em>;<br>
@@ -66,7 +66,7 @@ key
 </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543402"></a><h2>MASTERS</h2>
+<a name="id2549460"></a><h2>MASTERS</h2>
 <div class="literallayout"><p><br>
 masters <em class="replaceable"><code>string</code></em> [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
 	( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<span class="optional">port <em class="replaceable"><code>integer</code></em></span>] |<br>
@@ -75,7 +75,7 @@ masters
 </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543448"></a><h2>SERVER</h2>
+<a name="id2549506"></a><h2>SERVER</h2>
 <div class="literallayout"><p><br>
 server ( <em class="replaceable"><code>ipv4_address[<span class="optional">/prefixlen</span>]</code></em> | <em class="replaceable"><code>ipv6_address[<span class="optional">/prefixlen</span>]</code></em> ) {<br>
 	bogus <em class="replaceable"><code>boolean</code></em>;<br>
@@ -97,7 +97,7 @@ server
 </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543516"></a><h2>TRUSTED-KEYS</h2>
+<a name="id2549574"></a><h2>TRUSTED-KEYS</h2>
 <div class="literallayout"><p><br>
 trusted-keys {<br>
 	<em class="replaceable"><code>domain_name</code></em> <em class="replaceable"><code>flags</code></em> <em class="replaceable"><code>protocol</code></em> <em class="replaceable"><code>algorithm</code></em> <em class="replaceable"><code>key</code></em>; ... <br>
@@ -105,7 +105,7 @@ trusted-keys
 </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543542"></a><h2>CONTROLS</h2>
+<a name="id2549600"></a><h2>CONTROLS</h2>
 <div class="literallayout"><p><br>
 controls {<br>
 	inet ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> | * )<br>
@@ -117,7 +117,7 @@ controls
 </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543577"></a><h2>LOGGING</h2>
+<a name="id2549635"></a><h2>LOGGING</h2>
 <div class="literallayout"><p><br>
 logging {<br>
 	channel <em class="replaceable"><code>string</code></em> {<br>
@@ -135,7 +135,7 @@ logging
 </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543616"></a><h2>LWRES</h2>
+<a name="id2549673"></a><h2>LWRES</h2>
 <div class="literallayout"><p><br>
 lwres {<br>
 	listen-on [<span class="optional"> port <em class="replaceable"><code>integer</code></em> </span>] {<br>
@@ -148,7 +148,7 @@ lwres
 </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2543657"></a><h2>OPTIONS</h2>
+<a name="id2549715"></a><h2>OPTIONS</h2>
 <div class="literallayout"><p><br>
 options {<br>
 	avoid-v4-udp-ports { <em class="replaceable"><code>port</code></em>; ... };<br>
@@ -190,7 +190,6 @@ options
 	use-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
 	version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
 	allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-	allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
 	auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
@@ -207,9 +206,6 @@ options
 	additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
 	query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
 	query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
-	use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
-	queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
-	queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
 	cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
 	min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
 	lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
@@ -253,9 +249,7 @@ options
 	ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
 <br>
 	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-	allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-	allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@@ -299,7 +293,6 @@ options
 <br>
 	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
 	key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
-	try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
 	zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
 	zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
 <br>
@@ -319,7 +312,7 @@ options
 </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2544424"></a><h2>VIEW</h2>
+<a name="id2550457"></a><h2>VIEW</h2>
 <div class="literallayout"><p><br>
 view <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
 	match-clients { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@@ -344,7 +337,6 @@ view
 	};<br>
 <br>
 	allow-recursion { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-	allow-recursion-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	sortlist { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	topology { <em class="replaceable"><code>address_match_element</code></em>; ... }; // not implemented<br>
 	auth-nxdomain <em class="replaceable"><code>boolean</code></em>; // default changed<br>
@@ -361,9 +353,6 @@ view
 	additional-from-cache <em class="replaceable"><code>boolean</code></em>;<br>
 	query-source ( ( <em class="replaceable"><code>ipv4_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv4_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
 	query-source-v6 ( ( <em class="replaceable"><code>ipv6_address</code></em> | * ) | [<span class="optional"> address ( <em class="replaceable"><code>ipv6_address</code></em> | * ) </span>] ) [<span class="optional"> port ( <em class="replaceable"><code>integer</code></em> | * ) </span>];<br>
-	use-queryport-pool <em class="replaceable"><code>boolean</code></em>;<br>
-	queryport-pool-ports <em class="replaceable"><code>integer</code></em>;<br>
-	queryport-pool-updateinterval <em class="replaceable"><code>integer</code></em>;<br>
 	cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
 	min-roots <em class="replaceable"><code>integer</code></em>; // not implemented<br>
 	lame-ttl <em class="replaceable"><code>integer</code></em>;<br>
@@ -407,9 +396,7 @@ view
 	ixfr-from-differences <em class="replaceable"><code>ixfrdiff</code></em>;<br>
 <br>
 	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-	allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	allow-query-cache { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-	allow-query-cache-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@@ -452,7 +439,6 @@ view
 	use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
 <br>
 	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
-	try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
 	key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
 	zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
 	zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
@@ -465,7 +451,7 @@ view
 </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545081"></a><h2>ZONE</h2>
+<a name="id2551021"></a><h2>ZONE</h2>
 <div class="literallayout"><p><br>
 zone <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>optional_class</code></em> {<br>
 	type ( master | slave | stub | hint |<br>
@@ -491,7 +477,6 @@ zone
 	zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
 <br>
 	allow-query { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
-	allow-query-on { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	allow-transfer { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	allow-update { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
 	allow-update-forwarding { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
@@ -539,7 +524,6 @@ zone
 	use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
 <br>
 	zone-statistics <em class="replaceable"><code>boolean</code></em>;<br>
-	try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
 	key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
 <br>
 	ixfr-base <em class="replaceable"><code>quoted_string</code></em>; // obsolete<br>
@@ -551,15 +535,15 @@ zone
 </p></div>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545371"></a><h2>FILES</h2>
+<a name="id2551373"></a><h2>FILES</h2>
 <p><code class="filename">/etc/named.conf</code>
     </p>
 </div>
 <div class="refsect1" lang="en">
-<a name="id2545383"></a><h2>SEE ALSO</h2>
+<a name="id2551385"></a><h2>SEE ALSO</h2>
 <p><span class="citerefentry"><span class="refentrytitle">named</span>(8)</span>,
       <span class="citerefentry"><span class="refentrytitle">rndc</span>(8)</span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
+      <span class="citerefentry"><span class="refentrytitle">BIND 9 Administrator Reference Manual</span></span>.
     </p>
 </div>
 </div></body>

bin/named/named.docbook

@@ -1,8 +1,8 @@
-<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-               "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
+<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.0//EN"
+               "http://www.oasis-open.org/docbook/xml/4.0/docbookx.dtd"
 	       [<!ENTITY mdash "&#8212;">]>
 <!--
- - Copyright (C) 2004-2007  Internet Systems Consortium, Inc. ("ISC")
+ - Copyright (C) 2004-2006  Internet Systems Consortium, Inc. ("ISC")
  - Copyright (C) 2000, 2001, 2003  Internet Software Consortium.
  -
  - Permission to use, copy, modify, and distribute this software for any
@@ -18,7 +18,7 @@
  - PERFORMANCE OF THIS SOFTWARE.
 -->
 
-<!-- $Id: named.docbook,v 1.17 2007/05/16 01:42:26 marka Exp $ -->
+<!-- $Id: named.docbook,v 1.7.18.6 2006/01/17 23:49:31 marka Exp $ -->
 <refentry id="man.named">
   <refentryinfo>
     <date>June 30, 2000</date>
@@ -40,7 +40,6 @@
       <year>2004</year>
       <year>2005</year>
       <year>2006</year>
-      <year>2007</year>
       <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
     </copyright>
     <copyright>
@@ -60,7 +59,6 @@
       <arg><option>-d <replaceable class="parameter">debug-level</replaceable></option></arg>
       <arg><option>-f</option></arg>
       <arg><option>-g</option></arg>
-      <arg><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
       <arg><option>-n <replaceable class="parameter">#cpus</replaceable></option></arg>
       <arg><option>-p <replaceable class="parameter">port</replaceable></option></arg>
       <arg><option>-s</option></arg>
@@ -159,22 +157,6 @@
         </listitem>
       </varlistentry>
 
-      <varlistentry>
-        <term>-m <replaceable class="parameter">flag</replaceable></term>
-        <listitem>
-          <para>
-	    Turn on memory usage debugging flags.  Possible flags are
-	    <replaceable class="parameter">usage</replaceable>,
-	    <replaceable class="parameter">trace</replaceable>,
-	    <replaceable class="parameter">record</replaceable>,
-	    <replaceable class="parameter">size</replaceable>, and
-	    <replaceable class="parameter">mctx</replaceable>.
-	    These correspond to the ISC_MEM_DEBUGXXXX flags described in
-	    <filename>&lt;isc/mem.h&gt;</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
       <varlistentry>
         <term>-n <replaceable class="parameter">#cpus</replaceable></term>
         <listitem>
@@ -217,7 +199,7 @@
       <varlistentry>
         <term>-t <replaceable class="parameter">directory</replaceable></term>
         <listitem>
-          <para>Chroot
+          <para><function>chroot()</function>
 	    to <replaceable class="parameter">directory</replaceable> after
             processing the command line arguments, but before
             reading the configuration file.
@@ -227,7 +209,7 @@
               This option should be used in conjunction with the
               <option>-u</option> option, as chrooting a process
               running as root doesn't enhance security on most
-              systems; the way <function>chroot(2)</function> is
+              systems; the way <function>chroot()</function> is
               defined allows a process with root privileges to
               escape a chroot jail.
             </para>
@@ -238,7 +220,7 @@
       <varlistentry>
         <term>-u <replaceable class="parameter">user</replaceable></term>
         <listitem>
-          <para>Setuid
+          <para><function>setuid()</function>
 	    to <replaceable class="parameter">user</replaceable> after completing
             privileged operations, such as creating sockets that
             listen on privileged ports.
@@ -247,7 +229,7 @@
             <para>
               On Linux, <command>named</command> uses the kernel's
               		capability mechanism to drop all root privileges
-              except the ability to <function>bind(2)</function> to
+              except the ability to <function>bind()</function> to
               a
               privileged port and set process resource limits.
               Unfortunately, this means that the <option>-u</option>
@@ -255,7 +237,7 @@
               run
               on kernel 2.2.18 or later, or kernel 2.3.99-pre3 or
               later, since previous kernels did not allow privileges
-              to be retained after <function>setuid(2)</function>.
+              to be retained after <function>setuid()</function>.
             </para>
           </note>
         </listitem>