This commit was manufactured by cvs2git to create tag 'v9_0_0a3'.

.cvsignore

@@ -0,0 +1,6 @@
+Makefile
+config.log
+config.h
+config.cache
+config.status
+libtool

.gitattributes

@@ -1,3 +0,0 @@
-*.sln.in eol=crlf
-*.vcxproj.in eol=crlf
-*.vcxproj.filters.in eol=crlf

.gitignore

@@ -1,36 +0,0 @@
-Makefile
-config.log
-config.h
-config.cache
-config.status
-libtool
-/isc-config.sh
-/configure.lineno
-autom4te.cache/
-*.rej
-*.orig
-*.o
-*.lo
-*.so
-*.a
-*.la
-*.gcno
-*.gcda
-*_test
-*-symtbl.c
-timestamp
-ans.run
-named.run
-named.memstats
-gen.dSYM/
-.ccache/
-.deps/
-.dirstamp
-.libs/
-# ccc-analyzer store its results in .plist directories
-*.plist/
-*~
-.project
-.cproject
-.settings
-kyua.log

.gitlab-ci.yml

@@ -1,441 +0,0 @@
-variables:
-  DEBIAN_FRONTEND: noninteractive
-  LC_ALL: C
-  DOCKER_DRIVER: overlay2
-  CI_REGISTRY_IMAGE: registry.gitlab.isc.org/isc-projects/images/bind9
-  CCACHE_DIR: "/ccache"
-  SOFTHSM2_CONF: "/var/tmp/softhsm2/softhsm2.conf"
-
-stages:
-  - precheck
-  - build
-  - test
-  - push
-
-.centos-centos6-amd64: &centos_centos6_amd64_image
-  image: "$CI_REGISTRY_IMAGE:centos-centos6-amd64"
-  tags:
-    - linux
-    - docker
-    - amd64
-
-.centos-centos7-amd64: &centos_centos7_amd64_image
-  image: "$CI_REGISTRY_IMAGE:centos-centos7-amd64"
-  tags:
-    - linux
-    - docker
-    - amd64
-
-.debian-jessie-amd64: &debian_jessie_amd64_image
-  image: "$CI_REGISTRY_IMAGE:debian-jessie-amd64"
-  tags:
-    - linux
-    - docker
-    - amd64
-
-.debian-jessie-i386: &debian_jessie_i386_image
-  image: "$CI_REGISTRY_IMAGE:debian-jessie-i386"
-  tags:
-    - linux
-    - docker
-    - i386
-
-.debian-stretch-amd64: &debian_stretch_amd64_image
-  image: "$CI_REGISTRY_IMAGE:debian-stretch-amd64"
-  tags:
-    - linux
-    - docker
-    - amd64
-
-.debian-stretch-i386:: &debian_stretch_i386_image
-  image: "$CI_REGISTRY_IMAGE:debian-stretch-i386"
-  tags:
-    - linux
-    - docker
-    - i386
-
-.debian-buster-amd64: &debian_buster_amd64_image
-  image: "$CI_REGISTRY_IMAGE:debian-buster-amd64"
-  tags:
-    - linux
-    - docker
-    - amd64
-
-.debian-buster-i386:: &debian_buster_i386_image
-  image: "$CI_REGISTRY_IMAGE:debian-buster-i386"
-  tags:
-    - linux
-    - docker
-    - i386
-
-.debian-sid-amd64: &debian_sid_amd64_image
-  image: "$CI_REGISTRY_IMAGE:debian-sid-amd64"
-  tags:
-    - linux
-    - docker
-    - amd64
-
-.debian-sid-i386: &debian_sid_i386_image
-  image: "$CI_REGISTRY_IMAGE:debian-sid-i386"
-  tags:
-    - linux
-    - docker
-    - i386
-
-.ubuntu-trusty-amd64: &ubuntu_trusty_amd64_image
-  image: "$CI_REGISTRY_IMAGE:ubuntu-trusty-amd64"
-  tags:
-    - linux
-    - docker
-    - amd64
-
-.ubuntu-trusty-i386: &ubuntu_trusty_i386_image
-  image: "$CI_REGISTRY_IMAGE:ubuntu-trusty-i386"
-  tags:
-    - linux
-    - docker
-    - i386
-
-.ubuntu-xenial-amd64: &ubuntu_xenial_amd64_image
-  image: "$CI_REGISTRY_IMAGE:ubuntu-xenial-amd64"
-  tags:
-    - linux
-    - docker
-    - amd64
-
-.ubuntu-xenial-i386: &ubuntu_xenial_i386_image
-  image: "$CI_REGISTRY_IMAGE:ubuntu-xenial-i386"
-  tags:
-    - linux
-    - docker
-    - i386
-
-.build: &build_job
-  stage: build
-  before_script:
-    - test -w "${CCACHE_DIR}" && export PATH="/usr/lib/ccache:${PATH}"
-#    - ./autogen.sh
-  script:
-    - ./configure --enable-developer --with-libtool --disable-static --with-cmocka --prefix=$HOME/.local --without-make-clean $EXTRA_CONFIGURE || cat config.log
-    - make -j${PARALLEL_JOBS_BUILD:-1} -k all V=1
-  artifacts:
-    paths:
-    - doc/
-    expire_in: '1 hour'
-    untracked: true
-
-.install_test: &install_test_job
-  stage: test
-  before_script:
-    - mkdir $HOME/.local
-  script:
-    - make install
-
-.system_test: &system_test_job
-  stage: test
-  before_script:
-    - rm -rf .ccache
-    - bash -x bin/tests/system/ifconfig.sh up
-    - bash -x util/prepare-softhsm2.sh
-  script:
-    - ( cd bin/tests && make -j${TEST_PARALLEL_JOBS:-1} -k test V=1 )
-    - test -s bin/tests/system/systests.output
-  artifacts:
-    untracked: true
-    expire_in: '1 week'
-    when: on_failure
-
-.unit_test: &unit_test_job
-  stage: test
-  before_script:
-    - export KYUA_RESULT="$CI_PROJECT_DIR/kyua.results"
-    - bash -x util/prepare-softhsm2.sh
-  script:
-    - make unit
-  after_script:
-    - kyua report-html --force --results-file kyua.results --results-filter "" --output kyua_html
-  artifacts:
-    paths:
-    - kyua.log
-    - kyua.results
-    - kyua_html/
-    expire_in: '1 week'
-    when: on_failure
-
-sid:amd64:precheck:
-  <<: *debian_sid_amd64_image
-  stage: precheck
-  script:
-    - sh util/checklibs.sh > checklibs.out
-    - perl util/check-changes CHANGES
-    - perl -w util/merge_copyrights
-    - diff -urNap util/copyrights util/newcopyrights
-    - rm util/newcopyrights
-    - perl -w util/update_copyrights < util/copyrights
-    - if test "$(git status --porcelain | grep -Ev '\?\?' | wc -l)" -gt "0"; then git status --short; exit 1; fi
-    - xmllint --noout --nonet `git ls-files '*.xml' '*.docbook'`
-    - xmllint --noout --nonet --html `git ls-files '*.html'`
-  artifacts:
-    paths:
-    - util/newcopyrights
-    - checklibs.out
-    expire_in: '1 week'
-    when: on_failure
-
-🐞:sid:amd64:precheck:
-  <<: *debian_sid_amd64_image
-  stage: precheck
-  script: util/check-cocci
-
-docs:sid:amd64:
-  <<: *debian_sid_amd64_image
-  stage: test
-  dependencies:
-    - sid:amd64:build
-  script:
-    - make -C doc/misc docbook
-    - make -C doc/arm Bv9ARM.html
-  artifacts:
-    paths:
-    - doc/arm/
-    expire_in: '1 month'
-
-docs:push:
-  <<: *debian_sid_amd64_image
-  stage: push
-  dependencies: []
-  script:
-    - curl -X POST -F token=$GITLAB_PAGES_DOCS_TRIGGER_TOKEN -F ref=master $GITLAB_PAGES_DOCS_TRIGGER_URL
-  only:
-    - master@isc-projects/bind9
-    - /^v9_.*$/@isc-projects/bind9
-
-#jessie:amd64:build:
-#  <<: *debian_jessie_amd64_image
-#  <<: *build_job
-#
-#build:jessie:i386:
-#  <<: *debian_jessie_i386_image
-#  <<: *build_job
-#
-#build:stretch:amd64:
-#  <<: *debian_stretch_amd64_image
-#  <<: *build_job
-#
-#build:debian:buster:i386:
-#  <<: *debian_buster_i386_image
-#  <<: *build_job
-#
-#build:ubuntu:trusty:amd64:
-#  <<: *ubuntu_trusty_amd64_image
-#  <<: *build_job
-#
-#build:ubuntu:xenial:i386:
-#  <<: *ubuntu_xenial_i386_image
-#  <<: *build_job
-
-centos6:amd64:build:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: "--with-libidn2 --disable-warn-error"
-  <<: *centos_centos6_amd64_image
-  <<: *build_job
-
-centos7:amd64:build:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: "--with-libidn2"
-  <<: *centos_centos7_amd64_image
-  <<: *build_job
-
-clang:stretch:amd64:build:
-  variables:
-    CC: clang
-    CFLAGS: "-Wall -Wextra -Wenum-conversion -O2 -g"
-  <<: *debian_stretch_amd64_image
-  <<: *build_job
-
-jessie:amd64:build:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: --without-cmocka
-  <<: *debian_jessie_amd64_image
-  <<: *build_job
-
-stretch:amd64:build:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-  <<: *debian_stretch_amd64_image
-  <<: *build_job
-
-sid:amd64:build:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: "--with-libidn2"
-  <<: *debian_sid_amd64_image
-  <<: *build_job
-
-asan:sid:amd64:build:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g -fsanitize=address,undefined -DISC_MEM_USE_INTERNAL_MALLOC=0"
-    LDFLAGS: "-fsanitize=address,undefined"
-    EXTRA_CONFIGURE: "--with-libidn2"
-  <<: *debian_sid_amd64_image
-  <<: *build_job
-
-clang:stretch:i386:build:
-  variables:
-    CC: clang
-    CFLAGS: "-Wall -Wextra -Wenum-conversion -O2 -g"
-  <<: *debian_stretch_i386_image
-  <<: *build_job
-
-sid:i386:build:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: "--with-libidn2"
-  <<: *debian_sid_i386_image
-  <<: *build_job
-
-unit:centos6:amd64:
-  <<: *centos_centos6_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - centos6:amd64:build
-
-unit:centos7:amd64:
-  <<: *centos_centos7_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - centos7:amd64:build
-
-unit:jessie:amd64:
-  <<: *debian_jessie_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - jessie:amd64:build
-
-unit:stretch:amd64:
-  <<: *debian_stretch_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - stretch:amd64:build
-
-unit:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - sid:amd64:build
-
-unit:asan:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - asan:sid:amd64:build
-
-unit:clang:stretch:amd64:
-  <<: *debian_stretch_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - clang:stretch:amd64:build
-
-unit:sid:i386:
-  <<: *debian_sid_i386_image
-  <<: *unit_test_job
-  dependencies:
-    - sid:i386:build
-
-system:centos6:amd64:
-  <<: *centos_centos6_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - centos6:amd64:build
-
-system:centos7:amd64:
-  <<: *centos_centos7_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - centos7:amd64:build
-
-system:jessie:amd64:
-  <<: *debian_jessie_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - jessie:amd64:build
-
-system:stretch:amd64:
-  <<: *debian_stretch_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - stretch:amd64:build
-
-system:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - sid:amd64:build
-
-system:asan:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - asan:sid:amd64:build
-
-system:sid:i386:
-  <<: *debian_sid_i386_image
-  <<: *system_test_job
-  dependencies:
-    - sid:i386:build
-
-install:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *install_test_job
-  dependencies:
-    - sid:amd64:build
-
-pkcs11:sid:amd64:build:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g"
-    EXTRA_CONFIGURE: "--enable-native-pkcs11 --with-pkcs11=/usr/lib/softhsm/libsofthsm2.so"
-  <<: *debian_sid_amd64_image
-  <<: *build_job
-
-pkcs11:unit:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - pkcs11:sid:amd64:build
-
-pkcs11:system:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - pkcs11:sid:amd64:build
-
-noassert:sid:amd64:build:
-  variables:
-    CC: gcc
-    CFLAGS: "-Wall -Wextra -O2 -g -DISC_CHECK_NONE=1"
-    EXTRA_CONFIGURE: "--with-libidn2"
-  <<: *debian_sid_amd64_image
-  <<: *build_job
-
-noassert:unit:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *unit_test_job
-  dependencies:
-    - noassert:sid:amd64:build
-
-noassert:system:sid:amd64:
-  <<: *debian_sid_amd64_image
-  <<: *system_test_job
-  dependencies:
-    - noassert:sid:amd64:build

.gitlab/issue_templates/Bug.md

@@ -1,46 +0,0 @@
-<!--
-If the bug you are reporting is potentially security-related - for example,
-if it involves an assertion failure or other crash in `named` that can be
-triggered repeatedly - then please do *NOT* report it here, but send an
-email to [security-officer@isc.org](security-officer@isc.org).
--->
-
-### Summary
-
-(Summarize the bug encountered concisely.)
-
-### BIND version used
-
-(Paste the output of `named -V`.)
-
-### Steps to reproduce
-
-(How one can reproduce the issue - this is very important.)
-
-### What is the current *bug* behavior?
-
-(What actually happens.)
-
-### What is the expected *correct* behavior?
-
-(What you should see instead.)
-
-### Relevant configuration files
-
-(Paste any relevant configuration files - please use code blocks (```)
-to format console output. If submitting the contents of your
-configuration file in a non-confidential Issue, it is advisable to
-obscure key secrets: this can be done automatically by using
-`named-checkconf -px`.)
-
-### Relevant logs and/or screenshots
-
-(Paste any relevant logs - please use code blocks (```) to format console
-output, logs, and code, as it's very hard to read otherwise.)
-
-### Possible fixes
-
-(If you can, link to the line of code that might be responsible for the
-problem.)
-
-/label ~bug

.gitlab/issue_templates/Feature_Request.md

@@ -1,11 +0,0 @@
-### Description
-
-(Describe the problem, use cases, benefits, and/or goals.)
-
-### Request
-
-(Describe the solution you'd like to see.)
-
-### Links / references
-
-/label ~"feature request"

.gitlab/issue_templates/release.md

@@ -1,44 +0,0 @@
-## Release Checklist
-
- - [ ] (Manager) Check for the presence of a milestone for the release:
-    - If there is a milestone, are all the issues for the milestone resolved? (other than this checklist).
- - [ ] (Manager) Inform Support/Marketing of impending release (and give estimated release dates).
- - (SwEng) Prepare the sources for tarball generation:
-   - [ ] Check perflab to ensure there has been no unexplained drop in performance for the version being released.
-   - [ ] Ensure that there are no outstanding merge requests in the private repository (subscription version only).
-   - [ ] Update API files for libraries with new version information.
-   - [ ] Change software version and library versions in configure.in (new major release only).
-   - [ ] Rebuild configure using autoconf on docs.isc.org.
-   - [ ] Update CHANGES.
-   - [ ] Update CHANGES.SE (subscription branch only).
-   - [ ] Update "version".
-   - [ ] Update "readme.md".
-   - Check the release notes are correct:
-     - [ ] Compare content with merge requests for the release.
-     - [ ] Check formatting.
-   - [ ] Build documentation on docs.isc.org.
-   - [ ] Commit changes and make sure the gitlab-ci tests are passing.
-   - [ ] Push the changes and tag ("alphatag" is an optional string such as "b1", "rc1" etc.). (```git tag -u <DEVELOPER_KEYID> -a -s -m "BIND 9.X.Y[alphatag]" v9_X_Y[alphatag]```)
-   - [ ] If this is the first tag for a release (e.g. beta), create a release branch named `release_v9_X_Y` (this allows development to continue on the release branch whilst release engineering continues).
- - [ ] (SwEng) Run the "make release" Jenkins job to produce the tarballs and zips.
- - [ ] (SwEng) Ask QA to sanity check the tarball and zips (passing to them the number of the Jenkins job).
- - [ ] (QA) Sanity check the tarballs.
- - [ ] (QA) Request the signature on the tarballs.
- - [ ] (QA) Check signatures on tarballs.
- - [ ] (QA) Tell Support to handle notification of release.
- - [ ] (Manager) Inform Marketing of the release
- - [ ] (Manager) Update the internal [BIND release dates wiki page](https://wiki.isc.org/bin/view/Main/BindReleaseDates) when public announcement has been made.
-
- - [ ] (SwEng) Update DEB and RPM packages
- - [ ] (SwEng) Merge the automatically prepared `prep 9.X.Y` commit which updates `version` and documentation on the release branch into the relevant maintenance branch (`v9_X`)
-
-## Support
- - [ ] Make tarballs and signatures available to download.
- - [ ] Write release email to bind9-announce.
- - [ ] Write email to bind9-users (if a major release).
- - [ ] Update tickets in case of waiting support customers.
-
-## Marketing
- - [ ] Post short note to Twitter.
- - [ ] Update [Wikipedia entry for BIND](http://en.wikipedia.org/wiki/BIND).
- - [ ] Write blog article (if a major release).

CONTRIBUTING

@@ -1,186 +0,0 @@
-BIND Source Access and Contributor Guidelines
-
-Feb 22, 2018
-
-Contents
-
- 1. Access to source code
- 2. Reporting bugs
- 3. Contributing code
-
-Introduction
-
-Thank you for using BIND!
-
-BIND is open source software that implements the Domain Name System (DNS)
-protocols for the Internet. It is a reference implementation of those
-protocols, but it is also production-grade software, suitable for use in
-high-volume and high-reliability applications. It is by far the most
-widely used DNS software, providing a robust and stable platform on top of
-which organizations can build distributed computing systems with the
-knowledge that those systems are fully compliant with published DNS
-standards.
-
-BIND is and will always remain free and openly available. It can be used
-and modified in any way by anyone.
-
-BIND is maintained by the Internet Systems Consortium, a public-benefit
-501(c)(3) nonprofit, using a "managed open source" approach: anyone can
-see the source, but only ISC employees have commit access. Until recently,
-the source could only be seen once ISC had published a release: read
-access to the source repository was restricted just as commit access was.
-That's now changing, with the opening of a public git mirror to the BIND
-source tree (see below).
-
-Access to source code
-
-Public BIND releases are always available from the ISC FTP site.
-
-A public-access GIT repository is also available at https://gitlab.isc.org
-. This repository is a mirror, updated several times per day, of the
-source repository maintained by ISC. It contains all the public release
-branches; upcoming releases can be viewed in their current state at any
-time. It does not contain development branches or unreviewed work in
-progress. Commits which address security vulnerablilities are withheld
-until after public disclosure.
-
-You can browse the source online via https://gitlab.isc.org/isc-projects/
-bind9
-
-To clone the repository, use:
-
-      $ git clone https://gitlab.isc.org/isc-projects/bind9.git
-
-Release branch names are of the form v9_X, where X represents the second
-number in the BIND 9 version number. So, to check out the BIND 9.12
-branch, use:
-
-      $ git checkout v9_12
-
-Whenever a branch is ready for publication, a tag will be placed of the
-form v9_X_Y. The 9.12.0 release, for instance, is tagged as v9_12_0.
-
-The branch in which the next major release is being developed is called
-master.
-
-Reporting bugs
-
-Reports of flaws in the BIND package, including software bugs, errors in
-the documentation, missing files in the tarball, suggested changes or
-requests for new features, etc, can be filed using https://gitlab.isc.org/
-isc-projects/bind9/issues.
-
-Due to a large ticket backlog, we are sometimes slow to respond,
-especially if a bug is cosmetic or if a feature request is vague or low in
-priority, but we will try at least to acknowledge legitimate bug reports
-within a week.
-
-ISC's ticketing system is publicly readable; however, you must have an
-account to file a new issue. You can either register locally or use
-credentials from an existing account at GitHub, GitLab, Google, Twitter,
-or Facebook.
-
-Reporting possible security issues
-
-If you think you may be seeing a potential security vulnerability in BIND
-(for example, a crash with REQUIRE, INSIST, or ASSERT failure), please
-report it immediately by emailing to security-officer@isc.org. Plain-text
-e-mail is not a secure choice for communications concerning undisclosed
-security issues so please encrypt your communications to us if possible,
-using the ISC Security Officer public key.
-
-Do not discuss undisclosed security vulnerabilites on any public mailing
-list. ISC has a long history of handling reported vulnerabilities promptly
-and effectively and we respect and acknowledge responsible reporters.
-
-ISC's Security Vulnerability Disclosure Policy is documented at https://
-kb.isc.org/article/AA-00861/0.
-
-If you have a crash, you may want to consult ?What to do if your BIND or
-DHCP server has crashed.?
-
-Contributing code
-
-BIND is licensed under the Mozilla Public License 2.0. Earier versions
-(BIND 9.10 and earlier) were licensed under the ISC License
-
-ISC does not require an explicit copyright assignment for patch
-contributions. However, by submitting a patch to ISC, you implicitly
-certify that you are the author of the code, that you intend to reliquish
-exclusive copyright, and that you grant permission to publish your work
-under the open source license used for the BIND version(s) to which your
-patch will be applied.
-
-BIND code
-
-Patches for BIND may be submitted directly via merge requests in ISC's
-Gitlab source repository for BIND.
-
-Patches can also be submitted as diffs against a specific version of BIND
--- preferably the current top of the master branch. Diffs may be generated
-using either git format-patch or git diff.
-
-Those wanting to write code for BIND may be interested in the developer
-information page, which includes information about BIND design and coding
-practices, including discussion of internal APIs and overall system
-architecture. (This is a work in progress, and still quite preliminary.)
-
-Every patch submitted will be reviewed by ISC engineers following our code
-review process before it is merged.
-
-It may take considerable time to review patch submissions, especially if
-they don't meet ISC style and quality guidelines. If a patch is a good
-idea, we can and will do additional work to bring it up to par, but if
-we're busy with other work, it may take us a long time to get to it.
-
-To ensure your patch is acted on as promptly as possible, please:
-
-  * Try to adhere to the BIND 9 coding style.
-  * Run make check to ensure your change hasn't caused any functional
-    regressions.
-  * Document your work, both in the patch itself and in the accompanying
-    email.
-  * In patches that make non-trivial functional changes, include system
-    tests if possible; when introducing or substantially altering a
-    library API, include unit tests. See Testing for more information.
-
-Changes to configure
-
-If you need to make changes to configure, you should not edit it directly;
-instead, edit configure.in, then run autoconf. Similarly, instead of
-editing config.h.in directly, edit configure.in and run autoheader.
-
-When submitting a patch as a diff, it's fine to omit the configure diffs
-to save space. Just send the configure.in diffs and we'll generate the new
-configure during the review process.
-
-Documentation
-
-All functional changes should be documented. There are three types of
-documentation in the BIND source tree:
-
-  * Man pages are kept alongside the source code for the commands they
-    document, in files ending in .docbook; for example, the named man page
-    is bin/named/named.docbook.
-  * The BIND 9 Administrator Reference Manual is mostly in doc/arm/
-    Bv9ARM-book.xml, plus a few other XML files that are included in it.
-  * API documentation is in the header file describing the API, in
-    Doxygen-formatted comments.
-
-It is not necessary to edit any documentation files other than these; all
-PDF, HTML, and nroff-format man page files will be updated automatically
-from the docbook and XML files after merging.
-
-Patches to improve existing documentation are also very welcome!
-
-Tests
-
-BIND is a large and complex project. We rely heavily on continuous
-automated testing and cannot merge new code without adequate test
-coverage. Please see the 'Testing' section of doc/dev/dev.md for more
-information.
-
-Thanks
-
-Thank you for your interest in contributing to the ongoing development of
-BIND.

CONTRIBUTING.md

@@ -1,201 +0,0 @@
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-## BIND Source Access and Contributor Guidelines
-*Feb 22, 2018*
-
-### Contents
-
-1. [Access to source code](#access)
-1. [Reporting bugs](#bugs)
-1. [Contributing code](#contrib)
-
-### Introduction
-
-Thank you for using BIND!
-
-BIND is open source software that implements the Domain Name System (DNS)
-protocols for the Internet. It is a reference implementation of those
-protocols, but it is also production-grade software, suitable for use in
-high-volume and high-reliability applications.  It is by far the most
-widely used DNS software, providing a robust and stable platform on top of
-which organizations can build distributed computing systems with the
-knowledge that those systems are fully compliant with published DNS
-standards.
-
-BIND is and will always remain free and openly available.  It can be
-used and modified in any way by anyone.
-
-BIND is maintained by the [Internet Systems Consortium](https://www.isc.org),
-a public-benefit 501(c)(3) nonprofit, using a "managed open source" approach:
-anyone can see the source, but only ISC employees have commit access.
-Until recently, the source could only be seen once ISC had published
-a release: read access to the source repository was restricted just
-as commit access was.  That's now changing, with the opening of a
-public git mirror to the BIND source tree (see below).
-
-### <a name="access"></a>Access to source code
-
-Public BIND releases are always available from the
-[ISC FTP site](ftp://ftp.isc.org/isc/bind9).
-
-A public-access GIT repository is also available at
-[https://gitlab.isc.org](https://gitlab.isc.org).
-This repository is a mirror, updated several times per day, of the
-source repository maintained by ISC.  It contains all the public release
-branches; upcoming releases can be viewed in their current state at any
-time.  It does *not* contain development branches or unreviewed work in
-progress.  Commits which address security vulnerablilities are withheld
-until after public disclosure.
-
-You can browse the source online via
-[https://gitlab.isc.org/isc-projects/bind9](https://gitlab.isc.org/isc-projects/bind9)
-
-To clone the repository, use:
-
->       $ git clone https://gitlab.isc.org/isc-projects/bind9.git
-
-Release branch names are of the form `v9_X`, where X represents the second
-number in the BIND 9 version number.  So, to check out the BIND 9.12
-branch, use:
-
->       $ git checkout v9_12
-
-Whenever a branch is ready for publication, a tag will be placed of the
-form `v9_X_Y`.  The 9.12.0 release, for instance, is tagged as `v9_12_0`.
-
-The branch in which the next major release is being developed is called
-`master`.
-
-### <a name="bugs"></a>Reporting bugs
-
-Reports of flaws in the BIND package, including software bugs, errors
-in the documentation, missing files in the tarball, suggested changes
-or requests for new features, etc, can be filed using
-[https://gitlab.isc.org/isc-projects/bind9/issues](https://gitlab.isc.org/isc-projects/bind9/issues).
-
-Due to a large ticket backlog, we are sometimes slow to respond,
-especially if a bug is cosmetic or if a feature request is vague or
-low in priority, but we will try at least to acknowledge legitimate
-bug reports within a week.
-
-ISC's ticketing system is publicly readable; however, you must have
-an account to file a new issue. You can either register locally or
-use credentials from an existing account at GitHub, GitLab, Google,
-Twitter, or Facebook.
-
-### Reporting possible security issues
-If you think you may be seeing a potential security vulnerability in BIND
-(for example, a crash with REQUIRE, INSIST, or ASSERT failure), please
-report it immediately by emailing to security-officer@isc.org. Plain-text
-e-mail is not a secure choice for communications concerning undisclosed
-security issues so please encrypt your communications to us if possible,
-using the [ISC Security Officer public key](https://www.isc.org/downloads/software-support-policy/openpgp-key/).
-
-Do not discuss undisclosed security vulnerabilites on any public mailing list.
-ISC has a long history of handling reported vulnerabilities promptly and
-effectively and we respect and acknowledge responsible reporters.
-
-ISC's Security Vulnerability Disclosure Policy is documented at [https://kb.isc.org/article/AA-00861/0](https://kb.isc.org/article/AA-00861/0).
-
-If you have a crash, you may want to consult
-[‘What to do if your BIND or DHCP server has crashed.’](https://kb.isc.org/article/AA-00340/89/What-to-do-if-your-BIND-or-DHCP-server-has-crashed.html)
-
-### <a name="bugs"></a>Contributing code
-
-BIND is licensed under the
-[Mozilla Public License 2.0](http://www.isc.org/downloads/software-support-policy/isc-license/).
-Earier versions (BIND 9.10 and earlier) were licensed under the [ISC License](http://www.isc.org/downloads/software-support-policy/isc-license/)
-
-ISC does not require an explicit copyright assignment for patch
-contributions.  However, by submitting a patch to ISC, you implicitly
-certify that you are the author of the code, that you intend to reliquish
-exclusive copyright, and that you grant permission to publish your work
-under the open source license used for the BIND version(s) to which your
-patch will be applied.
-
-#### <a name="bind"></a>BIND code
-
-Patches for BIND may be submitted directly via merge requests in
-[ISC's Gitlab](https://gitlab.isc.org/isc-projects/bind9/) source
-repository for BIND.
-
-Patches can also be submitted as diffs against a specific version of
-BIND -- preferably the current top of the `master` branch.  Diffs may
-be generated using either `git format-patch` or `git diff`.
-
-Those wanting to write code for BIND may be interested in the
-[developer information](doc/dev/dev.md) page, which includes information
-about BIND design and coding practices, including discussion of internal
-APIs and overall system architecture.  (This is a work in progress, and
-still quite preliminary.)
-
-Every patch submitted will be reviewed by ISC engineers following our
-[code review process](doc/dev/dev.md#reviews) before it is merged.
-
-It may take considerable time to review patch submissions, especially if
-they don't meet ISC style and quality guidelines.  If a patch is a good
-idea, we can and will do additional work to bring it up to par, but if
-we're busy with other work, it may take us a long time to get to it.
-
-To ensure your patch is acted on as promptly as possible, please:
-
-* Try to adhere to the [BIND 9 coding style](doc/dev/style.md).
-* Run `make` `check` to ensure your change hasn't caused any
-  functional regressions.
-* Document your work, both in the patch itself and in the
-  accompanying email.
-* In patches that make non-trivial functional changes, include system
-  tests if possible; when introducing or substantially altering a
-  library API, include unit tests. See [Testing](doc/dev/dev.md#testing)
-  for more information.
-
-##### Changes to `configure`
-
-If you need to make changes to `configure`, you should not edit it
-directly; instead, edit `configure.in`, then run `autoconf`.  Similarly,
-instead of editing `config.h.in` directly, edit `configure.in` and run
-`autoheader`.
-
-When submitting a patch as a diff, it's fine to omit the `configure`
-diffs to save space.  Just send the `configure.in` diffs and we'll
-generate the new `configure` during the review process.
-
-##### Documentation
-
-All functional changes should be documented. There are three types
-of documentation in the BIND source tree:
-
-* Man pages are kept alongside the source code for the commands
-  they document, in files ending in `.docbook`; for example, the
-  `named` man page is `bin/named/named.docbook`.
-* The *BIND 9 Administrator Reference Manual* is mostly in
-  `doc/arm/Bv9ARM-book.xml`, plus a few other XML files that are included
-  in it.
-* API documentation is in the header file describing the API, in
-  Doxygen-formatted comments.
-
-It is not necessary to edit any documentation files other than these;
-all PDF, HTML, and `nroff`-format man page files will be updated
-automatically from the `docbook` and `XML` files after merging.
-
-Patches to improve existing documentation are also very welcome!
-
-##### Tests
-
-BIND is a large and complex project. We rely heavily on continuous
-automated testing and cannot merge new code without adequate test coverage.
-Please see [the 'Testing' section of doc/dev/dev.md](doc/dev/dev.md#testing)
-for more information.
-
-#### Thanks
-
-Thank you for your interest in contributing to the ongoing development
-of BIND.

COPYRIGHT

@@ -1,594 +0,0 @@
-Copyright (C) 1996-2018  Internet Systems Consortium, Inc. ("ISC")
-
-This Source Code Form is subject to the terms of the Mozilla Public
-License, v. 2.0. If a copy of the MPL was not distributed with this
-file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
- -----------------------------------------------------------------------------
-
-	Portions of this code release fall under one or more of the
-	following Copyright notices.  Please see individual source
-	files for details.
-
-	For binary releases also see: OpenSSL-LICENSE.
-
-Copyright (C) 1996-2001  Nominum, Inc.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND NOMINUM DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NOMINUM BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT
-OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 1995-2000 by Network Associates, Inc.
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
-ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
-WARRANTIES OF MERCHANTABILITY AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE
-FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 2002 Stichting NLnet, Netherlands, stichting@nlnet.nl.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the
-above copyright notice and this permission notice appear in all
-copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND STICHTING NLNET
-DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-STICHTING NLNET BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
-USE OR PERFORMANCE OF THIS SOFTWARE.
-
-The development of Dynamically Loadable Zones (DLZ) for Bind 9 was
-conceived and contributed by Rob Butler.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the
-above copyright notice and this permission notice appear in all
-copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND ROB BUTLER
-DISCLAIMS ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL
-ROB BUTLER BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR
-CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS
-OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE
-USE OR PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1987, 1990, 1993, 1994
-     The Regents of the University of California.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. Neither the name of the University nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE REGENTS AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE REGENTS OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) The Internet Society 2005.  This version of
-this module is part of RFC 4178; see the RFC itself for
-full legal notices.
-
-(The above copyright notice is per RFC 3978 5.6 (a), q.v.)
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 2004 Masarykova universita
-(Masaryk University, Brno, Czech Republic)
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are met:
-
-1. Redistributions of source code must retain the above copyright notice,
-   this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the University nor the names of its contributors may
-   be used to endorse or promote products derived from this software
-   without specific prior written permission.
- 
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS"
-AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT OWNER OR CONTRIBUTORS BE
-LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1997 - 2003 Kungliga Tekniska Högskolan
-(Royal Institute of Technology, Stockholm, Sweden). 
-All rights reserved. 
-
-Redistribution and use in source and binary forms, with or without 
-modification, are permitted provided that the following conditions 
-are met: 
-
-1. Redistributions of source code must retain the above copyright 
-   notice, this list of conditions and the following disclaimer. 
-
-2. Redistributions in binary form must reproduce the above copyright 
-   notice, this list of conditions and the following disclaimer in the 
-   documentation and/or other materials provided with the distribution. 
-
-3. Neither the name of the Institute nor the names of its contributors 
-   may be used to endorse or promote products derived from this software 
-   without specific prior written permission. 
-
-THIS SOFTWARE IS PROVIDED BY THE INSTITUTE AND CONTRIBUTORS ``AS IS'' AND 
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE 
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE 
-ARE DISCLAIMED.  IN NO EVENT SHALL THE INSTITUTE OR CONTRIBUTORS BE LIABLE 
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL 
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS 
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION) 
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT 
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY 
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF 
-SUCH DAMAGE. 
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1998 Doug Rabson
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright ((c)) 2002, Rice University
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions are
-met:
-
-    * Redistributions of source code must retain the above copyright
-    notice, this list of conditions and the following disclaimer.
-
-    * Redistributions in binary form must reproduce the above
-    copyright notice, this list of conditions and the following
-    disclaimer in the documentation and/or other materials provided
-    with the distribution.
-
-    * Neither the name of Rice University (RICE) nor the names of its
-    contributors may be used to endorse or promote products derived
-    from this software without specific prior written permission.
-
-
-This software is provided by RICE and the contributors on an "as is"
-basis, without any representations or warranties of any kind, express
-or implied including, but not limited to, representations or
-warranties of non-infringement, merchantability or fitness for a
-particular purpose. In no event shall RICE or contributors be liable
-for any direct, indirect, incidental, special, exemplary, or
-consequential damages (including, but not limited to, procurement of
-substitute goods or services; loss of use, data, or profits; or
-business interruption) however caused and on any theory of liability,
-whether in contract, strict liability, or tort (including negligence
-or otherwise) arising in any way out of the use of this software, even
-if advised of the possibility of such damage.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1993 by Digital Equipment Corporation.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies, and that
-the name of Digital Equipment Corporation not be used in advertising or
-publicity pertaining to distribution of the document or software without
-specific, written prior permission.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND DIGITAL EQUIPMENT CORP. DISCLAIMS ALL
-WARRANTIES WITH REGARD TO THIS SOFTWARE, INCLUDING ALL IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS.   IN NO EVENT SHALL DIGITAL EQUIPMENT
-CORPORATION BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
-DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
-PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
-ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright 2000 Aaron D. Gifford.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. Neither the name of the copyright holder nor the names of contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
- 
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR(S) AND CONTRIBUTOR(S) ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR(S) OR CONTRIBUTOR(S) BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1998 Doug Rabson.
-Copyright (c) 2001 Jake Burkholder.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE AUTHOR AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE AUTHOR OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 1995, 1996, 1997, and 1998 WIDE Project.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-3. Neither the name of the project nor the names of its contributors
-   may be used to endorse or promote products derived from this software
-   without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE PROJECT AND CONTRIBUTORS ``AS IS'' AND
-ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE
-ARE DISCLAIMED.  IN NO EVENT SHALL THE PROJECT OR CONTRIBUTORS BE LIABLE
-FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR CONSEQUENTIAL
-DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS
-OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT
-LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY
-OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
-SUCH DAMAGE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1999-2000 by Nortel Networks Corporation
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND NORTEL NETWORKS DISCLAIMS
-ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
-OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL NORTEL NETWORKS
-BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES
-OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS,
-WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION,
-ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
-SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 2000-2002 Japan Network Information Center.  All rights reserved.
- 
-By using this file, you agree to the terms and conditions set forth bellow.
-
-                        LICENSE TERMS AND CONDITIONS 
-
-The following License Terms and Conditions apply, unless a different
-license is obtained from Japan Network Information Center ("JPNIC"),
-a Japanese association, Kokusai-Kougyou-Kanda Bldg 6F, 2-3-4 Uchi-Kanda,
-Chiyoda-ku, Tokyo 101-0047, Japan.
-
-1. Use, Modification and Redistribution (including distribution of any
-   modified or derived work) in source and/or binary forms is permitted
-   under this License Terms and Conditions.
-
-2. Redistribution of source code must retain the copyright notices as they
-   appear in each source code file, this License Terms and Conditions.
-
-3. Redistribution in binary form must reproduce the Copyright Notice,
-   this License Terms and Conditions, in the documentation and/or other
-   materials provided with the distribution.  For the purposes of binary
-   distribution the "Copyright Notice" refers to the following language:
-   "Copyright (c) 2000-2002 Japan Network Information Center.  All rights
-   reserved."
-
-4. The name of JPNIC may not be used to endorse or promote products
-   derived from this Software without specific prior written approval of
-   JPNIC.
-
-5. Disclaimer/Limitation of Liability: THIS SOFTWARE IS PROVIDED BY JPNIC
-   "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT
-   LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A
-   PARTICULAR PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL JPNIC BE LIABLE
-   FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-   CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-   SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR
-   BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-   WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-   OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-   ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
-
- -----------------------------------------------------------------------------
-
-Copyright (C) 2004  Nominet, Ltd.
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND NOMINET DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS.  IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-
- -----------------------------------------------------------------------------
-
-Portions Copyright RSA Security Inc.
-
-License to copy and use this software is granted provided that it is
-identified as "RSA Security Inc. PKCS #11 Cryptographic Token Interface
-(Cryptoki)" in all material mentioning or referencing this software.
-
-License is also granted to make and use derivative works provided that
-such works are identified as "derived from the RSA Security Inc. PKCS #11
-Cryptographic Token Interface (Cryptoki)" in all material mentioning or
-referencing the derived work.
-
-RSA Security Inc. makes no representations concerning either the
-merchantability of this software or the suitability of this software for
-any particular purpose. It is provided "as is" without express or implied
-warranty of any kind.
-
- -----------------------------------------------------------------------------
-
-Copyright (c) 1996, David Mazieres <dm@uun.org>
-Copyright (c) 2008, Damien Miller <djm@openbsd.org>
-
-Permission to use, copy, modify, and distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND THE AUTHOR DISCLAIMS ALL WARRANTIES
-WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF
-MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL THE AUTHOR BE LIABLE FOR
-ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF
-OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-
------------------------------------------------------------------------------
-
-Copyright (c) 2000-2001 The OpenSSL Project.  All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in
-   the documentation and/or other materials provided with the
-   distribution.
-
-3. All advertising materials mentioning features or use of this
-   software must display the following acknowledgment:
-   "This product includes software developed by the OpenSSL Project
-   for use in the OpenSSL Toolkit. (http://www.OpenSSL.org/)"
-
-4. The names "OpenSSL Toolkit" and "OpenSSL Project" must not be used to
-   endorse or promote products derived from this software without
-   prior written permission. For written permission, please contact
-   licensing@OpenSSL.org.
-
-5. Products derived from this software may not be called "OpenSSL"
-   nor may "OpenSSL" appear in their names without prior written
-   permission of the OpenSSL Project.
-
-6. Redistributions of any form whatsoever must retain the following
-   acknowledgment:
-   "This product includes software developed by the OpenSSL Project
-   for use in the OpenSSL Toolkit (http://www.OpenSSL.org/)"
-
-THIS SOFTWARE IS PROVIDED BY THE OpenSSL PROJECT ``AS IS'' AND ANY
-EXPRESSED OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE
-IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE OpenSSL PROJECT OR
-ITS CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL,
-SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT
-NOT LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES;
-LOSS OF USE, DATA, OR PROFITS; OR BUSINESS INTERRUPTION)
-HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN CONTRACT,
-STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED
-OF THE POSSIBILITY OF SUCH DAMAGE.
-
------------------------------------------------------------------------------
-
-Copyright (c) 1995, 1997, 1998 The NetBSD Foundation, Inc.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-1. Redistributions of source code must retain the above copyright
-   notice, this list of conditions and the following disclaimer.
-2. Redistributions in binary form must reproduce the above copyright
-   notice, this list of conditions and the following disclaimer in the
-   documentation and/or other materials provided with the distribution.
-
-THIS SOFTWARE IS PROVIDED BY THE NETBSD FOUNDATION, INC. AND CONTRIBUTORS
-``AS IS'' AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE ARE DISCLAIMED.  IN NO EVENT SHALL THE FOUNDATION OR CONTRIBUTORS
-BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR
-CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF
-SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS
-INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN
-CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE)
-ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE
-POSSIBILITY OF SUCH DAMAGE.
-
------------------------------------------------------------------------------
-
-Copyright (C) 2008-2011  Red Hat, Inc.
-
-Permission to use, copy, modify, and/or distribute this software for any
-purpose with or without fee is hereby granted, provided that the above
-copyright notice and this permission notice appear in all copies.
-
-THE SOFTWARE IS PROVIDED "AS IS" AND Red Hat DISCLAIMS ALL WARRANTIES WITH
-REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-AND FITNESS.  IN NO EVENT SHALL Red Hat BE LIABLE FOR ANY SPECIAL, DIRECT,
-INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-PERFORMANCE OF THIS SOFTWARE.
-
------------------------------------------------------------------------------
-
-Copyright (c) 2013-2014, Farsight Security, Inc.
-All rights reserved.
-
-Redistribution and use in source and binary forms, with or without
-modification, are permitted provided that the following conditions
-are met:
-
-1. Redistributions of source code must retain the above copyright
-notice, this list of conditions and the following disclaimer.
-
-2. Redistributions in binary form must reproduce the above copyright
-notice, this list of conditions and the following disclaimer in the
-documentation and/or other materials provided with the distribution.
-
-3. Neither the name of the copyright holder nor the names of its
-contributors may be used to endorse or promote products derived from
-this software without specific prior written permission.
-
-THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS
-"AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED
-TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR
-PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR
-CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL,
-EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO,
-PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS;
-OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY,
-WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR
-OTHERWISE) ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF
-ADVISED OF THE POSSIBILITY OF SUCH DAMAGE.
-
------------------------------------------------------------------------------
-
-Copyright (c) 2014 by Farsight Security, Inc.
-
-Licensed under the Apache License, Version 2.0 (the "License");
-you may not use this file except in compliance with the License.
-You may obtain a copy of the License at
-
-   http://www.apache.org/licenses/LICENSE-2.0
-
-Unless required by applicable law or agreed to in writing, software
-distributed under the License is distributed on an "AS IS" BASIS,
-WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
-See the License for the specific language governing permissions and
-limitations under the License.

HISTORY

@@ -1,524 +0,0 @@
-Functional enhancements from prior major releases of BIND 9
-
-BIND 9.11
-
-BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier
-releases. New features include:
-
-  * Added support for Catalog Zones, a new method for provisioning
-    servers: a list of zones to be served is stored in a DNS zone, along
-    with their configuration parameters. Changes to the catalog zone are
-    propagated to slaves via normal AXFR/IXFR, whereupon the zones that
-    are listed in it are automatically added, deleted or reconfigured.
-  * Added support for "dnstap", a fast and flexible method of capturing
-    and logging DNS traffic.
-  * Added support for "dyndb", a new API for loading zone data from an
-    external database, developed by Red Hat for the FreeIPA project.
-  * "fetchlimit" quotas are now compiled in by default. These are for the
-    use of recursive resolvers that are are under high query load for
-    domains whose authoritative servers are nonresponsive or are
-    experiencing a denial of service attack:
-      + "fetches-per-server" limits the number of simultaneous queries
-        that can be sent to any single authoritative server. The
-        configured value is a starting point; it is automatically adjusted
-        downward if the server is partially or completely non-responsive.
-        The algorithm used to adjust the quota can be configured via the
-        "fetch-quota-params" option.
-      + "fetches-per-zone" limits the number of simultaneous queries that
-        can be sent for names within a single domain. (Note: Unlike
-        "fetches-per-server", this value is not self-tuning.)
-      + New stats counters have been added to count queries spilled due to
-        these quotas.
-  * Added a new "dnssec-keymgr" key mainenance utility, which can generate
-    or update keys as needed to ensure that a zone's keys match a defined
-    DNSSEC policy.
-  * The experimental "SIT" feature in BIND 9.10 has been renamed "COOKIE"
-    and is no longer optional. EDNS COOKIE is a mechanism enabling clients
-    to detect off-path spoofed responses, and servers to detect
-    spoofed-source queries. Clients that identify themselves using COOKIE
-    options are not subject to response rate limiting (RRL) and can
-    receive larger UDP responses.
-  * SERVFAIL responses can now be cached for a limited time (defaulting to
-    1 second, with an upper limit of 30). This can reduce the frequency of
-    retries when a query is persistently failing.
-  * Added an "nsip-wait-recurse" switch to RPZ. This causes NSIP rules to
-    be skipped if a name server IP address isn't in the cache yet; the
-    address will be looked up and the rule will be applied on future
-    queries.
-  * Added a Python RNDC module. This allows multiple commands to sent over
-    a persistent RNDC channel, which saves time.
-  * The "controls" block in named.conf can now grant read-only "rndc"
-    access to specified clients or keys. Read-only clients could, for
-    example, check "rndc status" but could not reconfigure or shut down
-    the server.
-  * "rndc" commands can now return arbitrarily large amounts of text to
-    the caller.
-  * The zone serial number of a dynamically updatable zone can now be set
-    via "rndc signing -serial ". This allows inline-signing zones to be
-    set to a specific serial number.
-  * The new "rndc nta" command can be used to set a Negative Trust Anchor
-    (NTA), disabling DNSSEC validation for a specific domain; this can be
-    used when responses from a domain are known to be failing validation
-    due to administrative error rather than because of a spoofing attack.
-    Negative trust anchors are strictly temporary; by default they expire
-    after one hour, but can be configured to last up to one week.
-  * "rndc delzone" can now be used on zones that were not originally
-    created by "rndc addzone".
-  * "rndc modzone" reconfigures a single zone, without requiring the
-    entire server to be reconfigured.
-  * "rndc showzone" displays the current configuration of a zone.
-  * "rndc managed-keys" can be used to check the status of RFC 5001
-    managed trust anchors, or to force trust anchors to be refreshed.
-  * "max-cache-size" can now be set to a percentage of available memory.
-    The default is 90%.
-  * Update forwarding performance has been improved by allowing a single
-    TCP connection to be shared by multiple updates.
-  * The EDNS Client Subnet (ECS) option is now supported for authoritative
-    servers; if a query contains an ECS option then ACLs containing
-    "geoip" or "ecs" elements can match against the the address encoded in
-    the option. This can be used to select a view for a query, so that
-    different answers can be provided depending on the client network.
-  * The EDNS EXPIRE option has been implemented on the client side,
-    allowing a slave server to set the expiration timer correctly when
-    transferring zone data from another slave server.
-  * The key generation and manipulation tools (dnssec-keygen,
-    dnssec-settime, dnssec-importkey, dnssec-keyfromlabel) now take
-    "-Psync" and "-Dsync" options to set the publication and deletion
-    times of CDS and CDNSKEY parent-synchronization records. Both named
-    and dnssec-signzone can now publish and remove these records at the
-    scheduled times.
-  * A new "minimal-any" option reduces the size of UDP responses for query
-    type ANY by returning a single arbitrarily selected RRset instead of
-    all RRsets.
-  * A new "masterfile-style" zone option controls the formatting of text
-    zone files: When set to "full", a zone file is dumped in
-    single-line-per-record format.
-  * "serial-update-method" can now be set to "date". On update, the serial
-    number will be set to the current date in YYYYMMDDNN format.
-  * "dnssec-signzone -N date" sets the serial number to YYYYMMDDNN.
-  * "named -L " causes named to send log messages to the specified file by
-    default instead of to the system log.
-  * "dig +ttlunits" prints TTL values with time-unit suffixes: w, d, h, m,
-    s for weeks, days, hours, minutes, and seconds.
-  * "dig +unknownformat" prints dig output in RFC 3597 "unknown record"
-    presentation format.
-  * "dig +ednsopt" allows dig to set arbitrary EDNS options on requests.
-  * "dig +ednsflags" allows dig to set yet-to-be-defined EDNS flags on
-    requests.
-  * "mdig" is an alternate version of dig which sends multiple pipelined
-    TCP queries to a server. Instead of waiting for a response after
-    sending a query, it sends all queries immediately and displays
-    responses in the order received.
-  * "serial-query-rate" no longer controls NOTIFY messages. These are
-    separately controlled by "notify-rate" and "startup-notify-rate".
-  * "nsupdate" now performs "check-names" processing by default on records
-    to be added. This can be disabled with "check-names no".
-  * The statistics channel now supports DEFLATE compression, reducing the
-    size of the data sent over the network when querying statistics.
-  * New counters have been added to the statistics channel to track the
-    sizes of incoming queries and outgoing responses in histogram buckets,
-    as specified in RSSAC002.
-  * A new NXDOMAIN redirect method (option "nxdomain-redirect") has been
-    added, allowing redirection to a specified DNS namespace instead of a
-    single redirect zone.
-  * When starting up, named now ensures that no other named process is
-    already running.
-  * Files created by named to store information, including "mkeys" and
-    "nzf" files, are now named after their corresponding views unless the
-    view name contains characters incompatible with use as a filename. Old
-    style filenames (based on the hash of the view name) will still work.
-
-BIND 9.10.0
-
-BIND 9.10.0 includes a number of changes from BIND 9.9 and earlier
-releases. New features include:
-
-  * DNS Response-rate limiting (DNS RRL), which blunts the impact of
-    reflection and amplification attacks, is always compiled in and no
-    longer requires a compile-time option to enable it.
-  * An experimental "Source Identity Token" (SIT) EDNS option is now
-    available. Similar to DNS Cookies as invented by Donald Eastlake 3rd,
-    these are designed to enable clients to detect off-path spoofed
-    responses, and to enable servers to detect spoofed-source queries.
-    Servers can be configured to send smaller responses to clients that
-    have not identified themselves using a SIT option, reducing the
-    effectiveness of amplification attacks. RRL processing has also been
-    updated; clients proven to be legitimate via SIT are not subject to
-    rate limiting. Use "configure --enable-sit" to enable this feature in
-    BIND.
-  * A new zone file format, "map", stores zone data in a format that can
-    be mapped directly into memory, allowing significantly faster zone
-    loading.
-  * "delv" (domain entity lookup and validation) is a new tool with
-    dig-like semantics for looking up DNS data and performing internal
-    DNSSEC validation. This allows easy validation in environments where
-    the resolver may not be trustworthy, and assists with troubleshooting
-    of DNSSEC problems. (NOTE: In previous development releases of BIND
-    9.10, this utility was called "delve". The spelling has been changed
-    to avoid confusion with the "delve" utility included with the Xapian
-    search engine.)
-  * Improved EDNS(0) processing for better resolver performance and
-    reliability over slow or lossy connections.
-  * A new "configure --with-tuning=large" option tunes certain compiled-in
-    constants and default settings to values better suited to large
-    servers with abundant memory. This can improve performance on such
-    servers, but will consume more memory and may degrade performance on
-    smaller systems.
-  * Substantial improvement in response-policy zone (RPZ) performance. Up
-    to 32 response-policy zones can be configured with minimal performance
-    loss.
-  * To improve recursive resolver performance, cache records which are
-    still being requested by clients can now be automatically refreshed
-    from the authoritative server before they expire, reducing or
-    eliminating the time window in which no answer is available in the
-    cache.
-  * New "rpz-client-ip" triggers and drop policies allowing response
-    policies based on the IP address of the client.
-  * ACLs can now be specified based on geographic location using the
-    MaxMind GeoIP databases. Use "configure --with-geoip" to enable.
-  * Zone data can now be shared between views, allowing multiple views to
-    serve the same zones authoritatively without storing multiple copies
-    in memory.
-  * New XML schema (version 3) for the statistics channel includes many
-    new statistics and uses a flattened XML tree for faster parsing. The
-    older schema is now deprecated.
-  * A new stylesheet, based on the Google Charts API, displays XML
-    statistics in charts and graphs on javascript-enabled browsers.
-  * The statistics channel can now provide data in JSON format as well as
-    XML.
-  * New stats counters track TCP and UDP queries received per zone, and
-    EDNS options received in total.
-  * The internal and export versions of the BIND libraries (libisc,
-    libdns, etc) have been unified so that external library clients can
-    use the same libraries as BIND itself.
-  * A new compile-time option, "configure --enable-native-pkcs11", allows
-    BIND 9 cryptography functions to use the PKCS#11 API natively, so that
-    BIND can drive a cryptographic hardware service module (HSM) directly
-    instead of using a modified OpenSSL as an intermediary. (Note: This
-    feature requires an HSM to have a full implementation of the PKCS#11
-    API; many current HSMs only have partial implementations. The new
-    "pkcs11-tokens" command can be used to check API completeness. Native
-    PKCS#11 is known to work with the Thales nShield HSM and with SoftHSM
-    version 2 from the Open DNSSEC project.)
-  * The new "max-zone-ttl" option enforces maximum TTLs for zones. This
-    can simplify the process of rolling DNSSEC keys by guaranteeing that
-    cached signatures will have expired within the specified amount of
-    time.
-  * "dig +subnet" sends an EDNS CLIENT-SUBNET option when querying.
-  * "dig +expire" sends an EDNS EXPIRE option when querying. When this
-    option is sent with an SOA query to a server that supports it, it will
-    report the expiry time of a slave zone.
-  * New "dnssec-coverage" tool to check DNSSEC key coverage for a zone and
-    report if a lapse in signing coverage has been inadvertently
-    scheduled.
-  * Signing algorithm flexibility and other improvements for the "rndc"
-    control channel.
-  * "named-checkzone" and "named-compilezone" can now read journal files,
-    allowing them to process dynamic zones.
-  * Multiple DLZ databases can now be configured. Individual zones can be
-    configured to be served from a specific DLZ database. DLZ databases
-    now serve zones of type "master" and "redirect".
-  * "rndc zonestatus" reports information about a specified zone.
-  * "named" now listens on IPv6 as well as IPv4 interfaces by default.
-  * "named" now preserves the capitalization of names when responding to
-    queries: for instance, a query for "example.com" may be answered with
-    "example.COM" if the name was configured that way in the zone file.
-    Some clients have a bug causing them to depend on the older behavior,
-    in which the case of the answer always matched the case of the query,
-    rather than the case of the name configured in the DNS. Such clients
-    can now be specified in the new "no-case-compress" ACL; this will
-    restore the older behavior of "named" for those clients only.
-  * new "dnssec-importkey" command allows the use of offline DNSSEC keys
-    with automatic DNSKEY management.
-  * New "named-rrchecker" tool to verify the syntactic correctness of
-    individual resource records.
-  * When re-signing a zone, the new "dnssec-signzone -Q" option drops
-    signatures from keys that are still published but are no longer
-    active.
-  * "named-checkconf -px" will print the contents of configuration files
-    with the shared secrets obscured, making it easier to share
-    configuration (e.g. when submitting a bug report) without revealing
-    private information.
-  * "rndc scan" causes named to re-scan network interfaces for changes in
-    local addresses.
-  * On operating systems with support for routing sockets, network
-    interfaces are re-scanned automatically whenever they change.
-  * "tsig-keygen" is now available as an alternate command name to use for
-    "ddns-confgen".
-
-BIND 9.9.0
-
-BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
-releases. New features include:
-
-  * Inline signing, allowing automatic DNSSEC signing of master zones
-    without modification of the zonefile, or "bump in the wire" signing in
-    slaves.
-  * NXDOMAIN redirection.
-  * New 'rndc flushtree' command clears all data under a given name from
-    the DNS cache.
-  * New 'rndc sync' command dumps pending changes in a dynamic zone to
-    disk without a freeze/thaw cycle.
-  * New 'rndc signing' command displays or clears signing status records
-    in 'auto-dnssec' zones.
-  * NSEC3 parameters for 'auto-dnssec' zones can now be set prior to
-    signing, eliminating the need to initially sign with NSEC.
-  * Startup time improvements on large authoritative servers.
-  * Slave zones are now saved in raw format by default.
-  * Several improvements to response policy zones (RPZ).
-  * Improved hardware scalability by using multiple threads to listen for
-    queries and using finer-grained client locking
-  * The 'also-notify' option now takes the same syntax as 'masters', so it
-    can used named masterlists and TSIG keys.
-  * 'dnssec-signzone -D' writes an output file containing only DNSSEC
-    data, which can be included by the primary zone file.
-  * 'dnssec-signzone -R' forces removal of signatures that are not expired
-    but were created by a key which no longer exists.
-  * 'dnssec-signzone -X' allows a separate expiration date to be specified
-    for DNSKEY signatures from other signatures.
-  * New '-L' option to dnssec-keygen, dnssec-settime, and
-    dnssec-keyfromlabel sets the default TTL for the key.
-  * dnssec-dsfromkey now supports reading from standard input, to make it
-    easier to convert DNSKEY to DS.
-  * RFC 1918 reverse zones have been added to the empty-zones table per
-    RFC 6303.
-  * Dynamic updates can now optionally set the zone's SOA serial number to
-    the current UNIX time.
-  * DLZ modules can now retrieve the source IP address of the querying
-    client.
-  * 'request-ixfr' option can now be set at the per-zone level.
-  * 'dig +rrcomments' turns on comments about DNSKEY records, indicating
-    their key ID, algorithm and function
-  * Simplified nsupdate syntax and added readline support
-
-BIND 9.8.0
-
-BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
-releases. New features include:
-
-  * Built-in trust anchor for the root zone, which can be switched on via
-    "dnssec-validation auto;"
-  * Support for DNS64.
-  * Support for response policy zones (RPZ).
-  * Support for writable DLZ zones.
-  * Improved ease of configuration of GSS/TSIG for interoperability with
-    Active Directory
-  * Support for GOST signing algorithm for DNSSEC.
-  * Removed RTT Banding from server selection algorithm.
-  * New "static-stub" zone type.
-  * Allow configuration of resolver timeouts via "resolver-query-timeout"
-    option.
-  * The DLZ "dlopen" driver is now built by default.
-  * Added a new include file with function typedefs for the DLZ "dlopen"
-    driver.
-  * Made "--with-gssapi" default.
-  * More verbose error reporting from DLZ LDAP.
-
-BIND 9.7.0
-
-BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
-releases. Most are intended to simplify DNSSEC configuration. New features
-include:
-
-  * Fully automatic signing of zones by "named".
-  * Simplified configuration of DNSSEC Lookaside Validation (DLV).
-  * Simplified configuration of Dynamic DNS, using the "ddns-confgen"
-    command line tool or the "local" update-policy option. (As a side
-    effect, this also makes it easier to configure automatic zone
-    re-signing.)
-  * New named option "attach-cache" that allows multiple views to share a
-    single cache.
-  * DNS rebinding attack prevention.
-  * New default values for dnssec-keygen parameters.
-  * Support for RFC 5011 automated trust anchor maintenance
-  * Smart signing: simplified tools for zone signing and key maintenance.
-  * The "statistics-channels" option is now available on Windows.
-  * A new DNSSEC-aware libdns API for use by non-BIND9 applications
-  * On some platforms, named and other binaries can now print out a stack
-    backtrace on assertion failure, to aid in debugging.
-  * A "tools only" installation mode on Windows, which only installs dig,
-    host, nslookup and nsupdate.
-  * Improved PKCS#11 support, including Keyper support and explicit
-    OpenSSL engine selection.
-
-BIND 9.6.0
-
-  * Full NSEC3 support
-  * Automatic zone re-signing
-  * New update-policy methods tcp-self and 6to4-self
-  * The BIND 8 resolver library, libbind, has been removed from the BIND 9
-    distribution and is now available as a separate download.
-  * Change the default pid file location from /var/run to /var/run/
-    {named,lwresd} for improved chroot/setuid support.
-
-BIND 9.5.0
-
-  * GSS-TSIG support (RFC 3645).
-  * DHCID support.
-  * Experimental http server and statistics support for named via xml.
-  * More detailed statistics counters including those supported in BIND 8.
-  * Faster ACL processing.
-  * Use Doxygen to generate internal documentation.
-  * Efficient LRU cache-cleaning mechanism.
-  * NSID support.
-
-BIND 9.4.0
-
-  * Implemented "additional section caching (or acache)", an internal
-    cache framework for additional section content to improve response
-    performance. Several configuration options were provided to control
-    the behavior.
-  * New notify type 'master-only'. Enable notify for master zones only.
-  * Accept 'notify-source' style syntax for query-source.
-  * rndc now allows addresses to be set in the server clauses.
-  * New option "allow-query-cache". This lets "allow-query" be used to
-    specify the default zone access level rather than having to have every
-    zone override the global value. "allow-query-cache" can be set at both
-    the options and view levels. If "allow-query-cache" is not set then
-    "allow-recursion" is used if set, otherwise "allow-query" is used if
-    set unless "recursion no;" is set in which case "none;" is used,
-    otherwise the default (localhost; localnets;) is used.
-  * rndc: the source address can now be specified.
-  * ixfr-from-differences now takes master and slave in addition to yes
-    and no at the options and view levels.
-  * Allow the journal's name to be changed via named.conf.
-  * 'rndc notify zone [class [view]]' resend the NOTIFY messages for the
-    specified zone.
-  * 'dig +trace' now randomly selects the next servers to try. Report if
-    there is a bad delegation.
-  * Improve check-names error messages.
-  * Make public the function to read a key file, dst_key_read_public().
-  * dig now returns the byte count for axfr/ixfr.
-  * allow-update is now settable at the options / view level.
-  * named-checkconf now checks the logging configuration.
-  * host now can turn on memory debugging flags with '-m'.
-  * Don't send notify messages to self.
-  * Perform sanity checks on NS records which refer to 'in zone' names.
-  * New zone option "notify-delay". Specify a minimum delay between sets
-    of NOTIFY messages.
-  * Extend adjusting TTL warning messages.
-  * Named and named-checkzone can now both check for non-terminal wildcard
-    records.
-  * "rndc freeze/thaw" now freezes/thaws all zones.
-  * named-checkconf now check acls to verify that they only refer to
-    existing acls.
-  * The server syntax has been extended to support a range of servers.
-  * Report differences between hints and real NS rrset and associated
-    address records.
-  * Preserve the case of domain names in rdata during zone transfers.
-  * Restructured the data locking framework using architecture dependent
-    atomic operations (when available), improving response performance on
-    multi-processor machines significantly. x86, x86_64, alpha, powerpc,
-    and mips are currently supported.
-  * UNIX domain controls are now supported.
-  * Add support for additional zone file formats for improving loading
-    performance. The masterfile-format option in named.conf can be used to
-    specify a non-default format. A separate command named-compilezone was
-    provided to generate zone files in the new format. Additionally, the
-    -I and -O options for dnssec-signzone specify the input and output
-    formats.
-  * dnssec-signzone can now randomize signature end times (dnssec-signzone
-    -j jitter).
-  * Add support for CH A record.
-  * Add additional zone data constancy checks. named-checkzone has
-    extended checking of NS, MX and SRV record and the hosts they
-    reference. named has extended post zone load checks. New zone options:
-    check-mx and integrity-check.
-  * edns-udp-size can now be overridden on a per server basis.
-  * dig can now specify the EDNS version when making a query.
-  * Added framework for handling multiple EDNS versions.
-  * Additional memory debugging support to track size and mctx arguments.
-  * Detect duplicates of UDP queries we are recursing on and drop them.
-    New stats category "duplicates".
-  * "USE INTERNAL MALLOC" is now runtime selectable.
-  * The lame cache is now done on a basis as some servers only appear to
-    be lame for certain query types.
-  * Limit the number of recursive clients that can be waiting for a single
-    query () to resolve. New options clients-per-query and
-    max-clients-per-query.
-  * dig: report the number of extra bytes still left in the packet after
-    processing all the records.
-  * Support for IPSECKEY rdata type.
-  * Raise the UDP recieve buffer size to 32k if it is less than 32k.
-  * x86 and x86_64 now have seperate atomic locking implementations.
-  * named-checkconf now validates update-policy entries.
-  * Attempt to make the amount of work performed in a iteration self
-    tuning. The covers nodes clean from the cache per iteration, nodes
-    written to disk when rewriting a master file and nodes destroyed per
-    iteration when destroying a zone or a cache.
-  * ISC string copy API.
-  * Automatic empty zone creation for D.F.IP6.ARPA and friends. Note: RFC
-    1918 zones are not yet covered by this but are likely to be in a
-    future release.
-  * New options: empty-server, empty-contact, empty-zones-enable and
-    disable-empty-zone.
-  * dig now has a '-q queryname' and '+showsearch' options.
-  * host/nslookup now continue (default)/fail on SERVFAIL.
-  * dig now warns if 'RA' is not set in the answer when 'RD' was set in
-    the query. host/nslookup skip servers that fail to set 'RA' when 'RD'
-    is set unless a server is explicitly set.
-  * Integrate contibuted DLZ code into named.
-  * Integrate contibuted IDN code from JPNIC.
-  * libbind: corresponds to that from BIND 8.4.7.
-
-BIND 9.3.0
-
-  * DNSSEC is now DS based (RFC 3658).
-  * DNSSEC lookaside validation.
-  * check-names is now implemented.
-  * rrset-order is more complete.
-  * IPv4/IPv6 transition support, dual-stack-servers.
-  * IXFR deltas can now be generated when loading master files,
-    ixfr-from-differences.
-  * It is now possible to specify the size of a journal, max-journal-size.
-  * It is now possible to define a named set of master servers to be used
-    in masters clause, masters.
-  * The advertised EDNS UDP size can now be set, edns-udp-size.
-  * allow-v6-synthesis has been obsoleted.
-  * Zones containing MD and MF will now be rejected.
-  * dig, nslookup name. now report "Not Implemented" as NOTIMP rather than
-    NOTIMPL. This will have impact on scripts that are looking for
-    NOTIMPL.
-  * libbind: corresponds to that from BIND 8.4.5.
-
-BIND 9.2.0
-
-  * The size of the cache can now be limited using the "max-cache-size"
-    option.
-  * The server can now automatically convert RFC1886-style recursive
-    lookup requests into RFC2874-style lookups, when enabled using the new
-    option "allow-v6-synthesis". This allows stub resolvers that support
-    AAAA records but not A6 record chains or binary labels to perform
-    lookups in domains that make use of these IPv6 DNS features.
-  * Performance has been improved.
-  * The man pages now use the more portable "man" macros rather than the
-    "mandoc" macros, and are installed by "make install".
-  * The named.conf parser has been completely rewritten. It now supports
-    "include" directives in more places such as inside "view" statements,
-    and it no longer has any reserved words.
-  * The "rndc status" command is now implemented.
-  * rndc can now be configured automatically.
-  * A BIND 8 compatible stub resolver library is now included in lib/bind.
-  * OpenSSL has been removed from the distribution. This means that to use
-    DNSSEC, OpenSSL must be installed and the --with-openssl option must
-    be supplied to configure. This does not apply to the use of TSIG,
-    which does not require OpenSSL.
-  * The source distribution now builds on Windows. See win32utils/
-    readme1.txt and win32utils/win32-build.txt for details.
-  * This distribution also includes a new lightweight stub resolver
-    library and associated resolver daemon that fully support forward and
-    reverse lookups of both IPv4 and IPv6 addresses. This library is
-    considered experimental and is not a complete replacement for the BIND
-    8 resolver library. Applications that use the BIND 8 res_* functions
-    to perform DNS lookups or dynamic updates still need to be linked
-    against the BIND 8 libraries. For DNS lookups, they can also use the
-    new "getrrsetbyname()" API.
-  * BIND 9.2 is capable of acting as an authoritative server for DNSSEC
-    secured zones. This functionality is believed to be stable and
-    complete except for lacking support for verifications involving
-    wildcard records in secure zones.
-  * When acting as a caching server, BIND 9.2 can be configured to perform
-    DNSSEC secure resolution on behalf of its clients. This part of the
-    DNSSEC implementation is still considered experimental. For detailed
-    information about the state of the DNSSEC implementation, see the file
-    doc/misc/dnssec.

HISTORY.md

@@ -1,542 +0,0 @@
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-### Functional enhancements from prior major releases of BIND 9
-
-#### BIND 9.11
-
-BIND 9.11.0 includes a number of changes from BIND 9.10 and earlier
-releases.  New features include:
-
-- Added support for Catalog Zones, a new method for provisioning servers: a
-  list of zones to be served is stored in a DNS zone, along with their
-  configuration parameters. Changes to the catalog zone are propagated to
-  slaves via normal AXFR/IXFR, whereupon the zones that are listed in it
-  are automatically added, deleted or reconfigured.
-- Added support for "dnstap", a fast and flexible method of capturing and
-  logging DNS traffic.
-- Added support for "dyndb", a new API for loading zone data from an
-  external database, developed by Red Hat for the FreeIPA project.
-- "fetchlimit" quotas are now compiled in by default.  These are for the
-  use of recursive resolvers that are are under high query load for domains
-  whose authoritative servers are nonresponsive or are experiencing a
-  denial of service attack:
-    - "fetches-per-server" limits the number of simultaneous queries that
-      can be sent to any single authoritative server.  The configured value
-      is a starting point; it is automatically adjusted downward if the
-      server is partially or completely non-responsive. The algorithm used
-      to adjust the quota can be configured via the "fetch-quota-params"
-      option.
-    - "fetches-per-zone" limits the number of simultaneous queries that can
-      be sent for names within a single domain.  (Note: Unlike
-      "fetches-per-server", this value is not self-tuning.)
-    - New stats counters have been added to count queries spilled due to
-      these quotas.
-- Added a new "dnssec-keymgr" key mainenance utility, which can generate or
-  update keys as needed to ensure that a zone's keys match a defined DNSSEC
-  policy.
-- The experimental "SIT" feature in BIND 9.10 has been renamed "COOKIE" and
-  is no longer optional. EDNS COOKIE is a mechanism enabling clients to
-  detect off-path spoofed responses, and servers to detect spoofed-source
-  queries.  Clients that identify themselves using COOKIE options are not
-  subject to response rate limiting (RRL) and can receive larger UDP
-  responses.
-- SERVFAIL responses can now be cached for a limited time (defaulting to 1
-  second, with an upper limit of 30).  This can reduce the frequency of
-  retries when a query is persistently failing.
-- Added an "nsip-wait-recurse" switch to RPZ. This causes NSIP rules to be
-  skipped if a name server IP address isn't in the cache yet; the address
-  will be looked up and the rule will be applied on future queries.
-- Added a Python RNDC module. This allows multiple commands to sent over a
-  persistent RNDC channel, which saves time.
-- The "controls" block in named.conf can now grant read-only "rndc" access
-  to specified clients or keys. Read-only clients could, for example, check
-  "rndc status" but could not reconfigure or shut down the server.
-- "rndc" commands can now return arbitrarily large amounts of text to the
-  caller.
-- The zone serial number of a dynamically updatable zone can now be set via
-  "rndc signing -serial <number> <zonename>".  This allows inline-signing
-  zones to be set to a specific serial number.
-- The new "rndc nta" command can be used to set a Negative Trust Anchor
-  (NTA), disabling DNSSEC validation for a specific domain; this can be
-  used when responses from a domain are known to be failing validation due
-  to administrative error rather than because of a spoofing attack.
-  Negative trust anchors are strictly temporary; by default they expire
-  after one hour, but can be configured to last up to one week.
-- "rndc delzone" can now be used on zones that were not originally created
-  by "rndc addzone".
-- "rndc modzone" reconfigures a single zone, without requiring the entire
-  server to be reconfigured.
-- "rndc showzone" displays the current configuration of a zone.
-- "rndc managed-keys" can be used to check the status of RFC 5001 managed
-  trust anchors, or to force trust anchors to be refreshed.
-- "max-cache-size" can now be set to a percentage of available memory. The
-  default is 90%.
-- Update forwarding performance has been improved by allowing a single TCP
-  connection to be shared by multiple updates.
-- The EDNS Client Subnet (ECS) option is now supported for authoritative
-  servers; if a query contains an ECS option then ACLs containing "geoip"
-  or "ecs" elements can match against the the address encoded in the
-  option.  This can be used to select a view for a query, so that different
-  answers can be provided depending on the client network.
-- The EDNS EXPIRE option has been implemented on the client side, allowing
-  a slave server to set the expiration timer correctly when transferring
-  zone data from another slave server.
-- The key generation and manipulation tools (dnssec-keygen, dnssec-settime,
-  dnssec-importkey, dnssec-keyfromlabel) now take "-Psync" and "-Dsync"
-  options to set the publication and deletion times of CDS and CDNSKEY
-  parent-synchronization records.  Both named and dnssec-signzone can now
-  publish and remove these records at the scheduled times.
-- A new "minimal-any" option reduces the size of UDP responses for query
-  type ANY by returning a single arbitrarily selected RRset instead of all
-  RRsets.
-- A new "masterfile-style" zone option controls the formatting of text zone
-  files:  When set to "full", a zone file is dumped in
-  single-line-per-record format.
-- "serial-update-method" can now be set to "date". On update, the serial
-  number will be set to the current date in YYYYMMDDNN format.
-- "dnssec-signzone -N date" sets the serial number to YYYYMMDDNN.
-- "named -L <filename>" causes named to send log messages to the specified
-  file by default instead of to the system log.
-- "dig +ttlunits" prints TTL values with time-unit suffixes: w, d, h, m, s
-  for weeks, days, hours, minutes, and seconds.
-- "dig +unknownformat" prints dig output in RFC 3597 "unknown record"
-  presentation format.
-- "dig +ednsopt" allows dig to set arbitrary EDNS options on requests.
-- "dig +ednsflags" allows dig to set yet-to-be-defined EDNS flags on
-  requests.
-- "mdig" is an alternate version of dig which sends multiple pipelined TCP
-  queries to a server.  Instead of waiting for a response after sending a
-  query, it sends all queries immediately and displays responses in the
-  order received.
-- "serial-query-rate" no longer controls NOTIFY messages.  These are
-  separately controlled by "notify-rate" and "startup-notify-rate".
-- "nsupdate" now performs "check-names" processing by default on records to
-  be added.  This can be disabled with "check-names no".
-- The statistics channel now supports DEFLATE compression, reducing the
-  size of the data sent over the network when querying statistics.
-- New counters have been added to the statistics channel to track the sizes
-  of incoming queries and outgoing responses in histogram buckets, as
-  specified in RSSAC002.
-- A new NXDOMAIN redirect method (option "nxdomain-redirect") has been
-  added, allowing redirection to a specified DNS namespace instead of a
-  single redirect zone.
-- When starting up, named now ensures that no other named process is
-  already running.
-- Files created by named to store information, including "mkeys" and "nzf"
-  files, are now named after their corresponding views unless the view name
-  contains characters incompatible with use as a filename. Old style
-  filenames (based on the hash of the view name) will still work.
-
-#### BIND 9.10.0
-
-BIND 9.10.0 includes a number of changes from BIND 9.9 and earlier
-releases.  New features include:
-
- - DNS Response-rate limiting (DNS RRL), which blunts the
-   impact of reflection and amplification attacks, is always
-   compiled in and no longer requires a compile-time option
-   to enable it.
- - An experimental "Source Identity Token" (SIT) EDNS option
-   is now available.  Similar to DNS Cookies as invented by
-   Donald Eastlake 3rd, these are designed to enable clients
-   to detect off-path spoofed responses, and to enable servers
-   to detect spoofed-source queries.  Servers can be configured
-   to send smaller responses to clients that have not identified
-   themselves using a SIT option, reducing the effectiveness of
-   amplification attacks.  RRL processing has also been updated;
-   clients proven to be legitimate via SIT are not subject to
-   rate limiting.  Use "configure --enable-sit" to enable this
-   feature in BIND.
- - A new zone file format, "map", stores zone data in a
-   format that can be mapped directly into memory, allowing
-   significantly faster zone loading.
- - "delv" (domain entity lookup and validation) is a new tool
-   with dig-like semantics for looking up DNS data and performing
-   internal DNSSEC validation.  This allows easy validation in
-   environments where the resolver may not be trustworthy, and
-   assists with troubleshooting of DNSSEC problems. (NOTE:
-   In previous development releases of BIND 9.10, this utility
-   was called "delve". The spelling has been changed to avoid
-   confusion with the "delve" utility included with the Xapian
-   search engine.)
- - Improved EDNS(0) processing for better resolver performance
-   and reliability over slow or lossy connections.
- - A new "configure --with-tuning=large" option tunes certain
-   compiled-in constants and default settings to values better
-   suited to large servers with abundant memory.  This can
-   improve performance on such servers, but will consume more
-   memory and may degrade performance on smaller systems.
- - Substantial improvement in response-policy zone (RPZ)
-   performance.  Up to 32 response-policy zones can be
-   configured with minimal performance loss.
- - To improve recursive resolver performance, cache records
-   which are still being requested by clients can now be
-   automatically refreshed from the authoritative server
-   before they expire, reducing or eliminating the time
-   window in which no answer is available in the cache.
- - New "rpz-client-ip" triggers and drop policies allowing
-   response policies based on the IP address of the client.
- - ACLs can now be specified based on geographic location
-   using the MaxMind GeoIP databases.  Use "configure
-   --with-geoip" to enable.
- - Zone data can now be shared between views, allowing
-   multiple views to serve the same zones authoritatively
-   without storing multiple copies in memory.
- - New XML schema (version 3) for the statistics channel
-   includes many new statistics and uses a flattened XML tree
-   for faster parsing. The older schema is now deprecated.
- - A new stylesheet, based on the Google Charts API, displays
-   XML statistics in charts and graphs on javascript-enabled
-   browsers.
- - The statistics channel can now provide data in JSON
-   format as well as XML.
- - New stats counters track TCP and UDP queries received
-   per zone, and EDNS options received in total.
- - The internal and export versions of the BIND libraries
-   (libisc, libdns, etc) have been unified so that external
-   library clients can use the same libraries as BIND itself.
- - A new compile-time option, "configure --enable-native-pkcs11",
-   allows BIND 9 cryptography functions to use the PKCS#11 API
-   natively, so that BIND can drive a cryptographic hardware
-   service module (HSM) directly instead of using a modified
-   OpenSSL as an intermediary. (Note: This feature requires an
-   HSM to have a full implementation of the PKCS#11 API; many
-   current HSMs only have partial implementations. The new
-   "pkcs11-tokens" command can be used to check API completeness.
-   Native PKCS#11 is known to work with the Thales nShield HSM
-   and with SoftHSM version 2 from the Open DNSSEC project.)
- - The new "max-zone-ttl" option enforces maximum TTLs for
-   zones. This can simplify the process of rolling DNSSEC keys
-   by guaranteeing that cached signatures will have expired
-   within the specified amount of time.
- - "dig +subnet" sends an EDNS CLIENT-SUBNET option when
-   querying.
- - "dig +expire" sends an EDNS EXPIRE option when querying.
-   When this option is sent with an SOA query to a server
-   that supports it, it will report the expiry time of
-   a slave zone.
- - New "dnssec-coverage" tool to check DNSSEC key coverage
-   for a zone and report if a lapse in signing coverage has
-   been inadvertently scheduled.
- - Signing algorithm flexibility and other improvements
-   for the "rndc" control channel.
- - "named-checkzone" and "named-compilezone" can now read
-   journal files, allowing them to process dynamic zones.
- - Multiple DLZ databases can now be configured.  Individual
-   zones can be configured to be served from a specific DLZ
-   database.  DLZ databases now serve zones of type "master"
-   and "redirect".
- - "rndc zonestatus" reports information about a specified zone.
- - "named" now listens on IPv6 as well as IPv4 interfaces
-   by default.
- - "named" now preserves the capitalization of names
-   when responding to queries: for instance, a query for
-   "example.com" may be answered with "example.COM" if the
-   name was configured that way in the zone file.  Some
-   clients have a bug causing them to depend on the older
-   behavior, in which the case of the answer always matched
-   the case of the query, rather than the case of the name
-   configured in the DNS.  Such clients can now be specified
-   in the new "no-case-compress" ACL; this will restore the
-   older behavior of "named" for those clients only.
- - new "dnssec-importkey" command allows the use of offline
-   DNSSEC keys with automatic DNSKEY management.
- - New "named-rrchecker" tool to verify the syntactic
-   correctness of individual resource records.
- - When re-signing a zone, the new "dnssec-signzone -Q" option
-   drops signatures from keys that are still published but are
-   no longer active.
- - "named-checkconf -px" will print the contents of configuration
-   files with the shared secrets obscured, making it easier to
-   share configuration (e.g. when submitting a bug report)
-   without revealing private information.
- - "rndc scan" causes named to re-scan network interfaces for
-   changes in local addresses.
- - On operating systems with support for routing sockets,
-   network interfaces are re-scanned automatically whenever
-   they change.
- - "tsig-keygen" is now available as an alternate command
-   name to use for "ddns-confgen".
-
-#### BIND 9.9.0
-
-BIND 9.9.0 includes a number of changes from BIND 9.8 and earlier
-releases.  New features include:
-
-- Inline signing, allowing automatic DNSSEC signing of
-  master zones without modification of the zonefile, or
-  "bump in the wire" signing in slaves.
-- NXDOMAIN redirection.
-- New 'rndc flushtree' command clears all data under a given
-  name from the DNS cache.
-- New 'rndc sync' command dumps pending changes in a dynamic
-  zone to disk without a freeze/thaw cycle.
-- New 'rndc signing' command displays or clears signing status
-  records in 'auto-dnssec' zones.
-- NSEC3 parameters for 'auto-dnssec' zones can now be set prior
-  to signing, eliminating the need to initially sign with NSEC.
-- Startup time improvements on large authoritative servers.
-- Slave zones are now saved in raw format by default.
-- Several improvements to response policy zones (RPZ).
-- Improved hardware scalability by using multiple threads
-  to listen for queries and using finer-grained client locking
-- The 'also-notify' option now takes the same syntax as
-  'masters', so it can used named masterlists and TSIG keys.
-- 'dnssec-signzone -D' writes an output file containing only DNSSEC
-  data, which can be included by the primary zone file.
-- 'dnssec-signzone -R' forces removal of signatures that are
-  not expired but were created by a key which no longer exists.
-- 'dnssec-signzone -X' allows a separate expiration date to
-  be specified for DNSKEY signatures from other signatures.
-- New '-L' option to dnssec-keygen, dnssec-settime, and
-  dnssec-keyfromlabel sets the default TTL for the key.
-- dnssec-dsfromkey now supports reading from standard input,
-  to make it easier to convert DNSKEY to DS.
-- RFC 1918 reverse zones have been added to the empty-zones
-  table per RFC 6303.
-- Dynamic updates can now optionally set the zone's SOA serial
-  number to the current UNIX time.
-- DLZ modules can now retrieve the source IP address of
-  the querying client.
-- 'request-ixfr' option can now be set at the per-zone level.
-- 'dig +rrcomments' turns on comments about DNSKEY records,
-  indicating their key ID, algorithm and function
-- Simplified nsupdate syntax and added readline support
-
-#### BIND 9.8.0
-
-BIND 9.8.0 includes a number of changes from BIND 9.7 and earlier
-releases.  New features include:
-
-- Built-in trust anchor for the root zone, which can be
-  switched on via "dnssec-validation auto;"
-- Support for DNS64.
-- Support for response policy zones (RPZ).
-- Support for writable DLZ zones.
-- Improved ease of configuration of GSS/TSIG for
-  interoperability with Active Directory
-- Support for GOST signing algorithm for DNSSEC.
-- Removed RTT Banding from server selection algorithm.
-- New "static-stub" zone type.
-- Allow configuration of resolver timeouts via
-  "resolver-query-timeout" option.
-- The DLZ "dlopen" driver is now built by default.
-- Added a new include file with function typedefs
-  for the DLZ "dlopen" driver.
-- Made "--with-gssapi" default.
-- More verbose error reporting from DLZ LDAP.
-
-#### BIND 9.7.0
-
-BIND 9.7.0 includes a number of changes from BIND 9.6 and earlier
-releases.  Most are intended to simplify DNSSEC configuration.
-New features include:
-
-- Fully automatic signing of zones by "named".
-- Simplified configuration of DNSSEC Lookaside Validation (DLV).
-- Simplified configuration of Dynamic DNS, using the "ddns-confgen"
-  command line tool or the "local" update-policy option.  (As a side
-  effect, this also makes it easier to configure automatic zone
-  re-signing.)
-- New named option "attach-cache" that allows multiple views to
-  share a single cache.
-- DNS rebinding attack prevention.
-- New default values for dnssec-keygen parameters.
-- Support for RFC 5011 automated trust anchor maintenance
-- Smart signing: simplified tools for zone signing and key
-  maintenance.
-- The "statistics-channels" option is now available on Windows.
-- A new DNSSEC-aware libdns API for use by non-BIND9 applications
-- On some platforms, named and other binaries can now print out
-  a stack backtrace on assertion failure, to aid in debugging.
-- A "tools only" installation mode on Windows, which only installs
-  dig, host, nslookup and nsupdate.
-- Improved PKCS#11 support, including Keyper support and explicit
-  OpenSSL engine selection.
-
-#### BIND 9.6.0
-
-- Full NSEC3 support
-- Automatic zone re-signing
-- New update-policy methods tcp-self and 6to4-self
-- The BIND 8 resolver library, libbind, has been removed from the BIND 9
-  distribution and is now available as a separate download.
-- Change the default pid file location from /var/run to
-  /var/run/{named,lwresd} for improved chroot/setuid support.
-
-#### BIND 9.5.0
-
-- GSS-TSIG support (RFC 3645).
-- DHCID support.
-- Experimental http server and statistics support for named via xml.
-- More detailed statistics counters including those supported in BIND 8.
-- Faster ACL processing.
-- Use Doxygen to generate internal documentation.
-- Efficient LRU cache-cleaning mechanism.
-- NSID support.
-
-BIND 9.4.0
-
-- Implemented "additional section caching (or acache)", an internal cache
-  framework for additional section content to improve response performance.
-  Several configuration options were provided to control the behavior.
-- New notify type 'master-only'.  Enable notify for master zones only.
-- Accept 'notify-source' style syntax for query-source.
-- rndc now allows addresses to be set in the server clauses.
-- New option "allow-query-cache".  This lets "allow-query" be used to
-  specify the default zone access level rather than having to have every
-  zone override the global value.  "allow-query-cache" can be set at both
-  the options and view levels.  If "allow-query-cache" is not set then
-  "allow-recursion" is used if set, otherwise "allow-query" is used if set
-  unless "recursion no;" is set in which case "none;" is used, otherwise
-  the default (localhost; localnets;) is used.
-- rndc: the source address can now be specified.
-- ixfr-from-differences now takes master and slave in addition to yes and
-  no at the options and view levels.
-- Allow the journal's name to be changed via named.conf.
-- 'rndc notify zone [class [view]]' resend the NOTIFY messages for the
-  specified zone.
-- 'dig +trace' now randomly selects the next servers to try.  Report if
-  there is a bad delegation.
-- Improve check-names error messages.
-- Make public the function to read a key file, dst_key_read_public().
-- dig now returns the byte count for axfr/ixfr.
-- allow-update is now settable at the options / view level.
-- named-checkconf now checks the logging configuration.
-- host now can turn on memory debugging flags with '-m'.
-- Don't send notify messages to self.
-- Perform sanity checks on NS records which refer to 'in zone' names.
-- New zone option "notify-delay".  Specify a minimum delay between sets of
-  NOTIFY messages.
-- Extend adjusting TTL warning messages.
-- Named and named-checkzone can now both check for non-terminal wildcard
-  records.
-- "rndc freeze/thaw" now freezes/thaws all zones.
-- named-checkconf now check acls to verify that they only refer to existing
-  acls.
-- The server syntax has been extended to support a range of servers.
-- Report differences between hints and real NS rrset and associated address
-  records.
-- Preserve the case of domain names in rdata during zone transfers.
-- Restructured the data locking framework using architecture dependent
-  atomic operations (when available), improving response performance on
-  multi-processor machines significantly.  x86, x86_64, alpha, powerpc, and
-  mips are currently supported.
-- UNIX domain controls are now supported.
-- Add support for additional zone file formats for improving loading
-  performance.  The masterfile-format option in named.conf can be used to
-  specify a non-default format.  A separate command named-compilezone was
-  provided to generate zone files in the new format.  Additionally, the -I
-  and -O options for dnssec-signzone specify the input and output formats.
-- dnssec-signzone can now randomize signature end times (dnssec-signzone -j
-  jitter).
-- Add support for CH A record.
-- Add additional zone data constancy checks.  named-checkzone has extended
-  checking of NS, MX and SRV record and the hosts they reference.  named
-  has extended post zone load checks.  New zone options: check-mx and
-  integrity-check.
-- edns-udp-size can now be overridden on a per server basis.
-- dig can now specify the EDNS version when making a query.
-- Added framework for handling multiple EDNS versions.
-- Additional memory debugging support to track size and mctx arguments.
-- Detect duplicates of UDP queries we are recursing on and drop them.  New
-  stats category "duplicates".
-- "USE INTERNAL MALLOC" is now runtime selectable.
-- The lame cache is now done on a <qname,qclass,qtype> basis as some
-  servers only appear to be lame for certain query types.
-- Limit the number of recursive clients that can be waiting for a single
-  query (<qname,qtype,qclass>) to resolve.  New options clients-per-query
-  and max-clients-per-query.
-- dig: report the number of extra bytes still left in the packet after
-  processing all the records.
-- Support for IPSECKEY rdata type.
-- Raise the UDP recieve buffer size to 32k if it is less than 32k.
-- x86 and x86_64 now have seperate atomic locking implementations.
-- named-checkconf now validates update-policy entries.
-- Attempt to make the amount of work performed in a iteration self tuning.
-  The covers nodes clean from the cache per iteration, nodes written to
-  disk when rewriting a master file and nodes destroyed per iteration when
-  destroying a zone or a cache.
-- ISC string copy API.
-- Automatic empty zone creation for D.F.IP6.ARPA and friends.  Note: RFC
-  1918 zones are not yet covered by this but are likely to be in a future
-  release.
-- New options: empty-server, empty-contact, empty-zones-enable and
-  disable-empty-zone.
-- dig now has a '-q queryname' and '+showsearch' options.
-- host/nslookup now continue (default)/fail on SERVFAIL.
-- dig now warns if 'RA' is not set in the answer when 'RD' was set in the
-  query.  host/nslookup skip servers that fail to set 'RA' when 'RD' is set
-  unless a server is explicitly set.
-- Integrate contibuted DLZ code into named.
-- Integrate contibuted IDN code from JPNIC.
-- libbind: corresponds to that from BIND 8.4.7.
-
-#### BIND 9.3.0
-
-- DNSSEC is now DS based (RFC 3658).
-- DNSSEC lookaside validation.
-- check-names is now implemented.
-- rrset-order is more complete.
-- IPv4/IPv6 transition support, dual-stack-servers.
-- IXFR deltas can now be generated when loading master files,
-  ixfr-from-differences.
-- It is now possible to specify the size of a journal, max-journal-size.
-- It is now possible to define a named set of master servers to be used in
-  masters clause, masters.
-- The advertised EDNS UDP size can now be set, edns-udp-size.
-- allow-v6-synthesis has been obsoleted.
-- Zones containing MD and MF will now be rejected.
-- dig, nslookup name. now report "Not Implemented" as NOTIMP rather than
-  NOTIMPL.  This will have impact on scripts that are looking for NOTIMPL.
-- libbind: corresponds to that from BIND 8.4.5.
-
-#### BIND 9.2.0
-
-- The size of the cache can now be limited using the "max-cache-size"
-  option.
-- The server can now automatically convert RFC1886-style recursive lookup
-  requests into RFC2874-style lookups, when enabled using the new option
-  "allow-v6-synthesis".  This allows stub resolvers that support AAAA
-  records but not A6 record chains or binary labels to perform lookups in
-  domains that make use of these IPv6 DNS features.
-- Performance has been improved.
-- The man pages now use the more portable "man" macros rather than the
-  "mandoc" macros, and are installed by "make install".
-- The named.conf parser has been completely rewritten.  It now supports
-  "include" directives in more places such as inside "view" statements, and
-  it no longer has any reserved words.
-- The "rndc status" command is now implemented.
-- rndc can now be configured automatically.
-- A BIND 8 compatible stub resolver library is now included in lib/bind.
-- OpenSSL has been removed from the distribution.  This means that to use
-  DNSSEC, OpenSSL must be installed and the --with-openssl option must be
-  supplied to configure.  This does not apply to the use of TSIG, which
-  does not require OpenSSL.
-- The source distribution now builds on Windows.  See
-  win32utils/readme1.txt and win32utils/win32-build.txt for details.
-- This distribution also includes a new lightweight stub resolver library
-  and associated resolver daemon that fully support forward and reverse
-  lookups of both IPv4 and IPv6 addresses.  This library is considered
-  experimental and is not a complete replacement for the BIND 8 resolver
-  library.  Applications that use the BIND 8 `res_*` functions to perform
-  DNS lookups or dynamic updates still need to be linked against the BIND 8
-  libraries.  For DNS lookups, they can also use the new "getrrsetbyname()"
-  API.
-- BIND 9.2 is capable of acting as an authoritative server for DNSSEC
-  secured zones.  This functionality is believed to be stable and complete
-  except for lacking support for verifications involving wildcard records
-  in secure zones.
-- When acting as a caching server, BIND 9.2 can be configured to perform
-  DNSSEC secure resolution on behalf of its clients.  This part of the
-  DNSSEC implementation is still considered experimental.  For detailed
-  information about the state of the DNSSEC implementation, see the file
-  doc/misc/dnssec.

Kyuafile

@@ -1,4 +0,0 @@
-syntax(2)
-test_suite('bind9')
-
-include('lib/Kyuafile')

LICENSE

@@ -1,362 +0,0 @@
-Mozilla Public License, version 2.0
-
-1. Definitions
-
-1.1. "Contributor"
-
-     means each individual or legal entity that creates, contributes to the
-     creation of, or owns Covered Software.
-
-1.2. "Contributor Version"
-
-     means the combination of the Contributions of others (if any) used by a
-     Contributor and that particular Contributor's Contribution.
-
-1.3. "Contribution"
-
-     means Covered Software of a particular Contributor.
-
-1.4. "Covered Software"
-
-     means Source Code Form to which the initial Contributor has attached the
-     notice in Exhibit A, the Executable Form of such Source Code Form, and
-     Modifications of such Source Code Form, in each case including portions
-     thereof.
-
-1.5. "Incompatible With Secondary Licenses"
-     means
-
-     a. that the initial Contributor has attached the notice described in
-        Exhibit B to the Covered Software; or
-
-     b. that the Covered Software was made available under the terms of
-        version 1.1 or earlier of the License, but not also under the terms of
-        a Secondary License.
-
-1.6. "Executable Form"
-
-     means any form of the work other than Source Code Form.
-
-1.7. "Larger Work"
-
-     means a work that combines Covered Software with other material, in a
-     separate file or files, that is not Covered Software.
-
-1.8. "License"
-
-     means this document.
-
-1.9. "Licensable"
-
-     means having the right to grant, to the maximum extent possible, whether
-     at the time of the initial grant or subsequently, any and all of the
-     rights conveyed by this License.
-
-1.10. "Modifications"
-
-     means any of the following:
-
-     a. any file in Source Code Form that results from an addition to,
-        deletion from, or modification of the contents of Covered Software; or
-
-     b. any new file in Source Code Form that contains any Covered Software.
-
-1.11. "Patent Claims" of a Contributor
-
-      means any patent claim(s), including without limitation, method,
-      process, and apparatus claims, in any patent Licensable by such
-      Contributor that would be infringed, but for the grant of the License,
-      by the making, using, selling, offering for sale, having made, import,
-      or transfer of either its Contributions or its Contributor Version.
-
-1.12. "Secondary License"
-
-      means either the GNU General Public License, Version 2.0, the GNU Lesser
-      General Public License, Version 2.1, the GNU Affero General Public
-      License, Version 3.0, or any later versions of those licenses.
-
-1.13. "Source Code Form"
-
-      means the form of the work preferred for making modifications.
-
-1.14. "You" (or "Your")
-
-      means an individual or a legal entity exercising rights under this
-      License. For legal entities, "You" includes any entity that controls, is
-      controlled by, or is under common control with You. For purposes of this
-      definition, "control" means (a) the power, direct or indirect, to cause
-      the direction or management of such entity, whether by contract or
-      otherwise, or (b) ownership of more than fifty percent (50%) of the
-      outstanding shares or beneficial ownership of such entity.
-
-
-2. License Grants and Conditions
-
-2.1. Grants
-
-     Each Contributor hereby grants You a world-wide, royalty-free,
-     non-exclusive license:
-
-     a. under intellectual property rights (other than patent or trademark)
-        Licensable by such Contributor to use, reproduce, make available,
-        modify, display, perform, distribute, and otherwise exploit its
-        Contributions, either on an unmodified basis, with Modifications, or
-        as part of a Larger Work; and
-
-     b. under Patent Claims of such Contributor to make, use, sell, offer for
-        sale, have made, import, and otherwise transfer either its
-        Contributions or its Contributor Version.
-
-2.2. Effective Date
-
-     The licenses granted in Section 2.1 with respect to any Contribution
-     become effective for each Contribution on the date the Contributor first
-     distributes such Contribution.
-
-2.3. Limitations on Grant Scope
-
-     The licenses granted in this Section 2 are the only rights granted under
-     this License. No additional rights or licenses will be implied from the
-     distribution or licensing of Covered Software under this License.
-     Notwithstanding Section 2.1(b) above, no patent license is granted by a
-     Contributor:
-
-     a. for any code that a Contributor has removed from Covered Software; or
-
-     b. for infringements caused by: (i) Your and any other third party's
-        modifications of Covered Software, or (ii) the combination of its
-        Contributions with other software (except as part of its Contributor
-        Version); or
-
-     c. under Patent Claims infringed by Covered Software in the absence of
-        its Contributions.
-
-     This License does not grant any rights in the trademarks, service marks,
-     or logos of any Contributor (except as may be necessary to comply with
-     the notice requirements in Section 3.4).
-
-2.4. Subsequent Licenses
-
-     No Contributor makes additional grants as a result of Your choice to
-     distribute the Covered Software under a subsequent version of this
-     License (see Section 10.2) or under the terms of a Secondary License (if
-     permitted under the terms of Section 3.3).
-
-2.5. Representation
-
-     Each Contributor represents that the Contributor believes its
-     Contributions are its original creation(s) or it has sufficient rights to
-     grant the rights to its Contributions conveyed by this License.
-
-2.6. Fair Use
-
-     This License is not intended to limit any rights You have under
-     applicable copyright doctrines of fair use, fair dealing, or other
-     equivalents.
-
-2.7. Conditions
-
-     Sections 3.1, 3.2, 3.3, and 3.4 are conditions of the licenses granted in
-     Section 2.1.
-
-
-3. Responsibilities
-
-3.1. Distribution of Source Form
-
-     All distribution of Covered Software in Source Code Form, including any
-     Modifications that You create or to which You contribute, must be under
-     the terms of this License. You must inform recipients that the Source
-     Code Form of the Covered Software is governed by the terms of this
-     License, and how they can obtain a copy of this License. You may not
-     attempt to alter or restrict the recipients' rights in the Source Code
-     Form.
-
-3.2. Distribution of Executable Form
-
-     If You distribute Covered Software in Executable Form then:
-
-     a. such Covered Software must also be made available in Source Code Form,
-        as described in Section 3.1, and You must inform recipients of the
-        Executable Form how they can obtain a copy of such Source Code Form by
-        reasonable means in a timely manner, at a charge no more than the cost
-        of distribution to the recipient; and
-
-     b. You may distribute such Executable Form under the terms of this
-        License, or sublicense it under different terms, provided that the
-        license for the Executable Form does not attempt to limit or alter the
-        recipients' rights in the Source Code Form under this License.
-
-3.3. Distribution of a Larger Work
-
-     You may create and distribute a Larger Work under terms of Your choice,
-     provided that You also comply with the requirements of this License for
-     the Covered Software. If the Larger Work is a combination of Covered
-     Software with a work governed by one or more Secondary Licenses, and the
-     Covered Software is not Incompatible With Secondary Licenses, this
-     License permits You to additionally distribute such Covered Software
-     under the terms of such Secondary License(s), so that the recipient of
-     the Larger Work may, at their option, further distribute the Covered
-     Software under the terms of either this License or such Secondary
-     License(s).
-
-3.4. Notices
-
-     You may not remove or alter the substance of any license notices
-     (including copyright notices, patent notices, disclaimers of warranty, or
-     limitations of liability) contained within the Source Code Form of the
-     Covered Software, except that You may alter any license notices to the
-     extent required to remedy known factual inaccuracies.
-
-3.5. Application of Additional Terms
-
-     You may choose to offer, and to charge a fee for, warranty, support,
-     indemnity or liability obligations to one or more recipients of Covered
-     Software. However, You may do so only on Your own behalf, and not on
-     behalf of any Contributor. You must make it absolutely clear that any
-     such warranty, support, indemnity, or liability obligation is offered by
-     You alone, and You hereby agree to indemnify every Contributor for any
-     liability incurred by such Contributor as a result of warranty, support,
-     indemnity or liability terms You offer. You may include additional
-     disclaimers of warranty and limitations of liability specific to any
-     jurisdiction.
-
-4. Inability to Comply Due to Statute or Regulation
-
-   If it is impossible for You to comply with any of the terms of this License
-   with respect to some or all of the Covered Software due to statute,
-   judicial order, or regulation then You must: (a) comply with the terms of
-   this License to the maximum extent possible; and (b) describe the
-   limitations and the code they affect. Such description must be placed in a
-   text file included with all distributions of the Covered Software under
-   this License. Except to the extent prohibited by statute or regulation,
-   such description must be sufficiently detailed for a recipient of ordinary
-   skill to be able to understand it.
-
-5. Termination
-
-5.1. The rights granted under this License will terminate automatically if You
-     fail to comply with any of its terms. However, if You become compliant,
-     then the rights granted under this License from a particular Contributor
-     are reinstated (a) provisionally, unless and until such Contributor
-     explicitly and finally terminates Your grants, and (b) on an ongoing
-     basis, if such Contributor fails to notify You of the non-compliance by
-     some reasonable means prior to 60 days after You have come back into
-     compliance. Moreover, Your grants from a particular Contributor are
-     reinstated on an ongoing basis if such Contributor notifies You of the
-     non-compliance by some reasonable means, this is the first time You have
-     received notice of non-compliance with this License from such
-     Contributor, and You become compliant prior to 30 days after Your receipt
-     of the notice.
-
-5.2. If You initiate litigation against any entity by asserting a patent
-     infringement claim (excluding declaratory judgment actions,
-     counter-claims, and cross-claims) alleging that a Contributor Version
-     directly or indirectly infringes any patent, then the rights granted to
-     You by any and all Contributors for the Covered Software under Section
-     2.1 of this License shall terminate.
-
-5.3. In the event of termination under Sections 5.1 or 5.2 above, all end user
-     license agreements (excluding distributors and resellers) which have been
-     validly granted by You or Your distributors under this License prior to
-     termination shall survive termination.
-
-6. Disclaimer of Warranty
-
-   Covered Software is provided under this License on an "as is" basis,
-   without warranty of any kind, either expressed, implied, or statutory,
-   including, without limitation, warranties that the Covered Software is free
-   of defects, merchantable, fit for a particular purpose or non-infringing.
-   The entire risk as to the quality and performance of the Covered Software
-   is with You. Should any Covered Software prove defective in any respect,
-   You (not any Contributor) assume the cost of any necessary servicing,
-   repair, or correction. This disclaimer of warranty constitutes an essential
-   part of this License. No use of  any Covered Software is authorized under
-   this License except under this disclaimer.
-
-7. Limitation of Liability
-
-   Under no circumstances and under no legal theory, whether tort (including
-   negligence), contract, or otherwise, shall any Contributor, or anyone who
-   distributes Covered Software as permitted above, be liable to You for any
-   direct, indirect, special, incidental, or consequential damages of any
-   character including, without limitation, damages for lost profits, loss of
-   goodwill, work stoppage, computer failure or malfunction, or any and all
-   other commercial damages or losses, even if such party shall have been
-   informed of the possibility of such damages. This limitation of liability
-   shall not apply to liability for death or personal injury resulting from
-   such party's negligence to the extent applicable law prohibits such
-   limitation. Some jurisdictions do not allow the exclusion or limitation of
-   incidental or consequential damages, so this exclusion and limitation may
-   not apply to You.
-
-8. Litigation
-
-   Any litigation relating to this License may be brought only in the courts
-   of a jurisdiction where the defendant maintains its principal place of
-   business and such litigation shall be governed by laws of that
-   jurisdiction, without reference to its conflict-of-law provisions. Nothing
-   in this Section shall prevent a party's ability to bring cross-claims or
-   counter-claims.
-
-9. Miscellaneous
-
-   This License represents the complete agreement concerning the subject
-   matter hereof. If any provision of this License is held to be
-   unenforceable, such provision shall be reformed only to the extent
-   necessary to make it enforceable. Any law or regulation which provides that
-   the language of a contract shall be construed against the drafter shall not
-   be used to construe this License against a Contributor.
-
-
-10. Versions of the License
-
-10.1. New Versions
-
-      Mozilla Foundation is the license steward. Except as provided in Section
-      10.3, no one other than the license steward has the right to modify or
-      publish new versions of this License. Each version will be given a
-      distinguishing version number.
-
-10.2. Effect of New Versions
-
-      You may distribute the Covered Software under the terms of the version
-      of the License under which You originally received the Covered Software,
-      or under the terms of any subsequent version published by the license
-      steward.
-
-10.3. Modified Versions
-
-      If you create software not governed by this License, and you want to
-      create a new license for such software, you may create and use a
-      modified version of this License if you rename the license and remove
-      any references to the name of the license steward (except to note that
-      such modified license differs from this License).
-
-10.4. Distributing Source Code Form that is Incompatible With Secondary
-      Licenses If You choose to distribute Source Code Form that is
-      Incompatible With Secondary Licenses under the terms of this version of
-      the License, the notice described in Exhibit B of this License must be
-      attached.
-
-Exhibit A - Source Code Form License Notice
-
-      This Source Code Form is subject to the
-      terms of the Mozilla Public License, v.
-      2.0. If a copy of the MPL was not
-      distributed with this file, You can
-      obtain one at
-      http://mozilla.org/MPL/2.0/.
-
-If it is not possible or desirable to put the notice in a particular file,
-then You may include the notice in a location (such as a LICENSE file in a
-relevant directory) where a recipient would be likely to look for such a
-notice.
-
-You may add additional accurate notices of copyright ownership.
-
-Exhibit B - "Incompatible With Secondary Licenses" Notice
-
-      This Source Code Form is "Incompatible
-      With Secondary Licenses", as defined by
-      the Mozilla Public License, v. 2.0.

Makefile.in

@@ -1,127 +1,50 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
+# Copyright (C) 1998, 1999  Internet Software Consortium.
+# 
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+# SOFTWARE.
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
-top_builddir =  @top_builddir@
 
-VERSION=@BIND9_VERSION@
+@BIND9_VERSION@
 
-SUBDIRS =	make lib fuzz bin doc
+SUBDIRS =	make lib bin
 TARGETS =
-PREREQS =	bind.keys.h
-
-MANPAGES =	isc-config.sh.1
-
-HTMLPAGES =	isc-config.sh.html
-
-MANOBJS =	README HISTORY OPTIONS CONTRIBUTING PLATFORMS \
-		${MANPAGES} ${HTMLPAGES}
+DISTFILES =	Makefile.in README \
+		acconfig.h aclocal.m4 config.h.in configure.in \
+		config.sub config.guess install-sh configure \
+		ltconfig ltmain.sh \
+		bin lib make \
+		version 
 
 @BIND9_MAKE_RULES@
 
-newrr:
-	cd lib/dns; ${MAKE} newrr
-
-bind.keys.h: ${top_srcdir}/bind.keys ${srcdir}/util/bindkeys.pl
-	${PERL} ${srcdir}/util/bindkeys.pl < ${top_srcdir}/bind.keys > $@
-
 distclean::
-	rm -f config.cache config.h config.log config.status TAGS
-	rm -f libtool isc-config.sh configure.lineno
-	rm -f util/conf.sh docutil/docbook2man-wrapper.sh
+	rm -f config.cache config.h config.log config.status libtool TAGS
 
-# XXX we should clean libtool stuff too.  Only do this after we add rules
-# to make it.
-maintainer-clean::
-	rm -f configure
-	rm -f bind.keys.h
+cleandir: distclean
 
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
+kit: kitclean
+	mkdir bind-${VERSION}
+	@(cd bind-${VERSION}; for i in ${DISTFILES}; do ln -s ../$$i $$i; done)
+	gtar -c -v -z -h --exclude '*CVS*' -f bind-${VERSION}.tar.gz \
+		bind-${VERSION}
+	rm -rf bind-${VERSION}
 
-doc man:: ${MANOBJS}
-
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir} \
-	${DESTDIR}${localstatedir}/run ${DESTDIR}${sysconfdir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
-
-install:: isc-config.sh installdirs
-	${INSTALL_SCRIPT} isc-config.sh ${DESTDIR}${bindir}
-	rm -f ${DESTDIR}${bindir}/bind9-config
-	@LN@ ${DESTDIR}${bindir}/isc-config.sh ${DESTDIR}${bindir}/bind9-config
-	${INSTALL_DATA} ${top_srcdir}/isc-config.sh.1 ${DESTDIR}${mandir}/man1
-	rm -f ${DESTDIR}${mandir}/man1/bind9-config.1
-	@LN@ ${DESTDIR}${mandir}/man1/isc-config.sh.1 ${DESTDIR}${mandir}/man1/bind9-config.1
-	${INSTALL_DATA} ${top_srcdir}/bind.keys ${DESTDIR}${sysconfdir}
-
-uninstall::
-	rm -f ${DESTDIR}${sysconfdir}/bind.keys
-	rm -f ${DESTDIR}${mandir}/man1/bind9-config.1
-	rm -f ${DESTDIR}${mandir}/man1/isc-config.sh.1
-	rm -f ${DESTDIR}${bindir}/bind9-config
-	rm -f ${DESTDIR}${bindir}/isc-config.sh
+kitclean: distclean
+	rm -rf bind-${VERSION}
 
 tags:
 	rm -f TAGS
-	find lib bin -name "*.[ch]" -print | @ETAGS@ -
-
-test check:
-	@if test -n "`${PERL} ${top_srcdir}/bin/tests/system/testsock.pl 2>/dev/null || echo fail`"; then \
-	echo I: NOTE: The tests were not run because they require that; \
-	echo I:	the IP addresses 10.53.0.1 through 10.53.0.8 are configured; \
-	echo I:	as alias addresses on the loopback interface.  Please run; \
-	echo I:	\'bin/tests/system/ifconfig.sh up\' as root to configure; \
-	echo I:	them, then rerun the tests. Run make force-test to run the; \
-	echo I:	tests anyway.; \
-	exit 1; \
-	fi
-	${MAKE} test-force
-
-force-test: test-force
-
-test-force:
-	status=0; \
-	(cd fuzz && ${MAKE} check) || status=1; \
-	(cd bin/tests && ${MAKE} ${MAKEDEFS} test) || status=1; \
-	(test -f ${top_builddir}/unit/unittest.sh && \
-		$(SHELL) ${top_builddir}/unit/unittest.sh) || status=1; \
-	exit $$status
-
-README: README.md
-	${PANDOC} --email-obfuscation=none -s -t html README.md | \
-		${W3M} -dump -cols 75 -O ascii -T text/html | \
-		sed -e '$${/^$$/d;}' > $@
-
-HISTORY: HISTORY.md
-	${PANDOC} --email-obfuscation=none -s -t html HISTORY.md | \
-		${W3M} -dump -cols 75 -O ascii -T text/html | \
-		sed -e '$${/^$$/d;}' > $@
-
-OPTIONS: OPTIONS.md
-	${PANDOC} --email-obfuscation=none -s -t html OPTIONS.md | \
-		${W3M} -dump -cols 75 -O ascii -T text/html | \
-		sed -e '$${/^$$/d;}' > $@
-
-CONTRIBUTING: CONTRIBUTING.md
-	${PANDOC} --email-obfuscation=none -s -t html CONTRIBUTING.md | \
-		${W3M} -dump -cols 75 -O ascii -T text/html | \
-		sed -e '$${/^$$/d;}' > $@
-
-PLATFORMS: PLATFORMS.md
-	${PANDOC} --email-obfuscation=none -s -t html PLATFORMS.md | \
-		${W3M} -dump -cols 75 -O ascii -T text/html | \
-		sed -e '$${/^$$/d;}' > $@
-
-unit::
-	sh ${top_builddir}/unit/unittest.sh
-
-clean::
+	find lib bin -name "*.[ch]" -print | etags -

OPTIONS

@@ -1,26 +0,0 @@
-Setting the STD_CDEFINES environment variable before running configure can
-be used to enable certain compile-time options that are not explicitly
-defined in configure.
-
-Some of these settings are:
-
-Setting                   Description
-                          Overwrite memory with tag values when allocating
--DISC_MEM_DEFAULTFILL=1   or freeing it; this impairs performance but
-                          makes debugging of memory problems easier.
-                          Don't track memory allocations by file and line
--DISC_MEM_TRACKLINES=0    number; this improves performance but makes
-                          debugging more difficult.
--DISC_FACILITY=LOG_LOCAL0 Change the default syslog facility for named
--DNS_CLIENT_DROPPORT=0    Disable dropping queries from particular
-                          well-known ports:
--DCHECK_SIBLING=0         Don't check sibling glue in named-checkzone
--DCHECK_LOCAL=0           Don't check out-of-zone addresses in
-                          named-checkzone
--DNS_RUN_PID_DIR=0        Create default PID files in ${localstatedir}/run
-                          rather than ${localstatedir}/run/named/
-                          Disable the use of inline functions to implement
--DISC_BUFFER_USEINLINE=0  the isc_buffer API: this reduces performance but
-                          may be useful when debugging
--DISC_HEAP_CHECK          Test heap consistency after every heap
-                          operation; used when debugging

OPTIONS.md

@@ -1,27 +0,0 @@
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-Setting the `STD_CDEFINES` environment variable before running `configure`
-can be used to enable certain compile-time options that are not explicitly
-defined in `configure`.
-
-Some of these settings are:
-
-|Setting                            |Description |
-|-----------------------------------|----------------------------------------|
-|`-DISC_MEM_DEFAULTFILL=1`|Overwrite memory with tag values when allocating or freeing it; this impairs performance but makes debugging of memory problems easier.|
-|`-DISC_MEM_TRACKLINES=0`|Don't track memory allocations by file and line number; this improves performance but makes debugging more difficult.|
-|<nobr>`-DISC_FACILITY=LOG_LOCAL0`</nobr>|Change the default syslog facility for `named`|
-|`-DNS_CLIENT_DROPPORT=0`|Disable dropping queries from particular well-known ports:|
-|`-DCHECK_SIBLING=0`|Don't check sibling glue in `named-checkzone`|
-|`-DCHECK_LOCAL=0`|Don't check out-of-zone addresses in `named-checkzone`|
-|`-DNS_RUN_PID_DIR=0`|Create default PID files in `${localstatedir}/run` rather than `${localstatedir}/run/named/`|
-|`-DISC_BUFFER_USEINLINE=0`|Disable the use of inline functions to implement the `isc_buffer` API: this reduces performance but may be useful when debugging |
-|`-DISC_HEAP_CHECK`|Test heap consistency after every heap operation; used when debugging|

PLATFORMS

@@ -1,89 +0,0 @@
-Supported platforms
-
-In general, this version of BIND will build and run on any POSIX-compliant
-system with a C99-compliant C compiler, BSD-style sockets with
-RFC-compliant IPv6 support, POSIX-compliant threads, and the OpenSSL
-cryptography library. Atomic operations support from the compiler is
-needed, either in the form of builtin operations, C11 atomics or the
-Interlocked family of functions on Windows.
-
-ISC regularly tests BIND on many operating systems and architectures, but
-lacks the resources to test all of them. Consequently, ISC is only able to
-offer support on a "best effort" basis for some.
-
-Regularly tested platforms
-
-As of May 2018, BIND 9.13 is tested on the following systems:
-
-  * Debian 8, 9
-  * Ubuntu 16.04, 18.04
-  * Fedora 27, 28
-  * Red Hat/CentOS 6, 7
-  * FreeBSD 10.x, 11.x
-  * OpenBSD 6.3
-
-The amd64, i386, armhf and arm64 CPU architectures are all fully
-supported.
-
-Best effort
-
-The following are platforms on which BIND is known to build and run, but
-on which it is not routinely tested. ISC makes every effort to fix bugs on
-these platforms, but may be unable to do so quickly due to lack of
-hardware, less familiarity on the part of engineering staff, and other
-constraints.
-
-  * Windows 10 / x64
-  * Windows Server 2012 R2, 2016 / x64
-  * macOS 10.12+
-  * Solaris 10
-  * FreeBSD 12+
-  * OpenBSD 6.2
-  * NetBSD
-  * Older or less popular Linux distributions still supported by their
-    vendors, such as:
-      + Ubuntu 14.04, 18.10+
-      + Gentoo
-      + ArchLinux
-      + Alpine Linux
-  * OpenWRT/LEDE 17.0
-  * Other CPU architectures (mips, mipsel, sparc, ...)
-
-Unsupported platforms
-
-These are platforms on which BIND is known not to build or run:
-
-  * Platforms without at least OpenSSL 1.0.2
-  * Windows 10 / x86
-  * Windows Server 2012 and older
-  * Platforms that don't support IPv6 Advanced Socket API (RFC 3542)
-  * Platforms that don't support atomic operations (via compiler or
-    library)
-  * Linux without NPTL (Native POSIX Thread Library)
-
-Platform quirks
-
-ARM
-
-If the compilation ends with following error:
-
-Error: selected processor does not support `yield' in ARM mode
-
-You will need to set -march compiler option to native, so the compiler
-recognizes yield assembler instruction. The proper way to set -march=
-native would be to put it into CFLAGS, e.g. run ./configure like this:
-CFLAGS="-march=native -Os -g" ./configure plus your usual options.
-
-If that doesn't work, you can enforce the minimum CPU and FPU (taken from
-Debian armhf documentation):
-
-  * The lowest worthwhile CPU implementation is Armv7-A, therefore the
-    recommended build option is -march=armv7-a.
-
-  * FPU should be set at VFPv3-D16 as they represent the miminum
-    specification of the processors to support here, therefore the
-    recommended build option is -mfpu=vfpv3-d16.
-
-The configure command should look like this:
-
-CFLAGS="-march=armv7-a -mfpu=vfpv3-d16 -Os -g" ./configure

PLATFORMS.md

@@ -1,100 +0,0 @@
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-## Supported platforms
-
-In general, this version of BIND will build and run on any POSIX-compliant
-system with a C99-compliant C compiler, BSD-style sockets with RFC-compliant
-IPv6 support, POSIX-compliant threads, and the OpenSSL cryptography library.
-Atomic operations support from the compiler is needed, either in the form of
-builtin operations, C11 atomics or the Interlocked family of functions on
-Windows.
-
-ISC regularly tests BIND on many operating systems and architectures, but
-lacks the resources to test all of them. Consequently, ISC is only able to
-offer support on a "best effort" basis for some.
-
-### Regularly tested platforms
-
-As of May 2018, BIND 9.13 is tested on the following systems:
-
-* Debian 8, 9
-* Ubuntu 16.04, 18.04
-* Fedora 27, 28
-* Red Hat/CentOS 6, 7
-* FreeBSD 10.x, 11.x
-* OpenBSD 6.3
-
-The amd64, i386, armhf and arm64 CPU architectures are all fully supported.
-
-### Best effort
-
-The following are platforms on which BIND is known to build and run,
-but on which it is not routinely tested. ISC makes every effort to fix bugs
-on these platforms, but may be unable to do so quickly due to lack of
-hardware, less familiarity on the part of engineering staff, and other
-constraints.
-
-* Windows 10 / x64
-* Windows Server 2012 R2, 2016 / x64
-* macOS 10.12+
-* Solaris 10
-* FreeBSD 12+
-* OpenBSD 6.2
-* NetBSD
-* Older or less popular Linux distributions still supported by their vendors, such as:
-    * Ubuntu 14.04, 18.10+
-    * Gentoo
-    * ArchLinux
-    * Alpine Linux
-* OpenWRT/LEDE 17.0
-* Other CPU architectures (mips, mipsel, sparc, ...)
-
-## Unsupported platforms
-
-These are platforms on which BIND is known *not* to build or run:
-
-* Platforms without at least OpenSSL 1.0.2
-* Windows 10 / x86
-* Windows Server 2012 and older
-* Platforms that don't support IPv6 Advanced Socket API (RFC 3542)
-* Platforms that don't support atomic operations (via compiler or library)
-* Linux without NPTL (Native POSIX Thread Library)
-
-## Platform quirks
-
-### ARM
-
-If the compilation ends with following error:
-
-```
-Error: selected processor does not support `yield' in ARM mode
-```
-
-You will need to set `-march` compiler option to `native`, so the compiler
-recognizes `yield` assembler instruction.  The proper way to set `-march=native`
-would be to put it into `CFLAGS`, e.g. run `./configure` like this:
-`CFLAGS="-march=native -Os -g" ./configure` plus your usual options.
-
-If that doesn't work, you can enforce the minimum CPU and FPU (taken from Debian
-armhf documentation):
-
-* The lowest worthwhile CPU implementation is Armv7-A, therefore the recommended
-  build option is `-march=armv7-a`.
-
-* FPU should be set at VFPv3-D16 as they represent the miminum specification of
-  the processors to support here, therefore the recommended build option is
-  `-mfpu=vfpv3-d16`.
-
-The configure command should look like this:
-
-```
-CFLAGS="-march=armv7-a -mfpu=vfpv3-d16 -Os -g" ./configure
-```

README

@@ -1,371 +1,85 @@
-BIND 9
-
-Contents
-
- 1. Introduction
- 2. Reporting bugs and getting help
- 3. Contributing to BIND
- 4. BIND 9.13 features
- 5. Building BIND
- 6. macOS
- 7. Compile-time options
- 8. Automated testing
- 9. Documentation
-10. Change log
-11. Acknowledgments
-
-Introduction
-
-BIND (Berkeley Internet Name Domain) is a complete, highly portable
-implementation of the DNS (Domain Name System) protocol.
-
-The BIND name server, named, is able to serve as an authoritative name
-server, recursive resolver, DNS forwarder, or all three simultaneously. It
-implements views for split-horizon DNS, automatic DNSSEC zone signing and
-key management, catalog zones to facilitate provisioning of zone data
-throughout a name server constellation, response policy zones (RPZ) to
-protect clients from malicious data, response rate limiting (RRL) and
-recursive query limits to reduce distributed denial of service attacks,
-and many other advanced DNS features. BIND also includes a suite of
-administrative tools, including the dig and delv DNS lookup tools,
-nsupdate for dynamic DNS zone updates, rndc for remote name server
-administration, and more.
-
-BIND 9 began as a complete re-write of the BIND architecture that was used
-in versions 4 and 8. Internet Systems Consortium (https://www.isc.org), a
-501(c)(3) public benefit corporation dedicated to providing software and
-services in support of the Internet infrastructure, developed BIND 9 and
-is responsible for its ongoing maintenance and improvement. BIND is open
-source software licenced under the terms of the Mozilla Public License,
-version 2.0.
-
-For a summary of features introduced in past major releases of BIND, see
-the file HISTORY.
-
-For a detailed list of changes made throughout the history of BIND 9, see
-the file CHANGES. See below for details on the CHANGES file format.
-
-For up-to-date release notes and errata, see http://www.isc.org/software/
-bind9/releasenotes
-
-For information about supported platforms, see PLATFORMS.
-
-Reporting bugs and getting help
-
-To report non-security-sensitive bugs or request new features, you may
-open an Issue in the BIND 9 project on the ISC GitLab server at https://
-gitlab.isc.org/isc-projects/bind9.
-
-Please note that, unless you explicitly mark the newly created Issue as
-"confidential", it will be publicly readable. Please do not include any
-information in bug reports that you consider to be confidential unless the
-issue has been marked as such. In particular, if submitting the contents
-of your configuration file in a non-confidential Issue, it is advisable to
-obscure key secrets: this can be done automatically by using
-named-checkconf -px.
-
-If the bug you are reporting is a potential security issue, such as an
-assertion failure or other crash in named, please do NOT use GitLab to
-report it. Instead, please send mail to security-officer@isc.org.
-
-Professional support and training for BIND are available from ISC at
-https://www.isc.org/support.
-
-To join the BIND Users mailing list, or view the archives, visit https://
-lists.isc.org/mailman/listinfo/bind-users.
-
-If you're planning on making changes to the BIND 9 source code, you may
-also want to join the BIND Workers mailing list, at https://lists.isc.org/
-mailman/listinfo/bind-workers.
-
-Contributing to BIND
-
-ISC maintains a public git repository for BIND; details can be found at
-http://www.isc.org/git/.
-
-Information for BIND contributors can be found in the following files: -
-General information: CONTRIBUTING.md - BIND 9 code style: doc/dev/style.md
-- BIND architecture and developer guide: doc/dev/dev.md
-
-Patches for BIND may be submitted as Merge Requests in the ISC GitLab
-server at at https://gitlab.isc.org/isc-projects/bind9/merge_requests.
-
-By default, external contributors don't have ability to fork BIND in the
-GitLab server, but if you wish to contribute code to BIND, you may request
-permission to do so. Thereafter, you can create git branches and directly
-submit requests that they be reviewed and merged.
-
-If you prefer, you may also submit code by opening a GitLab Issue and
-including your patch as an attachment, preferably generated by git
-format-patch.
-
-BIND 9.13 features
-
-BIND 9.13 is the newest development branch of BIND 9. It includes a number
-of changes from BIND 9.12 and earlier releases. New features include:
-
-  * Socket and task code has been refactored to improve performance.
-  * QNAME minimization, as described in RFC 7816, is now supported.
-  * "Root key sentinel" support, enabling validating resolvers to indicate
-    via a special query which trust anchors are configured for the root
-    zone.
-  * Secondary zones can now be configured as "mirror" zones; their
-    contents are transferred in as with traditional slave zones, but are
-    subject to DNSSEC validation and are not treated as authoritative data
-    when answering. This makes it easier to configure a local copy of the
-    root zone as described in RFC 7706.
-  * The "validate-except" option allows configuration of domains below
-    which DNSSEC validation should not be performed.
-  * The default value of "dnssec-validation" is now "auto".
-  * IDNA2008 is now supported when linking with libidn2.
-
-In addition, workarounds that were formerly in place to enable resolution
-of domains whose authoritative servers did not respond to EDNS queries
-have been removed. See https://dnsflagday.net for more details.
-
-Cryptographic support has been modernized. BIND now uses the best
-available pseudo-random number generator for the platform on which it's
-built. Very old versions of OpenSSL are no longer supported. Cryptography
-is now mandatory: building BIND without DNSSEC is now longer supported.
-
-Special code to support certain legacy operating systems has also been
-removed; see the file PLATFORMS.md for details of supported platforms. In
-addition to OpenSSL, BIND now requires support for IPv6, threads, and
-standard atomic operations provided by the C compiler.
-
-Building BIND
-
-Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
-basic POSIX support, and a 64-bit integer type. Successful builds have
-been observed on many versions of Linux and UNIX, including RedHat,
-Fedora, Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS
-X, Solaris, HP-UX, and OpenWRT.
-
-BIND requires a cryptography provider library such as OpenSSL or a
-hardware service module supporting PKCS#11. On Linux, BIND requires the
-libcap library to set process privileges, though this requirement can be
-overridden by disabling capability support at compile time. See
-Compile-time options below for details on other libraries that may be
-required to support optional features.
-
-BIND is also available for Windows 2008 and higher. See win32utils/
-readme1st.txt for details on building for Windows systems.
-
-To build on a UNIX or Linux system, use:
-
-    $ ./configure
-    $ make
-
-If you're planning on making changes to the BIND 9 source, you should run
-make depend. If you're using Emacs, you might find make tags helpful.
-
-Several environment variables that can be set before running configure
-will affect compilation:
-
-Variable       Description
-CC             The C compiler to use. configure tries to figure out the
-               right one for supported systems.
-               C compiler flags. Defaults to include -g and/or -O2 as
-CFLAGS         supported by the compiler. Please include '-g' if you need
-               to set CFLAGS.
-               System header file directories. Can be used to specify
-STD_CINCLUDES  where add-on thread or IPv6 support is, for example.
-               Defaults to empty string.
-               Any additional preprocessor symbols you want defined.
-STD_CDEFINES   Defaults to empty string. For a list of possible settings,
-               see the file OPTIONS.
-LDFLAGS        Linker flags. Defaults to empty string.
-BUILD_CC       Needed when cross-compiling: the native C compiler to use
-               when building for the target system.
-BUILD_CFLAGS   Optional, used for cross-compiling
-BUILD_CPPFLAGS
-BUILD_LDFLAGS
-BUILD_LIBS
-
-macOS
-
-Building on macOS assumes that the "Command Tools for Xcode" is installed.
-This can be downloaded from https://developer.apple.com/download/more/ or
-if you have Xcode already installed you can run "xcode-select --install".
-This will add /usr/include to the system and install the compiler and
-other tools so that they can be easily found.
-
-Compile-time options
-
-To see a full list of configuration options, run configure --help.
-
-On most platforms, BIND 9 is built with multithreading support, allowing
-it to take advantage of multiple CPUs. You can configure this by
-specifying --enable-threads or --disable-threads on the configure command
-line. The default is to enable threads, except on some older operating
-systems on which threads are known to have had problems in the past.
-(Note: Prior to BIND 9.10, the default was to disable threads on Linux
-systems; this has now been reversed. On Linux systems, the threaded build
-is known to change BIND's behavior with respect to file permissions; it
-may be necessary to specify a user with the -u option when running named.)
-
-To build shared libraries, specify --with-libtool on the configure command
-line.
-
-Certain compiled-in constants and default settings can be increased to
-values better suited to large servers with abundant memory resources (e.g,
-64-bit servers with 12G or more of memory) by specifying --with-tuning=
-large on the configure command line. This can improve performance on big
-servers, but will consume more memory and may degrade performance on
-smaller systems.
-
-For the server to support DNSSEC, you need to build it with crypto
-support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
-installed. If the OpenSSL library is installed in a nonstandard location,
-specify the prefix using --with-openssl=<PREFIX> on the configure command
-line. To use a PKCS#11 hardware service module for cryptographic
-operations, specify the path to the PKCS#11 provider library using
---with-pkcs11=<PREFIX>, and configure BIND with --enable-native-pkcs11.
-
-To support the HTTP statistics channel, the server must be linked with at
-least one of the following: libxml2 http://xmlsoft.org or json-c https://
-github.com/json-c. If these are installed at a nonstandard location,
-specify the prefix using --with-libxml2=/prefix or --with-libjson=/prefix.
-
-To support compression on the HTTP statistics channel, the server must be
-linked against libzlib. If this is installed in a nonstandard location,
-specify the prefix using --with-zlib=/prefix.
-
-To support storing configuration data for runtime-added zones in an LMDB
-database, the server must be linked with liblmdb. If this is installed in
-a nonstandard location, specify the prefix using with-lmdb=/prefix.
-
-To support GeoIP location-based ACLs, the server must be linked with
-libGeoIP. This is not turned on by default; BIND must be configured with
---with-geoip. If the library is installed in a nonstandard location,
-specify the prefix using --with-geoip=/prefix.
-
-For DNSTAP packet logging, you must have installed libfstrm https://
-github.com/farsightsec/fstrm and libprotobuf-c https://
-developers.google.com/protocol-buffers, and BIND must be configured with
---enable-dnstap.
-
-On Linux, process capabilities are managed in user space using the libcap
-library, which can be installed on most Linux systems via the libcap-dev
-or libcap-devel module. Process capability support can also be disabled by
-configuring with --disable-linux-caps.
-
-Portions of BIND that are written in Python, including dnssec-keymgr,
-dnssec-coverage, dnssec-checkds, and some of the system tests, require the
-'argparse' and 'ply' modules to be available. 'argparse' is a standard
-module as of Python 2.7 and Python 3.2. 'ply' is available from https://
-pypi.python.org/pypi/ply.
-
-On some platforms it is necessary to explicitly request large file support
-to handle files bigger than 2GB. This can be done by using
---enable-largefile on the configure command line.
-
-Support for the "fixed" rrset-order option can be enabled or disabled by
-specifying --enable-fixed-rrset or --disable-fixed-rrset on the configure
-command line. By default, fixed rrset-order is disabled to reduce memory
-footprint.
-
-make install will install named and the various BIND 9 libraries. By
-default, installation is into /usr/local, but this can be changed with the
---prefix option when running configure.
-
-You may specify the option --sysconfdir to set the directory where
-configuration files like named.conf go by default, and --localstatedir to
-set the default parent directory of run/named.pid. For backwards
-compatibility with BIND 8, --sysconfdir defaults to /etc and
---localstatedir defaults to /var if no --prefix option is given. If there
-is a --prefix option, sysconfdir defaults to $prefix/etc and localstatedir
-defaults to $prefix/var.
-
-Automated testing
-
-A system test suite can be run with make test. The system tests require
-you to configure a set of virtual IP addresses on your system (this allows
-multiple servers to run locally and communicate with one another). These
-IP addresses can be configured by running the command bin/tests/system/
-ifconfig.sh up as root.
-
-Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
-and will be skipped if these are not available. Some tests require Python
-and the 'dnspython' module and will be skipped if these are not available.
-See bin/tests/system/README for further details.
-
-Unit tests are implemented using the CMocka unit testing framework. To
-build them, use configure --with-cmocka. Execution of tests is done by the
-Kyua test execution engine; if the kyua command is available, then unit
-tests can be run via make test or make unit.
-
-Documentation
-
-The BIND 9 Administrator Reference Manual is included with the source
-distribution, in DocBook XML, HTML and PDF format, in the doc/arm
-directory.
-
-Some of the programs in the BIND 9 distribution have man pages in their
-directories. In particular, the command line options of named are
-documented in bin/named/named.8.
-
-Frequently (and not-so-frequently) asked questions and their answers can
-be found in the ISC Knowledge Base at https://kb.isc.org.
-
-Additional information on various subjects can be found in other README
-files throughout the source tree.
-
-Change log
-
-A detailed list of all changes that have been made throughout the
-development BIND 9 is included in the file CHANGES, with the most recent
-changes listed first. Change notes include tags indicating the category of
-the change that was made; these categories are:
-
-Category       Description
-[func]         New feature
-[bug]          General bug fix
-[security]     Fix for a significant security flaw
-[experimental] Used for new features when the syntax or other aspects of
-               the design are still in flux and may change
-[port]         Portability enhancement
-[maint]        Updates to built-in data such as root server addresses and
-               keys
-[tuning]       Changes to built-in configuration defaults and constants to
-               improve performance
-[performance]  Other changes to improve server performance
-[protocol]     Updates to the DNS protocol such as new RR types
-[test]         Changes to the automatic tests, not affecting server
-               functionality
-[cleanup]      Minor corrections and refactoring
-[doc]          Documentation
-[contrib]      Changes to the contributed tools and libraries in the
-               'contrib' subdirectory
-               Used in the master development branch to reserve change
-[placeholder]  numbers for use in other branches, e.g. when fixing a bug
-               that only exists in older releases
-
-In general, [func] and [experimental] tags will only appear in new-feature
-releases (i.e., those with version numbers ending in zero). Some new
-functionality may be backported to older releases on a case-by-case basis.
-All other change types may be applied to all currently-supported releases.
-
-Acknowledgments
-
-  * The original development of BIND 9 was underwritten by the following
-    organizations:
-
-    Sun Microsystems, Inc.
-    Hewlett Packard
-    Compaq Computer Corporation
-    IBM
-    Process Software Corporation
-    Silicon Graphics, Inc.
-    Network Associates, Inc.
-    U.S. Defense Information Systems Agency
-    USENIX Association
-    Stichting NLnet - NLnet Foundation
-    Nominum, Inc.
-
-  * This product includes software developed by the OpenSSL Project for
-    use in the OpenSSL Toolkit. http://www.OpenSSL.org/
-  * This product includes cryptographic software written by Eric Young
-    (eay@cryptsoft.com)
-  * This product includes software written by Tim Hudson
-    (tjh@cryptsoft.com)
+
+BIND 9.0.0 alpha 3
+
+
+Status
+
+Most of the core technology planned for BIND 9 is in this release.  Some
+of the highlights are:
+
+	IPv6
+
+		Support for bitstring labels, DNAME, and A6 records.
+
+		IPv6-aware resolver (follows A6 chains, can use IPv6 to
+		talk to other nameservers).
+
+		The nameserver listens on an IPv6 socket.
+
+	DNSSEC
+
+		All new RR types supported.
+
+		The server generates DNSSEC responses for secure zones.
+
+	EDNS0 (server only), IXFR, AXFR, dynamic update
+
+
+With the exception of the DNSSEC validator, all the major new
+functionality is done.  We expect to finish the DNSSEC validator by
+the end of December.
+
+This release is alpha quality.  There are still a number of unfinished
+areas, for example: most config file options, sanity checking,
+performance tuning, high-volume client support, garbage collection,
+however, none of these areas are especially difficult.
+
+We've used BIND 9 as the nameserver while web surfing and doing other
+ordinary tasks, and it has worked.  We've successfully answered
+queries sent over IPv6 sockets, and have used IPv6 to query other
+nameservers (also running BIND 9 of course!).
+
+
+Building
+
+We've had successful builds and tests on the following systems
+
+	AIX 4.3
+	BSDI 3.1, 4.0.1
+	COMPAQ Tru64 UNIX 4.0D, 5.0
+	FreeBSD 3.3
+	HP-UX 11
+	IRIX64 6.5
+	NetBSD 1.4.1
+	Red Hat Linux 6.0, 6.1
+	Solaris 2.6, 7
+
+To build, just
+
+	./configure
+	make
+
+Do not run 'make install'.  Shared libraries will be built if "--with-libtool"
+is added to the "configure" command.
+
+Building with gcc is not supported, unless gcc is the vendor's usual
+compiler (e.g. the various BSD systems, Linux).
+
+
+bin/named notes
+
+The server now uses the BIND 8 config file format.  All options are parsed,
+but most do not have any effect as yet.
+
+The server now runs on port 53 by default.  Use "-p" if you want to run
+on a different port.
+
+The server does not yet "daemonize".
+
+
+API Note
+
+All APIs are subject to change in future code drops.  We expect the
+existing library interfaces in the code drop to be quite stable,
+however, and unless we've specifically indicated that an interface is
+temporary, we don't expect significant changes in future releases.

README.md

@@ -1,384 +0,0 @@
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-# BIND 9
-
-### Contents
-
-1. [Introduction](#intro)
-1. [Reporting bugs and getting help](#help)
-1. [Contributing to BIND](#contrib)
-1. [BIND 9.13 features](#features)
-1. [Building BIND](#build)
-1. [macOS](#macos)
-1. [Compile-time options](#opts)
-1. [Automated testing](#testing)
-1. [Documentation](#doc)
-1. [Change log](#changes)
-1. [Acknowledgments](#ack)
-
-### <a name="intro"/> Introduction
-
-BIND (Berkeley Internet Name Domain) is a complete, highly portable
-implementation of the DNS (Domain Name System) protocol.
-
-The BIND name server, `named`, is able to serve as an authoritative name
-server, recursive resolver, DNS forwarder, or all three simultaneously.  It
-implements views for split-horizon DNS, automatic DNSSEC zone signing and
-key management, catalog zones to facilitate provisioning of zone data
-throughout a name server constellation, response policy zones (RPZ) to
-protect clients from malicious data, response rate limiting (RRL) and
-recursive query limits to reduce distributed denial of service attacks,
-and many other advanced DNS features.  BIND also includes a suite of
-administrative tools, including the `dig` and `delv` DNS lookup tools,
-`nsupdate` for dynamic DNS zone updates, `rndc` for remote name server
-administration, and more.
-
-BIND 9 began as a complete re-write of the BIND architecture that was
-used in versions 4 and 8.  Internet Systems Consortium
-([https://www.isc.org](https://www.isc.org)), a 501(c)(3) public benefit
-corporation dedicated to providing software and services in support of the
-Internet infrastructure, developed BIND 9 and is responsible for its
-ongoing maintenance and improvement.  BIND is open source software
-licenced under the terms of the Mozilla Public License, version 2.0.
-
-For a summary of features introduced in past major releases of BIND,
-see the file [HISTORY](HISTORY.md).
-
-For a detailed list of changes made throughout the history of BIND 9, see
-the file [CHANGES](CHANGES). See [below](#changes) for details on the
-CHANGES file format.
-
-For up-to-date release notes and errata, see
-[http://www.isc.org/software/bind9/releasenotes](http://www.isc.org/software/bind9/releasenotes)
-
-For information about supported platforms, see [PLATFORMS](PLATFORMS.md).
-
-### <a name="help"/> Reporting bugs and getting help
-
-To report non-security-sensitive bugs or request new features, you may
-open an Issue in the BIND 9 project on the
-[ISC GitLab server](https://gitlab.isc.org) at
-[https://gitlab.isc.org/isc-projects/bind9](https://gitlab.isc.org/isc-projects/bind9).
-
-Please note that, unless you explicitly mark the newly created Issue as
-"confidential", it will be publicly readable.  Please do not include any
-information in bug reports that you consider to be confidential unless
-the issue has been marked as such.  In particular, if submitting the
-contents of your configuration file in a non-confidential Issue, it is
-advisable to obscure key secrets: this can be done automatically by
-using `named-checkconf -px`.
-
-If the bug you are reporting is a potential security issue, such as an
-assertion failure or other crash in `named`, please do *NOT* use GitLab to
-report it. Instead, please send mail to
-[security-officer@isc.org](mailto:security-officer@isc.org).
-
-Professional support and training for BIND are available from
-ISC at [https://www.isc.org/support](https://www.isc.org/support).
-
-To join the __BIND Users__ mailing list, or view the archives, visit
-[https://lists.isc.org/mailman/listinfo/bind-users](https://lists.isc.org/mailman/listinfo/bind-users).
-
-If you're planning on making changes to the BIND 9 source code, you
-may also want to join the __BIND Workers__ mailing list, at
-[https://lists.isc.org/mailman/listinfo/bind-workers](https://lists.isc.org/mailman/listinfo/bind-workers).
-
-### <a name="contrib"/> Contributing to BIND
-
-ISC maintains a public git repository for BIND; details can be found
-at [http://www.isc.org/git/](http://www.isc.org/git/).
-
-Information for BIND contributors can be found in the following files:
-- General information: [CONTRIBUTING.md](CONTRIBUTING)
-- BIND 9 code style: [doc/dev/style.md](doc/dev/style.md)
-- BIND architecture and developer guide: [doc/dev/dev.md](doc/dev/dev.md)
-
-Patches for BIND may be submitted as
-[Merge Requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests)
-in the [ISC GitLab server](https://gitlab.isc.org) at
-at [https://gitlab.isc.org/isc-projects/bind9/merge_requests](https://gitlab.isc.org/isc-projects/bind9/merge_requests).
-
-By default, external contributors don't have ability to fork BIND in the
-GitLab server, but if you wish to contribute code to BIND, you may request
-permission to do so. Thereafter, you can create git branches and directly
-submit requests that they be reviewed and merged.
-
-If you prefer, you may also submit code by opening a
-[GitLab Issue](https://gitlab.isc.org/isc-projects/bind9/issues) and
-including your patch as an attachment, preferably generated by
-`git format-patch`.
-
-### <a name="features"/> BIND 9.13 features
-
-BIND 9.13 is the newest development branch of BIND 9. It includes a
-number of changes from BIND 9.12 and earlier releases.  New features
-include:
-
-* Socket and task code has been refactored to improve performance.
-* QNAME minimization, as described in RFC 7816, is now supported.
-* "Root key sentinel" support, enabling validating resolvers to indicate
-  via a special query which trust anchors are configured for the root zone.
-* Secondary zones can now be configured as "mirror" zones; their contents
-  are transferred in as with traditional slave zones, but are subject to
-  DNSSEC validation and are not treated as authoritative data when
-  answering. This makes it easier to configure a local copy of the root
-  zone as described in RFC 7706.
-* The "validate-except" option allows configuration of domains below which
-  DNSSEC validation should not be performed.
-* The default value of "dnssec-validation" is now "auto".
-* IDNA2008 is now supported when linking with `libidn2`.
-
-In addition, workarounds that were formerly in place to enable resolution
-of domains whose authoritative servers did not respond to EDNS queries
-have been removed. See [https://dnsflagday.net](https://dnsflagday.net)
-for more details.
-
-Cryptographic support has been modernized. BIND now uses the
-best available pseudo-random number generator for the platform on which
-it's built. Very old versions of OpenSSL are no longer supported.
-Cryptography is now mandatory: building BIND without DNSSEC is now
-longer supported.
-
-Special code to support certain legacy operating systems has also
-been removed; see the file [PLATFORMS.md](PLATFORMS.md) for details
-of supported platforms. In addition to OpenSSL, BIND now requires
-support for IPv6, threads, and standard atomic operations provided
-by the C compiler.
-
-### <a name="build"/> Building BIND
-
-Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
-basic POSIX support, and a 64-bit integer type. Successful builds have been
-observed on many versions of Linux and UNIX, including RedHat, Fedora,
-Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X,
-Solaris, HP-UX, and OpenWRT.
-
-BIND requires a cryptography provider library such as OpenSSL or a
-hardware service module supporting PKCS#11. On Linux, BIND requires
-the `libcap` library to set process privileges, though this requirement
-can be overridden by disabling capability support at compile time.
-See [Compile-time options](#opts) below for details on other libraries
-that may be required to support optional features.
-
-BIND is also available for Windows 2008 and higher.  See
-`win32utils/readme1st.txt` for details on building for Windows
-systems.
-
-To build on a UNIX or Linux system, use:
-
-		$ ./configure
-		$ make
-
-If you're planning on making changes to the BIND 9 source, you should run
-`make depend`.  If you're using Emacs, you might find `make tags` helpful.
-
-Several environment variables that can be set before running `configure` will
-affect compilation:
-
-|Variable|Description |
-|--------------------|-----------------------------------------------|
-|`CC`|The C compiler to use.  `configure` tries to figure out the right one for supported systems.|
-|`CFLAGS`|C compiler flags.  Defaults to include -g and/or -O2 as supported by the compiler.  Please include '-g' if you need to set `CFLAGS`. |
-|`STD_CINCLUDES`|System header file directories.  Can be used to specify where add-on thread or IPv6 support is, for example.  Defaults to empty string.|
-|`STD_CDEFINES`|Any additional preprocessor symbols you want defined.  Defaults to empty string. For a list of possible settings, see the file [OPTIONS](OPTIONS.md).|
-|`LDFLAGS`|Linker flags. Defaults to empty string.|
-|`BUILD_CC`|Needed when cross-compiling: the native C compiler to use when building for the target system.|
-|`BUILD_CFLAGS`|Optional, used for cross-compiling|
-|`BUILD_CPPFLAGS`||
-|`BUILD_LDFLAGS`||
-|`BUILD_LIBS`||
-
-#### <a name="macos"> macOS
-
-Building on macOS assumes that the "Command Tools for Xcode" is installed.
-This can be downloaded from https://developer.apple.com/download/more/
-or if you have Xcode already installed you can run "xcode-select --install".
-This will add /usr/include to the system and install the compiler and other
-tools so that they can be easily found.
-
-
-#### <a name="opts"/> Compile-time options
-
-To see a full list of configuration options, run `configure --help`.
-
-On most platforms, BIND 9 is built with multithreading support, allowing it
-to take advantage of multiple CPUs.  You can configure this by specifying
-`--enable-threads` or `--disable-threads` on the `configure` command line.
-The default is to enable threads, except on some older operating systems on
-which threads are known to have had problems in the past.  (Note: Prior to
-BIND 9.10, the default was to disable threads on Linux systems; this has
-now been reversed.  On Linux systems, the threaded build is known to change
-BIND's behavior with respect to file permissions; it may be necessary to
-specify a user with the -u option when running `named`.)
-
-To build shared libraries, specify `--with-libtool` on the `configure`
-command line.
-
-Certain compiled-in constants and default settings can be increased to
-values better suited to large servers with abundant memory resources (e.g,
-64-bit servers with 12G or more of memory) by specifying
-`--with-tuning=large` on the `configure` command line. This can improve
-performance on big servers, but will consume more memory and may degrade
-performance on smaller systems.
-
-For the server to support DNSSEC, you need to build it with crypto support.
-To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed.  If the
-OpenSSL library is installed in a nonstandard location, specify the prefix
-using `--with-openssl=<PREFIX>` on the configure command line. To use a
-PKCS#11 hardware service module for cryptographic operations, specify the
-path to the PKCS#11 provider library using `--with-pkcs11=<PREFIX>`, and
-configure BIND with `--enable-native-pkcs11`.
-
-To support the HTTP statistics channel, the server must be linked with at
-least one of the following: libxml2
-[http://xmlsoft.org](http://xmlsoft.org) or json-c
-[https://github.com/json-c](https://github.com/json-c).  If these are
-installed at a nonstandard location, specify the prefix using
-`--with-libxml2=/prefix` or `--with-libjson=/prefix`.
-
-To support compression on the HTTP statistics channel, the server must be
-linked against libzlib.  If this is installed in a nonstandard location,
-specify the prefix using `--with-zlib=/prefix`.
-
-To support storing configuration data for runtime-added zones in an LMDB
-database, the server must be linked with liblmdb. If this is installed in a
-nonstandard location, specify the prefix using `with-lmdb=/prefix`.
-
-To support GeoIP location-based ACLs, the server must be linked with
-libGeoIP. This is not turned on by default; BIND must be configured with
-`--with-geoip`. If the library is installed in a nonstandard location,
-specify the prefix using `--with-geoip=/prefix`.
-
-For DNSTAP packet logging, you must have installed libfstrm
-[https://github.com/farsightsec/fstrm](https://github.com/farsightsec/fstrm)
-and libprotobuf-c
-[https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),
-and BIND must be configured with `--enable-dnstap`.
-
-On Linux, process capabilities are managed in user space using
-the `libcap` library, which can be installed on most Linux systems via
-the `libcap-dev` or `libcap-devel` module. Process capability support can
-also be disabled by configuring with `--disable-linux-caps`.
-
-Portions of BIND that are written in Python, including
-`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the
-system tests, require the 'argparse' and 'ply' modules to be available.
-'argparse' is a standard module as of Python 2.7 and Python 3.2.
-'ply' is available from [https://pypi.python.org/pypi/ply](https://pypi.python.org/pypi/ply).
-
-On some platforms it is necessary to explicitly request large file support
-to handle files bigger than 2GB.  This can be done by using
-`--enable-largefile` on the `configure` command line.
-
-Support for the "fixed" rrset-order option can be enabled or disabled by
-specifying `--enable-fixed-rrset` or `--disable-fixed-rrset` on the
-configure command line.  By default, fixed rrset-order is disabled to
-reduce memory footprint.
-
-`make install` will install `named` and the various BIND 9 libraries.  By
-default, installation is into /usr/local, but this can be changed with the
-`--prefix` option when running `configure`.
-
-You may specify the option `--sysconfdir` to set the directory where
-configuration files like `named.conf` go by default, and `--localstatedir`
-to set the default parent directory of `run/named.pid`.   For backwards
-compatibility with BIND 8, `--sysconfdir` defaults to `/etc` and
-`--localstatedir` defaults to `/var` if no `--prefix` option is given.  If
-there is a `--prefix` option, sysconfdir defaults to `$prefix/etc` and
-localstatedir defaults to `$prefix/var`.
-
-### <a name="testing"/> Automated testing
-
-A system test suite can be run with `make test`.  The system tests require
-you to configure a set of virtual IP addresses on your system (this allows
-multiple servers to run locally and communicate with one another).  These
-IP addresses can be configured by running the command
-`bin/tests/system/ifconfig.sh up` as root.
-
-Some tests require Perl and the Net::DNS and/or IO::Socket::INET6 modules,
-and will be skipped if these are not available. Some tests require Python
-and the 'dnspython' module and will be skipped if these are not available.
-See bin/tests/system/README for further details.
-
-Unit tests are implemented using the CMocka unit testing framework.
-To build them, use `configure --with-cmocka`. Execution of tests is done
-by the Kyua test execution engine; if the `kyua` command is available,
-then unit tests can be run via `make test` or `make unit`.
-
-### <a name="doc"/> Documentation
-
-The *BIND 9 Administrator Reference Manual* is included with the source
-distribution, in DocBook XML, HTML and PDF format, in the `doc/arm`
-directory.
-
-Some of the programs in the BIND 9 distribution have man pages in their
-directories.  In particular, the command line options of `named` are
-documented in `bin/named/named.8`.
-
-Frequently (and not-so-frequently) asked questions and their answers
-can be found in the ISC Knowledge Base at
-[https://kb.isc.org](https://kb.isc.org).
-
-Additional information on various subjects can be found in other
-`README` files throughout the source tree.
-
-### <a name="changes"/> Change log
-
-A detailed list of all changes that have been made throughout the
-development BIND 9 is included in the file CHANGES, with the most recent
-changes listed first.  Change notes include tags indicating the category of
-the change that was made; these categories are:
-
-|Category	|Description	        			|
-|--------------	|-----------------------------------------------|
-| [func] | New feature |
-| [bug] | General bug fix |
-| [security] | Fix for a significant security flaw |
-| [experimental] | Used for new features when the syntax or other aspects of the design are still in flux and may change |
-| [port] | Portability enhancement |
-| [maint] | Updates to built-in data such as root server addresses and keys |
-| [tuning] | Changes to built-in configuration defaults and constants to improve performance |
-| [performance] | Other changes to improve server performance |
-| [protocol] | Updates to the DNS protocol such as new RR types |
-| [test] | Changes to the automatic tests, not affecting server functionality |
-| [cleanup] | Minor corrections and refactoring |
-| [doc] | Documentation |
-| [contrib] | Changes to the contributed tools and libraries in the 'contrib' subdirectory |
-| [placeholder] | Used in the master development branch to reserve change numbers for use in other branches, e.g. when fixing a bug that only exists in older releases |
-
-In general, [func] and [experimental] tags will only appear in new-feature
-releases (i.e., those with version numbers ending in zero).  Some new
-functionality may be backported to older releases on a case-by-case basis.
-All other change types may be applied to all currently-supported releases.
-
-### <a name="ack"/> Acknowledgments
-
-* The original development of BIND 9 was underwritten by the
-  following organizations:
-
-		Sun Microsystems, Inc.
-		Hewlett Packard
-		Compaq Computer Corporation
-		IBM
-		Process Software Corporation
-		Silicon Graphics, Inc.
-		Network Associates, Inc.
-		U.S. Defense Information Systems Agency
-		USENIX Association
-		Stichting NLnet - NLnet Foundation
-		Nominum, Inc.
-
-* This product includes software developed by the OpenSSL Project for use
-  in the OpenSSL Toolkit.
-  [http://www.OpenSSL.org/](http://www.OpenSSL.org/)
-* This product includes cryptographic software written by Eric Young
-  (eay@cryptsoft.com)
-* This product includes software written by Tim Hudson (tjh@cryptsoft.com)

TODO

@@ -0,0 +1,19 @@
+
+1.	Rdataset/Rdatalist Union
+2.	ev_ prefix for ISC_EVENT_COMMON
+3.	Finish mempool conversion of message.c
+4.	Improve buffer & region APIs (inline?)
+5.	isc/util.h publish or perish
+6.	magic number listing
+7.	Eliminate dns_result_t and old DNS_R_ codes
+8.	Check base 64 code; does it have the problems that
+	the BIND 8 code does?
+9.	Authority is optional if we have answers?
+10.	AD bit setting.
+11.	KEY duplication (answer + additional) in any query
+12.	Add covers to deleterdataset.
+13.	Fix rdata META flag to be set for TSIG, TKEY, OPT
+14.	Intergrate (replace?) old per zone SOA timers with zomemgr
+15.	RWlock for zonemgr zone list
+16.	CHAOS A's
+17.	implement "doc" checks out of zonemgr.

acconfig.h

@@ -0,0 +1,48 @@
+/*
+ * Copyright (C) 1999  Internet Software Consortium.
+ * 
+ * Permission to use, copy, modify, and distribute this software for any
+ * purpose with or without fee is hereby granted, provided that the above
+ * copyright notice and this permission notice appear in all copies.
+ * 
+ * THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+ * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+ * OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+ * CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+ * DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+ * PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+ * ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+ * SOFTWARE.
+ */
+
+/* define on DEC OSF to enable 4.4BSD style sa_len support */
+#undef _SOCKADDR_LEN
+
+/* define if your system needs pthread_init() before using pthreads */
+#undef NEED_PTHREAD_INIT
+
+/* define if your system has sigwait() */
+#undef HAVE_SIGWAIT
+
+/* define on Solaris to get sigwait() to work using pthreads semantics */
+#undef _POSIX_PTHREAD_SEMANTICS
+
+/* define if LinuxThreads is in use */
+#undef HAVE_LINUXTHREADS
+
+/* define if catgets() is available */
+#undef HAVE_CATGETS
+
+/* define if you have the NET_RT_IFLIST sysctl variable. */
+#undef HAVE_IFLIST_SYSCTL
+
+/* define if you need to #define _XPG4_2 before including sys/socket.h */
+#undef NEED_XPG4_2_BEFORE_SOCKET_H
+
+/* define if you need to #define _XOPEN_SOURCE_ENTENDED before including
+ * sys/socket.h
+ */
+#undef NEED_XSE_BEFORE_SOCKET_H
+
+/* define if chroot() is available */
+#undef HAVE_CHROOT

aclocal.m4

@@ -1,298 +1,427 @@
-# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
+## libtool.m4 - Configure libtool for the target system. -*-Shell-script-*-
+## Copyright (C) 1996-1999 Free Software Foundation, Inc.
+## Originally by Gordon Matzigkeit <gord@gnu.ai.mit.edu>, 1996
+##
+## This program is free software; you can redistribute it and/or modify
+## it under the terms of the GNU General Public License as published by
+## the Free Software Foundation; either version 2 of the License, or
+## (at your option) any later version.
+##
+## This program is distributed in the hope that it will be useful, but
+## WITHOUT ANY WARRANTY; without even the implied warranty of
+## MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
+## General Public License for more details.
+##
+## You should have received a copy of the GNU General Public License
+## along with this program; if not, write to the Free Software
+## Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA 02111-1307, USA.
+##
+## As a special exception to the GNU General Public License, if you
+## distribute this file as part of a program that contains a
+## configuration script generated by Autoconf, you may include it under
+## the same distribution terms that you use for the rest of that program.
 
-# Copyright (C) 1996-2018 Free Software Foundation, Inc.
+# serial 40 AC_PROG_LIBTOOL
+AC_DEFUN(AC_PROG_LIBTOOL,
+[AC_REQUIRE([AC_LIBTOOL_SETUP])dnl
 
-# This file is free software; the Free Software Foundation
-# gives unlimited permission to copy and/or distribute it,
-# with or without modifications, as long as this notice is preserved.
+# Save cache, so that ltconfig can load it
+AC_CACHE_SAVE
 
-# This program is distributed in the hope that it will be useful,
-# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
-# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
-# PARTICULAR PURPOSE.
+# Actually configure libtool.  ac_aux_dir is where install-sh is found.
+CC="$CC" CFLAGS="$CFLAGS" CPPFLAGS="$CPPFLAGS" \
+LD="$LD" LDFLAGS="$LDFLAGS" LIBS="$LIBS" \
+LN_S="$LN_S" NM="$NM" RANLIB="$RANLIB" \
+DLLTOOL="$DLLTOOL" AS="$AS" OBJDUMP="$OBJDUMP" \
+${CONFIG_SHELL-/bin/sh} $ac_aux_dir/ltconfig --no-reexec \
+$libtool_flags --no-verify $ac_aux_dir/ltmain.sh $host \
+|| AC_MSG_ERROR([libtool configure failed])
 
-m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
-# pkg.m4 - Macros to locate and utilise pkg-config.   -*- Autoconf -*-
-# serial 12 (pkg-config-0.29.2)
+# Reload cache, that may have been modified by ltconfig
+AC_CACHE_LOAD
 
-dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
-dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
-dnl
-dnl This program is free software; you can redistribute it and/or modify
-dnl it under the terms of the GNU General Public License as published by
-dnl the Free Software Foundation; either version 2 of the License, or
-dnl (at your option) any later version.
-dnl
-dnl This program is distributed in the hope that it will be useful, but
-dnl WITHOUT ANY WARRANTY; without even the implied warranty of
-dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
-dnl General Public License for more details.
-dnl
-dnl You should have received a copy of the GNU General Public License
-dnl along with this program; if not, write to the Free Software
-dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
-dnl 02111-1307, USA.
-dnl
-dnl As a special exception to the GNU General Public License, if you
-dnl distribute this file as part of a program that contains a
-dnl configuration script generated by Autoconf, you may include it under
-dnl the same distribution terms that you use for the rest of that
-dnl program.
+# This can be used to rebuild libtool when needed
+LIBTOOL_DEPS="$ac_aux_dir/ltconfig $ac_aux_dir/ltmain.sh"
 
-dnl PKG_PREREQ(MIN-VERSION)
-dnl -----------------------
-dnl Since: 0.29
-dnl
-dnl Verify that the version of the pkg-config macros are at least
-dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
-dnl installed version of pkg-config, this checks the developer's version
-dnl of pkg.m4 when generating configure.
-dnl
-dnl To ensure that this macro is defined, also add:
-dnl m4_ifndef([PKG_PREREQ],
-dnl     [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
-dnl
-dnl See the "Since" comment for each macro you use to see what version
-dnl of the macros you require.
-m4_defun([PKG_PREREQ],
-[m4_define([PKG_MACROS_VERSION], [0.29.2])
-m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
-    [m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
-])dnl PKG_PREREQ
+# Always use our own libtool.
+LIBTOOL='$(SHELL) $(top_builddir)/libtool'
+AC_SUBST(LIBTOOL)dnl
 
-dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
-dnl ----------------------------------
-dnl Since: 0.16
-dnl
-dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
-dnl first found in the path. Checks that the version of pkg-config found
-dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
-dnl used since that's the first version where most current features of
-dnl pkg-config existed.
-AC_DEFUN([PKG_PROG_PKG_CONFIG],
-[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
-m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
-m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
-AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
-AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
-AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
+# Redirect the config.log output again, so that the ltconfig log is not
+# clobbered by the next message.
+exec 5>>./config.log
+])
 
-if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
-	AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
+AC_DEFUN(AC_LIBTOOL_SETUP,
+[AC_PREREQ(2.13)dnl
+AC_REQUIRE([AC_ENABLE_SHARED])dnl
+AC_REQUIRE([AC_ENABLE_STATIC])dnl
+AC_REQUIRE([AC_ENABLE_FAST_INSTALL])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+AC_REQUIRE([AC_PROG_RANLIB])dnl
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_PROG_LD])dnl
+AC_REQUIRE([AC_PROG_NM])dnl
+AC_REQUIRE([AC_PROG_LN_S])dnl
+dnl
+
+# Check for any special flags to pass to ltconfig.
+libtool_flags="--cache-file=$cache_file"
+test "$enable_shared" = no && libtool_flags="$libtool_flags --disable-shared"
+test "$enable_static" = no && libtool_flags="$libtool_flags --disable-static"
+test "$enable_fast_install" = no && libtool_flags="$libtool_flags --disable-fast-install"
+test "$ac_cv_prog_gcc" = yes && libtool_flags="$libtool_flags --with-gcc"
+test "$ac_cv_prog_gnu_ld" = yes && libtool_flags="$libtool_flags --with-gnu-ld"
+ifdef([AC_PROVIDE_AC_LIBTOOL_DLOPEN],
+[libtool_flags="$libtool_flags --enable-dlopen"])
+ifdef([AC_PROVIDE_AC_LIBTOOL_WIN32_DLL],
+[libtool_flags="$libtool_flags --enable-win32-dll"])
+AC_ARG_ENABLE(libtool-lock,
+  [  --disable-libtool-lock  avoid locking (might break parallel builds)])
+test "x$enable_libtool_lock" = xno && libtool_flags="$libtool_flags --disable-lock"
+test x"$silent" = xyes && libtool_flags="$libtool_flags --silent"
+
+# Some flags need to be propagated to the compiler or linker for good
+# libtool support.
+case "$host" in
+*-*-irix6*)
+  # Find out which ABI we are using.
+  echo '[#]line __oline__ "configure"' > conftest.$ac_ext
+  if AC_TRY_EVAL(ac_compile); then
+    case "`/usr/bin/file conftest.o`" in
+    *32-bit*)
+      LD="${LD-ld} -32"
+      ;;
+    *N32*)
+      LD="${LD-ld} -n32"
+      ;;
+    *64-bit*)
+      LD="${LD-ld} -64"
+      ;;
+    esac
+  fi
+  rm -rf conftest*
+  ;;
+
+*-*-sco3.2v5*)
+  # On SCO OpenServer 5, we need -belf to get full-featured binaries.
+  SAVE_CFLAGS="$CFLAGS"
+  CFLAGS="$CFLAGS -belf"
+  AC_CACHE_CHECK([whether the C compiler needs -belf], lt_cv_cc_needs_belf,
+    [AC_TRY_LINK([],[],[lt_cv_cc_needs_belf=yes],[lt_cv_cc_needs_belf=no])])
+  if test x"$lt_cv_cc_needs_belf" != x"yes"; then
+    # this is probably gcc 2.8.0, egcs 1.0 or newer; no need for -belf
+    CFLAGS="$SAVE_CFLAGS"
+  fi
+  ;;
+
+ifdef([AC_PROVIDE_AC_LIBTOOL_WIN32_DLL],
+[*-*-cygwin* | *-*-mingw*)
+  AC_CHECK_TOOL(DLLTOOL, dlltool, false)
+  AC_CHECK_TOOL(AS, as, false)
+  AC_CHECK_TOOL(OBJDUMP, objdump, false)
+  ;;
+])
+esac
+])
+
+# AC_LIBTOOL_DLOPEN - enable checks for dlopen support
+AC_DEFUN(AC_LIBTOOL_DLOPEN, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])])
+
+# AC_LIBTOOL_WIN32_DLL - declare package support for building win32 dll's
+AC_DEFUN(AC_LIBTOOL_WIN32_DLL, [AC_BEFORE([$0], [AC_LIBTOOL_SETUP])])
+
+# AC_ENABLE_SHARED - implement the --enable-shared flag
+# Usage: AC_ENABLE_SHARED[(DEFAULT)]
+#   Where DEFAULT is either `yes' or `no'.  If omitted, it defaults to
+#   `yes'.
+AC_DEFUN(AC_ENABLE_SHARED, [dnl
+define([AC_ENABLE_SHARED_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE(shared,
+changequote(<<, >>)dnl
+<<  --enable-shared[=PKGS]  build shared libraries [default=>>AC_ENABLE_SHARED_DEFAULT],
+changequote([, ])dnl
+[p=${PACKAGE-default}
+case "$enableval" in
+yes) enable_shared=yes ;;
+no) enable_shared=no ;;
+*)
+  enable_shared=no
+  # Look at the argument we got.  We use all the common list separators.
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
+  for pkg in $enableval; do
+    if test "X$pkg" = "X$p"; then
+      enable_shared=yes
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac],
+enable_shared=AC_ENABLE_SHARED_DEFAULT)dnl
+])
+
+# AC_DISABLE_SHARED - set the default shared flag to --disable-shared
+AC_DEFUN(AC_DISABLE_SHARED, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_SHARED(no)])
+
+# AC_ENABLE_STATIC - implement the --enable-static flag
+# Usage: AC_ENABLE_STATIC[(DEFAULT)]
+#   Where DEFAULT is either `yes' or `no'.  If omitted, it defaults to
+#   `yes'.
+AC_DEFUN(AC_ENABLE_STATIC, [dnl
+define([AC_ENABLE_STATIC_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE(static,
+changequote(<<, >>)dnl
+<<  --enable-static[=PKGS]  build static libraries [default=>>AC_ENABLE_STATIC_DEFAULT],
+changequote([, ])dnl
+[p=${PACKAGE-default}
+case "$enableval" in
+yes) enable_static=yes ;;
+no) enable_static=no ;;
+*)
+  enable_static=no
+  # Look at the argument we got.  We use all the common list separators.
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
+  for pkg in $enableval; do
+    if test "X$pkg" = "X$p"; then
+      enable_static=yes
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac],
+enable_static=AC_ENABLE_STATIC_DEFAULT)dnl
+])
+
+# AC_DISABLE_STATIC - set the default static flag to --disable-static
+AC_DEFUN(AC_DISABLE_STATIC, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_STATIC(no)])
+
+
+# AC_ENABLE_FAST_INSTALL - implement the --enable-fast-install flag
+# Usage: AC_ENABLE_FAST_INSTALL[(DEFAULT)]
+#   Where DEFAULT is either `yes' or `no'.  If omitted, it defaults to
+#   `yes'.
+AC_DEFUN(AC_ENABLE_FAST_INSTALL, [dnl
+define([AC_ENABLE_FAST_INSTALL_DEFAULT], ifelse($1, no, no, yes))dnl
+AC_ARG_ENABLE(fast-install,
+changequote(<<, >>)dnl
+<<  --enable-fast-install[=PKGS]  optimize for fast installation [default=>>AC_ENABLE_FAST_INSTALL_DEFAULT],
+changequote([, ])dnl
+[p=${PACKAGE-default}
+case "$enableval" in
+yes) enable_fast_install=yes ;;
+no) enable_fast_install=no ;;
+*)
+  enable_fast_install=no
+  # Look at the argument we got.  We use all the common list separators.
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}:,"
+  for pkg in $enableval; do
+    if test "X$pkg" = "X$p"; then
+      enable_fast_install=yes
+    fi
+  done
+  IFS="$ac_save_ifs"
+  ;;
+esac],
+enable_fast_install=AC_ENABLE_FAST_INSTALL_DEFAULT)dnl
+])
+
+# AC_ENABLE_FAST_INSTALL - set the default to --disable-fast-install
+AC_DEFUN(AC_DISABLE_FAST_INSTALL, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+AC_ENABLE_FAST_INSTALL(no)])
+
+# AC_PROG_LD - find the path to the GNU or non-GNU linker
+AC_DEFUN(AC_PROG_LD,
+[AC_ARG_WITH(gnu-ld,
+[  --with-gnu-ld           assume the C compiler uses GNU ld [default=no]],
+test "$withval" = no || with_gnu_ld=yes, with_gnu_ld=no)
+AC_REQUIRE([AC_PROG_CC])dnl
+AC_REQUIRE([AC_CANONICAL_HOST])dnl
+AC_REQUIRE([AC_CANONICAL_BUILD])dnl
+ac_prog=ld
+if test "$ac_cv_prog_gcc" = yes; then
+  # Check if gcc -print-prog-name=ld gives a path.
+  AC_MSG_CHECKING([for ld used by GCC])
+  ac_prog=`($CC -print-prog-name=ld) 2>&5`
+  case "$ac_prog" in
+    # Accept absolute paths.
+changequote(,)dnl
+    [\\/]* | [A-Za-z]:[\\/]*)
+      re_direlt='/[^/][^/]*/\.\./'
+changequote([,])dnl
+      # Canonicalize the path of ld
+      ac_prog=`echo $ac_prog| sed 's%\\\\%/%g'`
+      while echo $ac_prog | grep "$re_direlt" > /dev/null 2>&1; do
+	ac_prog=`echo $ac_prog| sed "s%$re_direlt%/%"`
+      done
+      test -z "$LD" && LD="$ac_prog"
+      ;;
+  "")
+    # If it fails, then pretend we aren't using GCC.
+    ac_prog=ld
+    ;;
+  *)
+    # If it is relative, then search for the first ld in PATH.
+    with_gnu_ld=unknown
+    ;;
+  esac
+elif test "$with_gnu_ld" = yes; then
+  AC_MSG_CHECKING([for GNU ld])
+else
+  AC_MSG_CHECKING([for non-GNU ld])
 fi
-if test -n "$PKG_CONFIG"; then
-	_pkg_min_version=m4_default([$1], [0.9.0])
-	AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
-	if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
-		AC_MSG_RESULT([yes])
-	else
-		AC_MSG_RESULT([no])
-		PKG_CONFIG=""
-	fi
-fi[]dnl
-])dnl PKG_PROG_PKG_CONFIG
-
-dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl -------------------------------------------------------------------
-dnl Since: 0.18
-dnl
-dnl Check to see whether a particular set of modules exists. Similar to
-dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
-dnl
-dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-dnl only at the first occurence in configure.ac, so if the first place
-dnl it's called might be skipped (such as if it is within an "if", you
-dnl have to call PKG_CHECK_EXISTS manually
-AC_DEFUN([PKG_CHECK_EXISTS],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-if test -n "$PKG_CONFIG" && \
-    AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
-  m4_default([$2], [:])
-m4_ifvaln([$3], [else
-  $3])dnl
+AC_CACHE_VAL(ac_cv_path_LD,
+[if test -z "$LD"; then
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}"
+  for ac_dir in $PATH; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f "$ac_dir/$ac_prog" || test -f "$ac_dir/$ac_prog$ac_exeext"; then
+      ac_cv_path_LD="$ac_dir/$ac_prog"
+      # Check to see if the program is GNU ld.  I'd rather use --version,
+      # but apparently some GNU ld's only accept -v.
+      # Break only if it was the GNU/non-GNU ld that we prefer.
+      if "$ac_cv_path_LD" -v 2>&1 < /dev/null | egrep '(GNU|with BFD)' > /dev/null; then
+	test "$with_gnu_ld" != no && break
+      else
+	test "$with_gnu_ld" != yes && break
+      fi
+    fi
+  done
+  IFS="$ac_save_ifs"
+else
+  ac_cv_path_LD="$LD" # Let the user override the test with a path.
 fi])
-
-dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
-dnl ---------------------------------------------
-dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
-dnl pkg_failed based on the result.
-m4_define([_PKG_CONFIG],
-[if test -n "$$1"; then
-    pkg_cv_[]$1="$$1"
- elif test -n "$PKG_CONFIG"; then
-    PKG_CHECK_EXISTS([$3],
-                     [pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
-		      test "x$?" != "x0" && pkg_failed=yes ],
-		     [pkg_failed=yes])
- else
-    pkg_failed=untried
-fi[]dnl
-])dnl _PKG_CONFIG
-
-dnl _PKG_SHORT_ERRORS_SUPPORTED
-dnl ---------------------------
-dnl Internal check to see if pkg-config supports short errors.
-AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
-if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
-        _pkg_short_errors_supported=yes
+LD="$ac_cv_path_LD"
+if test -n "$LD"; then
+  AC_MSG_RESULT($LD)
 else
-        _pkg_short_errors_supported=no
-fi[]dnl
-])dnl _PKG_SHORT_ERRORS_SUPPORTED
+  AC_MSG_RESULT(no)
+fi
+test -z "$LD" && AC_MSG_ERROR([no acceptable ld found in \$PATH])
+AC_SUBST(LD)
+AC_PROG_LD_GNU
+])
 
-
-dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-dnl   [ACTION-IF-NOT-FOUND])
-dnl --------------------------------------------------------------
-dnl Since: 0.4.0
-dnl
-dnl Note that if there is a possibility the first call to
-dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
-dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
-AC_DEFUN([PKG_CHECK_MODULES],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
-AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
-
-pkg_failed=no
-AC_MSG_CHECKING([for $2])
-
-_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
-_PKG_CONFIG([$1][_LIBS], [libs], [$2])
-
-m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
-and $1[]_LIBS to avoid the need to call pkg-config.
-See the pkg-config man page for more details.])
-
-if test $pkg_failed = yes; then
-        AC_MSG_RESULT([no])
-        _PKG_SHORT_ERRORS_SUPPORTED
-        if test $_pkg_short_errors_supported = yes; then
-	        $1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
-        else
-	        $1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
-        fi
-	# Put the nasty error message in config.log where it belongs
-	echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
-
-	m4_default([$4], [AC_MSG_ERROR(
-[Package requirements ($2) were not met:
-
-$$1_PKG_ERRORS
-
-Consider adjusting the PKG_CONFIG_PATH environment variable if you
-installed software in a non-standard prefix.
-
-_PKG_TEXT])[]dnl
-        ])
-elif test $pkg_failed = untried; then
-        AC_MSG_RESULT([no])
-	m4_default([$4], [AC_MSG_FAILURE(
-[The pkg-config script could not be found or is too old.  Make sure it
-is in your PATH or set the PKG_CONFIG environment variable to the full
-path to pkg-config.
-
-_PKG_TEXT
-
-To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
-        ])
+AC_DEFUN(AC_PROG_LD_GNU,
+[AC_CACHE_CHECK([if the linker ($LD) is GNU ld], ac_cv_prog_gnu_ld,
+[# I'd rather use --version here, but apparently some GNU ld's only accept -v.
+if $LD -v 2>&1 </dev/null | egrep '(GNU|with BFD)' 1>&5; then
+  ac_cv_prog_gnu_ld=yes
 else
-	$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
-	$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
-        AC_MSG_RESULT([yes])
-	$3
-fi[]dnl
-])dnl PKG_CHECK_MODULES
+  ac_cv_prog_gnu_ld=no
+fi])
+])
 
+# AC_PROG_NM - find the path to a BSD-compatible name lister
+AC_DEFUN(AC_PROG_NM,
+[AC_MSG_CHECKING([for BSD-compatible nm])
+AC_CACHE_VAL(ac_cv_path_NM,
+[if test -n "$NM"; then
+  # Let the user override the test.
+  ac_cv_path_NM="$NM"
+else
+  IFS="${IFS= 	}"; ac_save_ifs="$IFS"; IFS="${IFS}${PATH_SEPARATOR-:}"
+  for ac_dir in $PATH /usr/ccs/bin /usr/ucb /bin; do
+    test -z "$ac_dir" && ac_dir=.
+    if test -f $ac_dir/nm || test -f $ac_dir/nm$ac_exeext ; then
+      # Check to see if the nm accepts a BSD-compat flag.
+      # Adding the `sed 1q' prevents false positives on HP-UX, which says:
+      #   nm: unknown option "B" ignored
+      if ($ac_dir/nm -B /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then
+	ac_cv_path_NM="$ac_dir/nm -B"
+	break
+      elif ($ac_dir/nm -p /dev/null 2>&1 | sed '1q'; exit 0) | egrep /dev/null >/dev/null; then
+	ac_cv_path_NM="$ac_dir/nm -p"
+	break
+      else
+	ac_cv_path_NM=${ac_cv_path_NM="$ac_dir/nm"} # keep the first match, but
+	continue # so that we can try to find one that supports BSD flags
+      fi
+    fi
+  done
+  IFS="$ac_save_ifs"
+  test -z "$ac_cv_path_NM" && ac_cv_path_NM=nm
+fi])
+NM="$ac_cv_path_NM"
+AC_MSG_RESULT([$NM])
+AC_SUBST(NM)
+])
 
-dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
-dnl   [ACTION-IF-NOT-FOUND])
-dnl ---------------------------------------------------------------------
-dnl Since: 0.29
-dnl
-dnl Checks for existence of MODULES and gathers its build flags with
-dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
-dnl and VARIABLE-PREFIX_LIBS from --libs.
-dnl
-dnl Note that if there is a possibility the first call to
-dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
-dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
-dnl configure.ac.
-AC_DEFUN([PKG_CHECK_MODULES_STATIC],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-_save_PKG_CONFIG=$PKG_CONFIG
-PKG_CONFIG="$PKG_CONFIG --static"
-PKG_CHECK_MODULES($@)
-PKG_CONFIG=$_save_PKG_CONFIG[]dnl
-])dnl PKG_CHECK_MODULES_STATIC
+# AC_CHECK_LIBM - check for math library
+AC_DEFUN(AC_CHECK_LIBM,
+[AC_REQUIRE([AC_CANONICAL_HOST])dnl
+LIBM=
+case "$host" in
+*-*-beos* | *-*-cygwin*)
+  # These system don't have libm
+  ;;
+*-ncr-sysv4.3*)
+  AC_CHECK_LIB(mw, _mwvalidcheckl, LIBM="-lmw")
+  AC_CHECK_LIB(m, main, LIBM="$LIBM -lm")
+  ;;
+*)
+  AC_CHECK_LIB(m, main, LIBM="-lm")
+  ;;
+esac
+])
 
+# AC_LIBLTDL_CONVENIENCE[(dir)] - sets LIBLTDL to the link flags for
+# the libltdl convenience library, adds --enable-ltdl-convenience to
+# the configure arguments.  Note that LIBLTDL is not AC_SUBSTed, nor
+# is AC_CONFIG_SUBDIRS called.  If DIR is not provided, it is assumed
+# to be `${top_builddir}/libltdl'.  Make sure you start DIR with
+# '${top_builddir}/' (note the single quotes!) if your package is not
+# flat, and, if you're not using automake, define top_builddir as
+# appropriate in the Makefiles.
+AC_DEFUN(AC_LIBLTDL_CONVENIENCE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+  case "$enable_ltdl_convenience" in
+  no) AC_MSG_ERROR([this package needs a convenience libltdl]) ;;
+  "") enable_ltdl_convenience=yes
+      ac_configure_args="$ac_configure_args --enable-ltdl-convenience" ;;
+  esac
+  LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdlc.la
+  INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl'])
+])
 
-dnl PKG_INSTALLDIR([DIRECTORY])
-dnl -------------------------
-dnl Since: 0.27
-dnl
-dnl Substitutes the variable pkgconfigdir as the location where a module
-dnl should install pkg-config .pc files. By default the directory is
-dnl $libdir/pkgconfig, but the default can be changed by passing
-dnl DIRECTORY. The user can override through the --with-pkgconfigdir
-dnl parameter.
-AC_DEFUN([PKG_INSTALLDIR],
-[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
-m4_pushdef([pkg_description],
-    [pkg-config installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([pkgconfigdir],
-    [AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
-    [with_pkgconfigdir=]pkg_default)
-AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-])dnl PKG_INSTALLDIR
+# AC_LIBLTDL_INSTALLABLE[(dir)] - sets LIBLTDL to the link flags for
+# the libltdl installable library, and adds --enable-ltdl-install to
+# the configure arguments.  Note that LIBLTDL is not AC_SUBSTed, nor
+# is AC_CONFIG_SUBDIRS called.  If DIR is not provided, it is assumed
+# to be `${top_builddir}/libltdl'.  Make sure you start DIR with
+# '${top_builddir}/' (note the single quotes!) if your package is not
+# flat, and, if you're not using automake, define top_builddir as
+# appropriate in the Makefiles.
+# In the future, this macro may have to be called after AC_PROG_LIBTOOL.
+AC_DEFUN(AC_LIBLTDL_INSTALLABLE, [AC_BEFORE([$0],[AC_LIBTOOL_SETUP])dnl
+  AC_CHECK_LIB(ltdl, main,
+  [test x"$enable_ltdl_install" != xyes && enable_ltdl_install=no],
+  [if test x"$enable_ltdl_install" = xno; then
+     AC_MSG_WARN([libltdl not installed, but installation disabled])
+   else
+     enable_ltdl_install=yes
+   fi
+  ])
+  if test x"$enable_ltdl_install" = x"yes"; then
+    ac_configure_args="$ac_configure_args --enable-ltdl-install"
+    LIBLTDL=ifelse($#,1,$1,['${top_builddir}/libltdl'])/libltdl.la
+    INCLTDL=ifelse($#,1,-I$1,['-I${top_builddir}/libltdl'])
+  else
+    ac_configure_args="$ac_configure_args --enable-ltdl-install=no"
+    LIBLTDL="-lltdl"
+    INCLTDL=
+  fi
+])
 
+dnl old names
+AC_DEFUN(AM_PROG_LIBTOOL, [indir([AC_PROG_LIBTOOL])])dnl
+AC_DEFUN(AM_ENABLE_SHARED, [indir([AC_ENABLE_SHARED], $@)])dnl
+AC_DEFUN(AM_ENABLE_STATIC, [indir([AC_ENABLE_STATIC], $@)])dnl
+AC_DEFUN(AM_DISABLE_SHARED, [indir([AC_DISABLE_SHARED], $@)])dnl
+AC_DEFUN(AM_DISABLE_STATIC, [indir([AC_DISABLE_STATIC], $@)])dnl
+AC_DEFUN(AM_PROG_LD, [indir([AC_PROG_LD])])dnl
+AC_DEFUN(AM_PROG_NM, [indir([AC_PROG_NM])])dnl
 
-dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
-dnl --------------------------------
-dnl Since: 0.27
-dnl
-dnl Substitutes the variable noarch_pkgconfigdir as the location where a
-dnl module should install arch-independent pkg-config .pc files. By
-dnl default the directory is $datadir/pkgconfig, but the default can be
-dnl changed by passing DIRECTORY. The user can override through the
-dnl --with-noarch-pkgconfigdir parameter.
-AC_DEFUN([PKG_NOARCH_INSTALLDIR],
-[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
-m4_pushdef([pkg_description],
-    [pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
-AC_ARG_WITH([noarch-pkgconfigdir],
-    [AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
-    [with_noarch_pkgconfigdir=]pkg_default)
-AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
-m4_popdef([pkg_default])
-m4_popdef([pkg_description])
-])dnl PKG_NOARCH_INSTALLDIR
-
-
-dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
-dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
-dnl -------------------------------------------
-dnl Since: 0.28
-dnl
-dnl Retrieves the value of the pkg-config variable for the given module.
-AC_DEFUN([PKG_CHECK_VAR],
-[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
-AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
-
-_PKG_CONFIG([$1], [variable="][$3]["], [$2])
-AS_VAR_COPY([$1], [pkg_cv_][$1])
-
-AS_VAR_IF([$1], [""], [$5], [$4])dnl
-])dnl PKG_CHECK_VAR
-
-m4_include([m4/ax_check_openssl.m4])
-m4_include([m4/ax_posix_shell.m4])
-m4_include([m4/ax_pthread.m4])
-m4_include([m4/libtool.m4])
-m4_include([m4/ltoptions.m4])
-m4_include([m4/ltsugar.m4])
-m4_include([m4/ltversion.m4])
-m4_include([m4/lt~obsolete.m4])
+dnl This is just to silence aclocal about the macro not being used
+ifelse([AC_DISABLE_FAST_INSTALL])dnl

autogen.sh

@@ -1,13 +0,0 @@
-#!/bin/sh
-#
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-# Run this script after modifying configure.in to generate configure
-autoreconf -f -i

bin/Makefile.in

@@ -1,18 +1,23 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
+# Copyright (C) 1998, 1999  Internet Software Consortium.
+# 
+# Permission to use, copy, modify, and distribute this software for any
+# purpose with or without fee is hereby granted, provided that the above
+# copyright notice and this permission notice appear in all copies.
+# 
+# THE SOFTWARE IS PROVIDED "AS IS" AND INTERNET SOFTWARE CONSORTIUM DISCLAIMS
+# ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES
+# OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL INTERNET SOFTWARE
+# CONSORTIUM BE LIABLE FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL
+# DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR
+# PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS
+# ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS
+# SOFTWARE.
 
 srcdir =	@srcdir@
 VPATH =		@srcdir@
 top_srcdir =	@top_srcdir@
 
-SUBDIRS =	named rndc dig delv dnssec tools nsupdate check confgen \
-		@NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests
+SUBDIRS =	named tests
 TARGETS =
 
 @BIND9_MAKE_RULES@

bin/check/.gitignore

@@ -1,3 +0,0 @@
-.libs
-named-checkconf
-named-checkzone

bin/check/Makefile.in

@@ -1,102 +0,0 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-srcdir =	@srcdir@
-VPATH =		@srcdir@
-top_srcdir =	@top_srcdir@
-
-VERSION=@BIND9_VERSION@
-
-@BIND9_MAKE_INCLUDES@
-
-CINCLUDES =	${NS_INCLUDES} ${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
-		${ISC_INCLUDES} @OPENSSL_INCLUDES@
-
-CDEFINES = 	-DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
-CWARNINGS =
-
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
-BIND9LIBS =	../../lib/bind9/libbind9.@A@
-NSLIBS =	../../lib/ns/libns.@A@
-
-DNSDEPLIBS =	../../lib/dns/libdns.@A@
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCDEPLIBS =	../../lib/isc/libisc.@A@
-BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
-NSDEPENDLIBS =	../../lib/ns/libns.@A@
-
-LIBS =		${ISCLIBS} @LIBS@
-NOSYMLIBS =	${ISCNOSYMLIBS} @LIBS@
-
-SUBDIRS =
-
-# Alphabetically
-TARGETS =	named-checkconf@EXEEXT@ named-checkzone@EXEEXT@
-
-# Alphabetically
-SRCS =		named-checkconf.c named-checkzone.c check-tool.c
-
-MANPAGES =	named-checkconf.8 named-checkzone.8
-
-HTMLPAGES =	named-checkconf.html named-checkzone.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
-
-@BIND9_MAKE_RULES@
-
-named-checkconf.@O@: named-checkconf.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-		-DVERSION=\"${VERSION}\" \
-		-c ${srcdir}/named-checkconf.c
-
-named-checkzone.@O@: named-checkzone.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-		-DVERSION=\"${VERSION}\" \
-		-c ${srcdir}/named-checkzone.c
-
-named-checkconf@EXEEXT@: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
-		${NSDEPENDLIBS} ${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
-	export BASEOBJS="named-checkconf.@O@ check-tool.@O@"; \
-	export LIBS0="${NSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
-	${FINALBUILDCMD}
-
-named-checkzone@EXEEXT@: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} \
-		${NSDEPENDLIBS} ${DNSDEPLIBS}
-	export BASEOBJS="named-checkzone.@O@ check-tool.@O@"; \
-	export LIBS0="${NSLIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
-	${FINALBUILDCMD}
-
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
-
-install:: named-checkconf@EXEEXT@ named-checkzone@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkconf@EXEEXT@ ${DESTDIR}${sbindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkzone@EXEEXT@ ${DESTDIR}${sbindir}
-	(cd ${DESTDIR}${sbindir}; rm -f named-compilezone@EXEEXT@; ${LINK_PROGRAM} named-checkzone@EXEEXT@ named-compilezone@EXEEXT@)
-	for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8 || exit 1; done
-	(cd ${DESTDIR}${mandir}/man8; rm -f named-compilezone.8; ${LINK_PROGRAM} named-checkzone.8 named-compilezone.8)
-
-uninstall::
-	rm -f ${DESTDIR}${mandir}/man8/named-compilezone.8
-	for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m || exit 1; done
-	rm -f ${DESTDIR}${sbindir}/named-compilezone@EXEEXT@
-	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-checkconf@EXEEXT@
-	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-checkzone@EXEEXT@
-
-clean distclean::
-	rm -f ${TARGETS} r1.htm

bin/check/check-tool.c

@@ -1,773 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdbool.h>
-#include <stdio.h>
-#include <inttypes.h>
-
-#ifdef _WIN32
-#include <Winsock2.h>
-#endif
-
-#include "check-tool.h"
-#include <isc/buffer.h>
-#include <isc/log.h>
-#include <isc/mem.h>
-#include <isc/netdb.h>
-#include <isc/net.h>
-#include <isc/print.h>
-#include <isc/region.h>
-#include <isc/stdio.h>
-#include <isc/string.h>
-#include <isc/symtab.h>
-#include <isc/types.h>
-#include <isc/util.h>
-
-#include <dns/db.h>
-#include <dns/dbiterator.h>
-#include <dns/fixedname.h>
-#include <dns/log.h>
-#include <dns/name.h>
-#include <dns/rdata.h>
-#include <dns/rdataclass.h>
-#include <dns/rdataset.h>
-#include <dns/rdatasetiter.h>
-#include <dns/rdatatype.h>
-#include <dns/result.h>
-#include <dns/types.h>
-#include <dns/zone.h>
-
-#include <isccfg/log.h>
-
-#include <ns/log.h>
-
-#ifndef CHECK_SIBLING
-#define CHECK_SIBLING 1
-#endif
-
-#ifndef CHECK_LOCAL
-#define CHECK_LOCAL 1
-#endif
-
-#define CHECK(r) \
-	do { \
-		result = (r); \
-		if (result != ISC_R_SUCCESS) \
-			goto cleanup; \
-	} while (0)
-
-#define ERR_IS_CNAME 1
-#define ERR_NO_ADDRESSES 2
-#define ERR_LOOKUP_FAILURE 3
-#define ERR_EXTRA_A 4
-#define ERR_EXTRA_AAAA 5
-#define ERR_MISSING_GLUE 5
-#define ERR_IS_MXCNAME 6
-#define ERR_IS_SRVCNAME 7
-
-static const char *dbtype[] = { "rbt" };
-
-int debug = 0;
-const char *journal = NULL;
-bool nomerge = true;
-#if CHECK_LOCAL
-bool docheckmx = true;
-bool dochecksrv = true;
-bool docheckns = true;
-#else
-bool docheckmx = false;
-bool dochecksrv = false;
-bool docheckns = false;
-#endif
-dns_zoneopt_t zone_options = DNS_ZONEOPT_CHECKNS |
-			     DNS_ZONEOPT_CHECKMX |
-			     DNS_ZONEOPT_MANYERRORS |
-			     DNS_ZONEOPT_CHECKNAMES |
-			     DNS_ZONEOPT_CHECKINTEGRITY |
-#if CHECK_SIBLING
-			     DNS_ZONEOPT_CHECKSIBLING |
-#endif
-			     DNS_ZONEOPT_CHECKWILDCARD |
-			     DNS_ZONEOPT_WARNMXCNAME |
-			     DNS_ZONEOPT_WARNSRVCNAME;
-
-/*
- * This needs to match the list in bin/named/log.c.
- */
-static isc_logcategory_t categories[] = {
-	{ "",		     0 },
-	{ "unmatched", 	     0 },
-	{ NULL,		     0 }
-};
-
-static isc_symtab_t *symtab = NULL;
-static isc_mem_t *sym_mctx;
-
-static void
-freekey(char *key, unsigned int type, isc_symvalue_t value, void *userarg) {
-	UNUSED(type);
-	UNUSED(value);
-	isc_mem_free(userarg, key);
-}
-
-static void
-add(char *key, int value) {
-	isc_result_t result;
-	isc_symvalue_t symvalue;
-
-	if (sym_mctx == NULL) {
-		result = isc_mem_create(0, 0, &sym_mctx);
-		if (result != ISC_R_SUCCESS)
-			return;
-	}
-
-	if (symtab == NULL) {
-		result = isc_symtab_create(sym_mctx, 100, freekey, sym_mctx,
-					   false, &symtab);
-		if (result != ISC_R_SUCCESS)
-			return;
-	}
-
-	key = isc_mem_strdup(sym_mctx, key);
-	if (key == NULL)
-		return;
-
-	symvalue.as_pointer = NULL;
-	result = isc_symtab_define(symtab, key, value, symvalue,
-				   isc_symexists_reject);
-	if (result != ISC_R_SUCCESS)
-		isc_mem_free(sym_mctx, key);
-}
-
-static bool
-logged(char *key, int value) {
-	isc_result_t result;
-
-	if (symtab == NULL)
-		return (false);
-
-	result = isc_symtab_lookup(symtab, key, value, NULL);
-	if (result == ISC_R_SUCCESS)
-		return (true);
-	return (false);
-}
-
-static bool
-checkns(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner,
-	dns_rdataset_t *a, dns_rdataset_t *aaaa)
-{
-	dns_rdataset_t *rdataset;
-	dns_rdata_t rdata = DNS_RDATA_INIT;
-	struct addrinfo hints, *ai, *cur;
-	char namebuf[DNS_NAME_FORMATSIZE + 1];
-	char ownerbuf[DNS_NAME_FORMATSIZE];
-	char addrbuf[sizeof("xxxx:xxxx:xxxx:xxxx:xxxx:xxxx:123.123.123.123")];
-	bool answer = true;
-	bool match;
-	const char *type;
-	void *ptr = NULL;
-	int result;
-
-	REQUIRE(a == NULL || !dns_rdataset_isassociated(a) ||
-		a->type == dns_rdatatype_a);
-	REQUIRE(aaaa == NULL || !dns_rdataset_isassociated(aaaa) ||
-		aaaa->type == dns_rdatatype_aaaa);
-
-	if (a == NULL || aaaa == NULL)
-		return (answer);
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_CANONNAME;
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-
-	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
-	/*
-	 * Turn off search.
-	 */
-	if (dns_name_countlabels(name) > 1U) {
-		strlcat(namebuf, ".", sizeof(namebuf));
-	}
-	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
-	result = getaddrinfo(namebuf, NULL, &hints, &ai);
-	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
-	switch (result) {
-	case 0:
-		/*
-		 * Work around broken getaddrinfo() implementations that
-		 * fail to set ai_canonname on first entry.
-		 */
-		cur = ai;
-		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL)
-			cur = cur->ai_next;
-		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0 &&
-		    !logged(namebuf, ERR_IS_CNAME)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' (out of zone) "
-				     "is a CNAME '%s' (illegal)",
-				     ownerbuf, namebuf,
-				     cur->ai_canonname);
-			/* XXX950 make fatal for 9.5.0 */
-			/* answer = false; */
-			add(namebuf, ERR_IS_CNAME);
-		}
-		break;
-	case EAI_NONAME:
-#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
-	case EAI_NODATA:
-#endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/NS '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
-		/* XXX950 make fatal for 9.5.0 */
-		return (true);
-
-	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s",
-				     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
-		return (true);
-	}
-
-	/*
-	 * Check that all glue records really exist.
-	 */
-	if (!dns_rdataset_isassociated(a))
-		goto checkaaaa;
-	result = dns_rdataset_first(a);
-	while (result == ISC_R_SUCCESS) {
-		dns_rdataset_current(a, &rdata);
-		match = false;
-		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			if (cur->ai_family != AF_INET)
-				continue;
-			ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
-			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
-				match = true;
-				break;
-			}
-		}
-		if (!match && !logged(namebuf, ERR_EXTRA_A)) {
-			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
-				     "extra GLUE A record (%s)",
-				     ownerbuf, namebuf,
-				     inet_ntop(AF_INET, rdata.data,
-					       addrbuf, sizeof(addrbuf)));
-			add(namebuf, ERR_EXTRA_A);
-			/* XXX950 make fatal for 9.5.0 */
-			/* answer = false; */
-		}
-		dns_rdata_reset(&rdata);
-		result = dns_rdataset_next(a);
-	}
-
- checkaaaa:
-	if (!dns_rdataset_isassociated(aaaa))
-		goto checkmissing;
-	result = dns_rdataset_first(aaaa);
-	while (result == ISC_R_SUCCESS) {
-		dns_rdataset_current(aaaa, &rdata);
-		match = false;
-		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			if (cur->ai_family != AF_INET6)
-				continue;
-			ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
-			if (memcmp(ptr, rdata.data, rdata.length) == 0) {
-				match = true;
-				break;
-			}
-		}
-		if (!match && !logged(namebuf, ERR_EXTRA_AAAA)) {
-			dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
-				     "extra GLUE AAAA record (%s)",
-				     ownerbuf, namebuf,
-				     inet_ntop(AF_INET6, rdata.data,
-					       addrbuf, sizeof(addrbuf)));
-			add(namebuf, ERR_EXTRA_AAAA);
-			/* XXX950 make fatal for 9.5.0. */
-			/* answer = false; */
-		}
-		dns_rdata_reset(&rdata);
-		result = dns_rdataset_next(aaaa);
-	}
-
- checkmissing:
-	/*
-	 * Check that all addresses appear in the glue.
-	 */
-	if (!logged(namebuf, ERR_MISSING_GLUE)) {
-		bool missing_glue = false;
-		for (cur = ai; cur != NULL; cur = cur->ai_next) {
-			switch (cur->ai_family) {
-			case AF_INET:
-				rdataset = a;
-				ptr = &((struct sockaddr_in *)(cur->ai_addr))->sin_addr;
-				type = "A";
-				break;
-			case AF_INET6:
-				rdataset = aaaa;
-				ptr = &((struct sockaddr_in6 *)(cur->ai_addr))->sin6_addr;
-				type = "AAAA";
-				break;
-			default:
-				 continue;
-			}
-			match = false;
-			if (dns_rdataset_isassociated(rdataset))
-				result = dns_rdataset_first(rdataset);
-			else
-				result = ISC_R_FAILURE;
-			while (result == ISC_R_SUCCESS && !match) {
-				dns_rdataset_current(rdataset, &rdata);
-				if (memcmp(ptr, rdata.data, rdata.length) == 0)
-					match = true;
-				dns_rdata_reset(&rdata);
-				result = dns_rdataset_next(rdataset);
-			}
-			if (!match) {
-				dns_zone_log(zone, ISC_LOG_ERROR, "%s/NS '%s' "
-					     "missing GLUE %s record (%s)",
-					     ownerbuf, namebuf, type,
-					     inet_ntop(cur->ai_family, ptr,
-						       addrbuf, sizeof(addrbuf)));
-				/* XXX950 make fatal for 9.5.0. */
-				/* answer = false; */
-				missing_glue = true;
-			}
-		}
-		if (missing_glue)
-			add(namebuf, ERR_MISSING_GLUE);
-	}
-	freeaddrinfo(ai);
-	return (answer);
-}
-
-static bool
-checkmx(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
-	struct addrinfo hints, *ai, *cur;
-	char namebuf[DNS_NAME_FORMATSIZE + 1];
-	char ownerbuf[DNS_NAME_FORMATSIZE];
-	int result;
-	int level = ISC_LOG_ERROR;
-	bool answer = true;
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_CANONNAME;
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-
-	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
-	/*
-	 * Turn off search.
-	 */
-	if (dns_name_countlabels(name) > 1U) {
-		strlcat(namebuf, ".", sizeof(namebuf));
-	}
-	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
-	result = getaddrinfo(namebuf, NULL, &hints, &ai);
-	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
-	switch (result) {
-	case 0:
-		/*
-		 * Work around broken getaddrinfo() implementations that
-		 * fail to set ai_canonname on first entry.
-		 */
-		cur = ai;
-		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL)
-			cur = cur->ai_next;
-		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
-			if ((zone_options & DNS_ZONEOPT_WARNMXCNAME) != 0)
-				level = ISC_LOG_WARNING;
-			if ((zone_options & DNS_ZONEOPT_IGNOREMXCNAME) == 0) {
-				if (!logged(namebuf, ERR_IS_MXCNAME)) {
-					dns_zone_log(zone, level,
-						     "%s/MX '%s' (out of zone)"
-						     " is a CNAME '%s' "
-						     "(illegal)",
-						     ownerbuf, namebuf,
-						     cur->ai_canonname);
-					add(namebuf, ERR_IS_MXCNAME);
-				}
-				if (level == ISC_LOG_ERROR)
-					answer = false;
-			}
-		}
-		freeaddrinfo(ai);
-		return (answer);
-
-	case EAI_NONAME:
-#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
-	case EAI_NODATA:
-#endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/MX '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
-		/* XXX950 make fatal for 9.5.0. */
-		return (true);
-
-	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-			     "getaddrinfo(%s) failed: %s",
-			     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
-		return (true);
-	}
-}
-
-static bool
-checksrv(dns_zone_t *zone, const dns_name_t *name, const dns_name_t *owner) {
-	struct addrinfo hints, *ai, *cur;
-	char namebuf[DNS_NAME_FORMATSIZE + 1];
-	char ownerbuf[DNS_NAME_FORMATSIZE];
-	int result;
-	int level = ISC_LOG_ERROR;
-	bool answer = true;
-
-	memset(&hints, 0, sizeof(hints));
-	hints.ai_flags = AI_CANONNAME;
-	hints.ai_family = PF_UNSPEC;
-	hints.ai_socktype = SOCK_STREAM;
-	hints.ai_protocol = IPPROTO_TCP;
-
-	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
-	/*
-	 * Turn off search.
-	 */
-	if (dns_name_countlabels(name) > 1U) {
-		strlcat(namebuf, ".", sizeof(namebuf));
-	}
-	dns_name_format(owner, ownerbuf, sizeof(ownerbuf));
-
-	result = getaddrinfo(namebuf, NULL, &hints, &ai);
-	dns_name_format(name, namebuf, sizeof(namebuf) - 1);
-	switch (result) {
-	case 0:
-		/*
-		 * Work around broken getaddrinfo() implementations that
-		 * fail to set ai_canonname on first entry.
-		 */
-		cur = ai;
-		while (cur != NULL && cur->ai_canonname == NULL &&
-		       cur->ai_next != NULL)
-			cur = cur->ai_next;
-		if (cur != NULL && cur->ai_canonname != NULL &&
-		    strcasecmp(cur->ai_canonname, namebuf) != 0) {
-			if ((zone_options & DNS_ZONEOPT_WARNSRVCNAME) != 0)
-				level = ISC_LOG_WARNING;
-			if ((zone_options & DNS_ZONEOPT_IGNORESRVCNAME) == 0) {
-				if (!logged(namebuf, ERR_IS_SRVCNAME)) {
-					dns_zone_log(zone, level, "%s/SRV '%s'"
-						     " (out of zone) is a "
-						     "CNAME '%s' (illegal)",
-						     ownerbuf, namebuf,
-						     cur->ai_canonname);
-					add(namebuf, ERR_IS_SRVCNAME);
-				}
-				if (level == ISC_LOG_ERROR)
-					answer = false;
-			}
-		}
-		freeaddrinfo(ai);
-		return (answer);
-
-	case EAI_NONAME:
-#if defined(EAI_NODATA) && (EAI_NODATA != EAI_NONAME)
-	case EAI_NODATA:
-#endif
-		if (!logged(namebuf, ERR_NO_ADDRESSES)) {
-			dns_zone_log(zone, ISC_LOG_ERROR,
-				     "%s/SRV '%s' (out of zone) "
-				     "has no addresses records (A or AAAA)",
-				     ownerbuf, namebuf);
-			add(namebuf, ERR_NO_ADDRESSES);
-		}
-		/* XXX950 make fatal for 9.5.0. */
-		return (true);
-
-	default:
-		if (!logged(namebuf, ERR_LOOKUP_FAILURE)) {
-			dns_zone_log(zone, ISC_LOG_WARNING,
-				     "getaddrinfo(%s) failed: %s",
-				     namebuf, gai_strerror(result));
-			add(namebuf, ERR_LOOKUP_FAILURE);
-		}
-		return (true);
-	}
-}
-
-isc_result_t
-setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp) {
-	isc_logdestination_t destination;
-	isc_logconfig_t *logconfig = NULL;
-	isc_log_t *log = NULL;
-
-	RUNTIME_CHECK(isc_log_create(mctx, &log, &logconfig) == ISC_R_SUCCESS);
-	isc_log_registercategories(log, categories);
-	isc_log_setcontext(log);
-	dns_log_init(log);
-	dns_log_setcontext(log);
-	cfg_log_init(log);
-	ns_log_init(log);
-
-	destination.file.stream = errout;
-	destination.file.name = NULL;
-	destination.file.versions = ISC_LOG_ROLLNEVER;
-	destination.file.maximum_size = 0;
-	RUNTIME_CHECK(isc_log_createchannel(logconfig, "stderr",
-				       ISC_LOG_TOFILEDESC,
-				       ISC_LOG_DYNAMIC,
-				       &destination, 0) == ISC_R_SUCCESS);
-	RUNTIME_CHECK(isc_log_usechannel(logconfig, "stderr",
-					 NULL, NULL) == ISC_R_SUCCESS);
-
-	*logp = log;
-	return (ISC_R_SUCCESS);
-}
-
-/*% scan the zone for oversize TTLs */
-static isc_result_t
-check_ttls(dns_zone_t *zone, dns_ttl_t maxttl) {
-	isc_result_t result;
-	dns_db_t *db = NULL;
-	dns_dbversion_t *version = NULL;
-	dns_dbnode_t *node = NULL;
-	dns_dbiterator_t *dbiter = NULL;
-	dns_rdatasetiter_t *rdsiter = NULL;
-	dns_rdataset_t rdataset;
-	dns_fixedname_t fname;
-	dns_name_t *name;
-	name = dns_fixedname_initname(&fname);
-	dns_rdataset_init(&rdataset);
-
-	CHECK(dns_zone_getdb(zone, &db));
-	INSIST(db != NULL);
-
-	CHECK(dns_db_newversion(db, &version));
-	CHECK(dns_db_createiterator(db, 0, &dbiter));
-
-	for (result = dns_dbiterator_first(dbiter);
-	     result == ISC_R_SUCCESS;
-	     result = dns_dbiterator_next(dbiter)) {
-		result = dns_dbiterator_current(dbiter, &node, name);
-		if (result == DNS_R_NEWORIGIN)
-			result = ISC_R_SUCCESS;
-		CHECK(result);
-
-		CHECK(dns_db_allrdatasets(db, node, version, 0, &rdsiter));
-		for (result = dns_rdatasetiter_first(rdsiter);
-		     result == ISC_R_SUCCESS;
-		     result = dns_rdatasetiter_next(rdsiter)) {
-			dns_rdatasetiter_current(rdsiter, &rdataset);
-			if (rdataset.ttl > maxttl) {
-				char nbuf[DNS_NAME_FORMATSIZE];
-				char tbuf[255];
-				isc_buffer_t b;
-				isc_region_t r;
-
-				dns_name_format(name, nbuf, sizeof(nbuf));
-				isc_buffer_init(&b, tbuf, sizeof(tbuf) - 1);
-				CHECK(dns_rdatatype_totext(rdataset.type, &b));
-				isc_buffer_usedregion(&b, &r);
-				r.base[r.length] = 0;
-
-				dns_zone_log(zone, ISC_LOG_ERROR,
-					     "%s/%s TTL %d exceeds "
-					     "maximum TTL %d",
-					     nbuf, tbuf, rdataset.ttl, maxttl);
-				dns_rdataset_disassociate(&rdataset);
-				CHECK(ISC_R_RANGE);
-			}
-			dns_rdataset_disassociate(&rdataset);
-		}
-		if (result == ISC_R_NOMORE)
-			result = ISC_R_SUCCESS;
-		CHECK(result);
-
-		dns_rdatasetiter_destroy(&rdsiter);
-		dns_db_detachnode(db, &node);
-	}
-
-	if (result == ISC_R_NOMORE)
-		result = ISC_R_SUCCESS;
-
- cleanup:
-	if (node != NULL)
-		dns_db_detachnode(db, &node);
-	if (rdsiter != NULL)
-		dns_rdatasetiter_destroy(&rdsiter);
-	if (dbiter != NULL)
-		dns_dbiterator_destroy(&dbiter);
-	if (version != NULL)
-		dns_db_closeversion(db, &version, false);
-	if (db != NULL)
-		dns_db_detach(&db);
-
-	return (result);
-}
-
-/*% load the zone */
-isc_result_t
-load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
-	  dns_masterformat_t fileformat, const char *classname,
-	  dns_ttl_t maxttl, dns_zone_t **zonep)
-{
-	isc_result_t result;
-	dns_rdataclass_t rdclass;
-	isc_textregion_t region;
-	isc_buffer_t buffer;
-	dns_fixedname_t fixorigin;
-	dns_name_t *origin;
-	dns_zone_t *zone = NULL;
-
-	REQUIRE(zonep == NULL || *zonep == NULL);
-
-	if (debug)
-		fprintf(stderr, "loading \"%s\" from \"%s\" class \"%s\"\n",
-			zonename, filename, classname);
-
-	CHECK(dns_zone_create(&zone, mctx));
-
-	dns_zone_settype(zone, dns_zone_master);
-
-	isc_buffer_constinit(&buffer, zonename, strlen(zonename));
-	isc_buffer_add(&buffer, strlen(zonename));
-	origin = dns_fixedname_initname(&fixorigin);
-	CHECK(dns_name_fromtext(origin, &buffer, dns_rootname, 0, NULL));
-	CHECK(dns_zone_setorigin(zone, origin));
-	CHECK(dns_zone_setdbtype(zone, 1, (const char * const *) dbtype));
-	CHECK(dns_zone_setfile(zone, filename, fileformat,
-			       &dns_master_style_default));
-	if (journal != NULL)
-		CHECK(dns_zone_setjournal(zone, journal));
-
-	DE_CONST(classname, region.base);
-	region.length = strlen(classname);
-	CHECK(dns_rdataclass_fromtext(&rdclass, &region));
-
-	dns_zone_setclass(zone, rdclass);
-	dns_zone_setoption(zone, zone_options, true);
-	dns_zone_setoption(zone, DNS_ZONEOPT_NOMERGE, nomerge);
-
-	dns_zone_setmaxttl(zone, maxttl);
-
-	if (docheckmx)
-		dns_zone_setcheckmx(zone, checkmx);
-	if (docheckns)
-		dns_zone_setcheckns(zone, checkns);
-	if (dochecksrv)
-		dns_zone_setchecksrv(zone, checksrv);
-
-	CHECK(dns_zone_load(zone, false));
-
-	/*
-	 * When loading map files we can't catch oversize TTLs during
-	 * load, so we check for them here.
-	 */
-	if (fileformat == dns_masterformat_map && maxttl != 0) {
-		CHECK(check_ttls(zone, maxttl));
-	}
-
-	if (zonep != NULL) {
-		*zonep = zone;
-		zone = NULL;
-	}
-
- cleanup:
-	if (zone != NULL)
-		dns_zone_detach(&zone);
-	return (result);
-}
-
-/*% dump the zone */
-isc_result_t
-dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
-	  dns_masterformat_t fileformat, const dns_master_style_t *style,
-	  const uint32_t rawversion)
-{
-	isc_result_t result;
-	FILE *output = stdout;
-	const char *flags;
-
-	flags = (fileformat == dns_masterformat_text) ? "w+" : "wb+";
-
-	if (debug) {
-		if (filename != NULL && strcmp(filename, "-") != 0)
-			fprintf(stderr, "dumping \"%s\" to \"%s\"\n",
-				zonename, filename);
-		else
-			fprintf(stderr, "dumping \"%s\"\n", zonename);
-	}
-
-	if (filename != NULL && strcmp(filename, "-") != 0) {
-		result = isc_stdio_open(filename, flags, &output);
-
-		if (result != ISC_R_SUCCESS) {
-			fprintf(stderr, "could not open output "
-				"file \"%s\" for writing\n", filename);
-			return (ISC_R_FAILURE);
-		}
-	}
-
-	result = dns_zone_dumptostream(zone, output, fileformat, style,
-				       rawversion);
-	if (output != stdout)
-		(void)isc_stdio_close(output);
-
-	return (result);
-}
-
-#ifdef _WIN32
-void
-InitSockets(void) {
-	WORD wVersionRequested;
-	WSADATA wsaData;
-	int err;
-
-	wVersionRequested = MAKEWORD(2, 0);
-
-	err = WSAStartup( wVersionRequested, &wsaData );
-	if (err != 0) {
-		fprintf(stderr, "WSAStartup() failed: %d\n", err);
-		exit(1);
-	}
-}
-
-void
-DestroySockets(void) {
-	WSACleanup();
-}
-#endif

bin/check/check-tool.h

@@ -1,59 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-#ifndef CHECK_TOOL_H
-#define CHECK_TOOL_H
-
-/*! \file */
-
-#include <inttypes.h>
-#include <stdbool.h>
-
-#include <isc/lang.h>
-#include <isc/stdio.h>
-#include <isc/types.h>
-
-#include <dns/masterdump.h>
-#include <dns/types.h>
-#include <dns/zone.h>
-
-ISC_LANG_BEGINDECLS
-
-isc_result_t
-setup_logging(isc_mem_t *mctx, FILE *errout, isc_log_t **logp);
-
-isc_result_t
-load_zone(isc_mem_t *mctx, const char *zonename, const char *filename,
-	  dns_masterformat_t fileformat, const char *classname,
-	  dns_ttl_t maxttl, dns_zone_t **zonep);
-
-isc_result_t
-dump_zone(const char *zonename, dns_zone_t *zone, const char *filename,
-	  dns_masterformat_t fileformat, const dns_master_style_t *style,
-	  const uint32_t rawversion);
-
-#ifdef _WIN32
-void InitSockets(void);
-void DestroySockets(void);
-#endif
-
-extern int debug;
-extern const char *journal;
-extern bool nomerge;
-extern bool docheckmx;
-extern bool docheckns;
-extern bool dochecksrv;
-extern dns_zoneopt_t zone_options;
-
-ISC_LANG_ENDDECLS
-
-#endif

bin/check/named-checkconf.8

@@ -1,140 +0,0 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
-.\"
-.hy 0
-.ad l
-'\" t
-.\"     Title: named-checkconf
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 2014-01-10
-.\"    Manual: BIND9
-.\"    Source: ISC
-.\"  Language: English
-.\"
-.TH "NAMED\-CHECKCONF" "8" "2014\-01\-10" "ISC" "BIND9"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-named-checkconf \- named configuration file syntax checking tool
-.SH "SYNOPSIS"
-.HP \w'\fBnamed\-checkconf\fR\ 'u
-\fBnamed\-checkconf\fR [\fB\-hjlvz\fR] [\fB\-p\fR\ [\fB\-x\fR\ ]] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] {filename}
-.SH "DESCRIPTION"
-.PP
-\fBnamed\-checkconf\fR
-checks the syntax, but not the semantics, of a
-\fBnamed\fR
-configuration file\&. The file is parsed and checked for syntax errors, along with all files included by it\&. If no file is specified,
-/etc/named\&.conf
-is read by default\&.
-.PP
-Note: files that
-\fBnamed\fR
-reads in separate parser contexts, such as
-rndc\&.key
-and
-bind\&.keys, are not automatically read by
-\fBnamed\-checkconf\fR\&. Configuration errors in these files may cause
-\fBnamed\fR
-to fail to run, even if
-\fBnamed\-checkconf\fR
-was successful\&.
-\fBnamed\-checkconf\fR
-can be run on these files explicitly, however\&.
-.SH "OPTIONS"
-.PP
-\-h
-.RS 4
-Print the usage summary and exit\&.
-.RE
-.PP
-\-j
-.RS 4
-When loading a zonefile read the journal if it exists\&.
-.RE
-.PP
-\-l
-.RS 4
-List all the configured zones\&. Each line of output contains the zone name, class (e\&.g\&. IN), view, and type (e\&.g\&. master or slave)\&.
-.RE
-.PP
-\-p
-.RS 4
-Print out the
-named\&.conf
-and included files in canonical form if no errors were detected\&. See also the
-\fB\-x\fR
-option\&.
-.RE
-.PP
-\-t \fIdirectory\fR
-.RS 4
-Chroot to
-directory
-so that include directives in the configuration file are processed as if run by a similarly chrooted
-\fBnamed\fR\&.
-.RE
-.PP
-\-v
-.RS 4
-Print the version of the
-\fBnamed\-checkconf\fR
-program and exit\&.
-.RE
-.PP
-\-x
-.RS 4
-When printing the configuration files in canonical form, obscure shared secrets by replacing them with strings of question marks (\*(Aq?\*(Aq)\&. This allows the contents of
-named\&.conf
-and related files to be shared \(em for example, when submitting bug reports \(em without compromising private data\&. This option cannot be used without
-\fB\-p\fR\&.
-.RE
-.PP
-\-z
-.RS 4
-Perform a test load of all master zones found in
-named\&.conf\&.
-.RE
-.PP
-filename
-.RS 4
-The name of the configuration file to be checked\&. If not specified, it defaults to
-/etc/named\&.conf\&.
-.RE
-.SH "RETURN VALUES"
-.PP
-\fBnamed\-checkconf\fR
-returns an exit status of 1 if errors were detected and 0 otherwise\&.
-.SH "SEE ALSO"
-.PP
-\fBnamed\fR(8),
-\fBnamed-checkzone\fR(8),
-BIND 9 Administrator Reference Manual\&.
-.SH "AUTHOR"
-.PP
-\fBInternet Systems Consortium, Inc\&.\fR
-.SH "COPYRIGHT"
-.br
-Copyright \(co 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/check/named-checkconf.c

@@ -1,707 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-/*! \file */
-
-#include <config.h>
-
-#include <errno.h>
-#include <stdbool.h>
-#include <stdlib.h>
-#include <stdio.h>
-
-#include <isc/commandline.h>
-#include <isc/dir.h>
-#include <isc/hash.h>
-#include <isc/log.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/result.h>
-#include <isc/string.h>
-#include <isc/util.h>
-
-#include <isccfg/namedconf.h>
-
-#include <bind9/check.h>
-
-#include <dns/db.h>
-#include <dns/fixedname.h>
-#include <dns/log.h>
-#include <dns/name.h>
-#include <dns/rdataclass.h>
-#include <dns/result.h>
-#include <dns/rootns.h>
-#include <dns/zone.h>
-
-#include "check-tool.h"
-
-static const char *program = "named-checkconf";
-
-isc_log_t *logc = NULL;
-
-#define CHECK(r)\
-	do { \
-		result = (r); \
-		if (result != ISC_R_SUCCESS) \
-			goto cleanup; \
-	} while (0)
-
-/*% usage */
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr, "usage: %s [-hjlvz] [-p [-x]] [-t directory] "
-		"[named.conf]\n", program);
-	exit(1);
-}
-
-/*% directory callback */
-static isc_result_t
-directory_callback(const char *clausename, const cfg_obj_t *obj, void *arg) {
-	isc_result_t result;
-	const char *directory;
-
-	REQUIRE(strcasecmp("directory", clausename) == 0);
-
-	UNUSED(arg);
-	UNUSED(clausename);
-
-	/*
-	 * Change directory.
-	 */
-	directory = cfg_obj_asstring(obj);
-	result = isc_dir_chdir(directory);
-	if (result != ISC_R_SUCCESS) {
-		cfg_obj_log(obj, logc, ISC_LOG_ERROR,
-			    "change directory to '%s' failed: %s\n",
-			    directory, isc_result_totext(result));
-		return (result);
-	}
-
-	return (ISC_R_SUCCESS);
-}
-
-static bool
-get_maps(const cfg_obj_t **maps, const char *name, const cfg_obj_t **obj) {
-	int i;
-	for (i = 0;; i++) {
-		if (maps[i] == NULL)
-			return (false);
-		if (cfg_map_get(maps[i], name, obj) == ISC_R_SUCCESS)
-			return (true);
-	}
-}
-
-static bool
-get_checknames(const cfg_obj_t **maps, const cfg_obj_t **obj) {
-	const cfg_listelt_t *element;
-	const cfg_obj_t *checknames;
-	const cfg_obj_t *type;
-	const cfg_obj_t *value;
-	isc_result_t result;
-	int i;
-
-	for (i = 0;; i++) {
-		if (maps[i] == NULL)
-			return (false);
-		checknames = NULL;
-		result = cfg_map_get(maps[i], "check-names", &checknames);
-		if (result != ISC_R_SUCCESS)
-			continue;
-		if (checknames != NULL && !cfg_obj_islist(checknames)) {
-			*obj = checknames;
-			return (true);
-		}
-		for (element = cfg_list_first(checknames);
-		     element != NULL;
-		     element = cfg_list_next(element)) {
-			value = cfg_listelt_value(element);
-			type = cfg_tuple_get(value, "type");
-			if ((strcasecmp(cfg_obj_asstring(type),
-					"primary") != 0) &&
-			    (strcasecmp(cfg_obj_asstring(type),
-					"master") != 0))
-			{
-				continue;
-			}
-			*obj = cfg_tuple_get(value, "mode");
-			return (true);
-		}
-	}
-}
-
-static isc_result_t
-configure_hint(const char *zfile, const char *zclass, isc_mem_t *mctx) {
-	isc_result_t result;
-	dns_db_t *db = NULL;
-	dns_rdataclass_t rdclass;
-	isc_textregion_t r;
-
-	if (zfile == NULL)
-		return (ISC_R_FAILURE);
-
-	DE_CONST(zclass, r.base);
-	r.length = strlen(zclass);
-	result = dns_rdataclass_fromtext(&rdclass, &r);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	result = dns_rootns_create(mctx, rdclass, zfile, &db);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-
-	dns_db_detach(&db);
-	return (ISC_R_SUCCESS);
-}
-
-/*% configure the zone */
-static isc_result_t
-configure_zone(const char *vclass, const char *view,
-	       const cfg_obj_t *zconfig, const cfg_obj_t *vconfig,
-	       const cfg_obj_t *config, isc_mem_t *mctx, bool list)
-{
-	int i = 0;
-	isc_result_t result;
-	const char *zclass;
-	const char *zname;
-	const char *zfile = NULL;
-	const cfg_obj_t *maps[4];
-	const cfg_obj_t *mastersobj = NULL;
-	const cfg_obj_t *inviewobj = NULL;
-	const cfg_obj_t *zoptions = NULL;
-	const cfg_obj_t *classobj = NULL;
-	const cfg_obj_t *typeobj = NULL;
-	const cfg_obj_t *fileobj = NULL;
-	const cfg_obj_t *dlzobj = NULL;
-	const cfg_obj_t *dbobj = NULL;
-	const cfg_obj_t *obj = NULL;
-	const cfg_obj_t *fmtobj = NULL;
-	dns_masterformat_t masterformat;
-	dns_ttl_t maxttl = 0;
-
-	zone_options = DNS_ZONEOPT_CHECKNS | DNS_ZONEOPT_MANYERRORS;
-
-	zname = cfg_obj_asstring(cfg_tuple_get(zconfig, "name"));
-	classobj = cfg_tuple_get(zconfig, "class");
-	if (!cfg_obj_isstring(classobj))
-		zclass = vclass;
-	else
-		zclass = cfg_obj_asstring(classobj);
-
-	zoptions = cfg_tuple_get(zconfig, "options");
-	maps[i++] = zoptions;
-	if (vconfig != NULL)
-		maps[i++] = cfg_tuple_get(vconfig, "options");
-	if (config != NULL) {
-		cfg_map_get(config, "options", &obj);
-		if (obj != NULL)
-			maps[i++] = obj;
-	}
-	maps[i] = NULL;
-
-	cfg_map_get(zoptions, "in-view", &inviewobj);
-	if (inviewobj != NULL && list) {
-		const char *inview = cfg_obj_asstring(inviewobj);
-		printf("%s %s %s in-view %s\n", zname, zclass, view, inview);
-	}
-	if (inviewobj != NULL)
-		return (ISC_R_SUCCESS);
-
-	cfg_map_get(zoptions, "type", &typeobj);
-	if (typeobj == NULL)
-		return (ISC_R_FAILURE);
-
-	if (list) {
-		const char *ztype = cfg_obj_asstring(typeobj);
-		printf("%s %s %s %s\n", zname, zclass, view, ztype);
-		return (ISC_R_SUCCESS);
-	}
-
-	/*
-	 * Skip checks when using an alternate data source.
-	 */
-	cfg_map_get(zoptions, "database", &dbobj);
-	if (dbobj != NULL &&
-	    strcmp("rbt", cfg_obj_asstring(dbobj)) != 0 &&
-	    strcmp("rbt64", cfg_obj_asstring(dbobj)) != 0)
-		return (ISC_R_SUCCESS);
-
-	cfg_map_get(zoptions, "dlz", &dlzobj);
-	if (dlzobj != NULL)
-		return (ISC_R_SUCCESS);
-
-	cfg_map_get(zoptions, "file", &fileobj);
-	if (fileobj != NULL)
-		zfile = cfg_obj_asstring(fileobj);
-
-	/*
-	 * Check hints files for hint zones.
-	 * Skip loading checks for any type other than
-	 * master and redirect
-	 */
-	if (strcasecmp(cfg_obj_asstring(typeobj), "hint") == 0) {
-		return (configure_hint(zfile, zclass, mctx));
-	} else if ((strcasecmp(cfg_obj_asstring(typeobj), "primary") != 0) &&
-		   (strcasecmp(cfg_obj_asstring(typeobj), "master") != 0) &&
-		   (strcasecmp(cfg_obj_asstring(typeobj), "redirect") != 0))
-	{
-		return (ISC_R_SUCCESS);
-	}
-
-	/*
-	 * Is the redirect zone configured as a slave?
-	 */
-	if (strcasecmp(cfg_obj_asstring(typeobj), "redirect") == 0) {
-		cfg_map_get(zoptions, "masters", &mastersobj);
-		if (mastersobj != NULL)
-			return (ISC_R_SUCCESS);
-	}
-
-	if (zfile == NULL)
-		return (ISC_R_FAILURE);
-
-	obj = NULL;
-	if (get_maps(maps, "check-dup-records", &obj)) {
-		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKDUPRR;
-			zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKDUPRR;
-			zone_options |= DNS_ZONEOPT_CHECKDUPRRFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
-			zone_options &= ~DNS_ZONEOPT_CHECKDUPRR;
-			zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-		} else {
-			INSIST(0);
-			ISC_UNREACHABLE();
-		}
-	} else {
-		zone_options |= DNS_ZONEOPT_CHECKDUPRR;
-		zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-	}
-
-	obj = NULL;
-	if (get_maps(maps, "check-mx", &obj)) {
-		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKMX;
-			zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKMX;
-			zone_options |= DNS_ZONEOPT_CHECKMXFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
-			zone_options &= ~DNS_ZONEOPT_CHECKMX;
-			zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
-		} else {
-			INSIST(0);
-			ISC_UNREACHABLE();
-		}
-	} else {
-		zone_options |= DNS_ZONEOPT_CHECKMX;
-		zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
-	}
-
-	obj = NULL;
-	if (get_maps(maps, "check-integrity", &obj)) {
-		if (cfg_obj_asboolean(obj))
-			zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-		else
-			zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
-	} else
-		zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-
-	obj = NULL;
-	if (get_maps(maps, "check-mx-cname", &obj)) {
-		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
-			zone_options |= DNS_ZONEOPT_WARNMXCNAME;
-			zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
-			zone_options &= ~DNS_ZONEOPT_WARNMXCNAME;
-			zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
-			zone_options |= DNS_ZONEOPT_WARNMXCNAME;
-			zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
-		} else {
-			INSIST(0);
-			ISC_UNREACHABLE();
-		}
-	} else {
-		zone_options |= DNS_ZONEOPT_WARNMXCNAME;
-		zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
-	}
-
-	obj = NULL;
-	if (get_maps(maps, "check-srv-cname", &obj)) {
-		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
-			zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
-			zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
-			zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME;
-			zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
-			zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
-			zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
-		} else {
-			INSIST(0);
-			ISC_UNREACHABLE();
-		}
-	} else {
-		zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
-		zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
-	}
-
-	obj = NULL;
-	if (get_maps(maps, "check-sibling", &obj)) {
-		if (cfg_obj_asboolean(obj))
-			zone_options |= DNS_ZONEOPT_CHECKSIBLING;
-		else
-			zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-	}
-
-	obj = NULL;
-	if (get_maps(maps, "check-spf", &obj)) {
-		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKSPF;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
-			zone_options &= ~DNS_ZONEOPT_CHECKSPF;
-		} else {
-			INSIST(0);
-			ISC_UNREACHABLE();
-		}
-	} else {
-		zone_options |= DNS_ZONEOPT_CHECKSPF;
-	}
-
-	obj = NULL;
-	if (get_checknames(maps, &obj)) {
-		if (strcasecmp(cfg_obj_asstring(obj), "warn") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKNAMES;
-			zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "fail") == 0) {
-			zone_options |= DNS_ZONEOPT_CHECKNAMES;
-			zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
-		} else if (strcasecmp(cfg_obj_asstring(obj), "ignore") == 0) {
-			zone_options &= ~DNS_ZONEOPT_CHECKNAMES;
-			zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
-		} else {
-			INSIST(0);
-			ISC_UNREACHABLE();
-		}
-	} else {
-	       zone_options |= DNS_ZONEOPT_CHECKNAMES;
-	       zone_options |= DNS_ZONEOPT_CHECKNAMESFAIL;
-	}
-
-	masterformat = dns_masterformat_text;
-	fmtobj = NULL;
-	if (get_maps(maps, "masterfile-format", &fmtobj)) {
-		const char *masterformatstr = cfg_obj_asstring(fmtobj);
-		if (strcasecmp(masterformatstr, "text") == 0) {
-			masterformat = dns_masterformat_text;
-		} else if (strcasecmp(masterformatstr, "raw") == 0) {
-			masterformat = dns_masterformat_raw;
-		} else if (strcasecmp(masterformatstr, "map") == 0) {
-			masterformat = dns_masterformat_map;
-		} else {
-			INSIST(0);
-			ISC_UNREACHABLE();
-		}
-	}
-
-	obj = NULL;
-	if (get_maps(maps, "max-zone-ttl", &obj)) {
-		maxttl = cfg_obj_asuint32(obj);
-		zone_options |= DNS_ZONEOPT_CHECKTTL;
-	}
-
-	result = load_zone(mctx, zname, zfile, masterformat,
-			   zclass, maxttl, NULL);
-	if (result != ISC_R_SUCCESS)
-		fprintf(stderr, "%s/%s/%s: %s\n", view, zname, zclass,
-			dns_result_totext(result));
-	return (result);
-}
-
-/*% configure a view */
-static isc_result_t
-configure_view(const char *vclass, const char *view, const cfg_obj_t *config,
-	       const cfg_obj_t *vconfig, isc_mem_t *mctx, bool list)
-{
-	const cfg_listelt_t *element;
-	const cfg_obj_t *voptions;
-	const cfg_obj_t *zonelist;
-	isc_result_t result = ISC_R_SUCCESS;
-	isc_result_t tresult;
-
-	voptions = NULL;
-	if (vconfig != NULL)
-		voptions = cfg_tuple_get(vconfig, "options");
-
-	zonelist = NULL;
-	if (voptions != NULL)
-		(void)cfg_map_get(voptions, "zone", &zonelist);
-	else
-		(void)cfg_map_get(config, "zone", &zonelist);
-
-	for (element = cfg_list_first(zonelist);
-	     element != NULL;
-	     element = cfg_list_next(element))
-	{
-		const cfg_obj_t *zconfig = cfg_listelt_value(element);
-		tresult = configure_zone(vclass, view, zconfig, vconfig,
-					 config, mctx, list);
-		if (tresult != ISC_R_SUCCESS)
-			result = tresult;
-	}
-	return (result);
-}
-
-static isc_result_t
-config_getclass(const cfg_obj_t *classobj, dns_rdataclass_t defclass,
-		dns_rdataclass_t *classp)
-{
-	isc_textregion_t r;
-
-	if (!cfg_obj_isstring(classobj)) {
-		*classp = defclass;
-		return (ISC_R_SUCCESS);
-	}
-	DE_CONST(cfg_obj_asstring(classobj), r.base);
-	r.length = strlen(r.base);
-	return (dns_rdataclass_fromtext(classp, &r));
-}
-
-/*% load zones from the configuration */
-static isc_result_t
-load_zones_fromconfig(const cfg_obj_t *config, isc_mem_t *mctx,
-		      bool list_zones)
-{
-	const cfg_listelt_t *element;
-	const cfg_obj_t *views;
-	const cfg_obj_t *vconfig;
-	isc_result_t result = ISC_R_SUCCESS;
-	isc_result_t tresult;
-
-	views = NULL;
-
-	(void)cfg_map_get(config, "view", &views);
-	for (element = cfg_list_first(views);
-	     element != NULL;
-	     element = cfg_list_next(element))
-	{
-		const cfg_obj_t *classobj;
-		dns_rdataclass_t viewclass;
-		const char *vname;
-		char buf[sizeof("CLASS65535")];
-
-		vconfig = cfg_listelt_value(element);
-		if (vconfig == NULL)
-			continue;
-
-		classobj = cfg_tuple_get(vconfig, "class");
-		CHECK(config_getclass(classobj, dns_rdataclass_in,
-					 &viewclass));
-		if (dns_rdataclass_ismeta(viewclass))
-			CHECK(ISC_R_FAILURE);
-
-		dns_rdataclass_format(viewclass, buf, sizeof(buf));
-		vname = cfg_obj_asstring(cfg_tuple_get(vconfig, "name"));
-		tresult = configure_view(buf, vname, config, vconfig, mctx,
-					 list_zones);
-		if (tresult != ISC_R_SUCCESS)
-			result = tresult;
-	}
-
-	if (views == NULL) {
-		tresult = configure_view("IN", "_default", config, NULL, mctx,
-					 list_zones);
-		if (tresult != ISC_R_SUCCESS)
-			result = tresult;
-	}
-
-cleanup:
-	return (result);
-}
-
-static void
-output(void *closure, const char *text, int textlen) {
-	UNUSED(closure);
-	if (fwrite(text, 1, textlen, stdout) != (size_t)textlen) {
-		perror("fwrite");
-		exit(1);
-	}
-}
-
-/*% The main processing routine */
-int
-main(int argc, char **argv) {
-	int c;
-	cfg_parser_t *parser = NULL;
-	cfg_obj_t *config = NULL;
-	const char *conffile = NULL;
-	isc_mem_t *mctx = NULL;
-	isc_result_t result;
-	int exit_status = 0;
-	bool load_zones = false;
-	bool list_zones = false;
-	bool print = false;
-	unsigned int flags = 0;
-
-	isc_commandline_errprint = false;
-
-	/*
-	 * Process memory debugging argument first.
-	 */
-#define CMDLINE_FLAGS "dhjlm:t:pvxz"
-	while ((c = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
-		switch (c) {
-		case 'm':
-			if (strcasecmp(isc_commandline_argument, "record") == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
-			if (strcasecmp(isc_commandline_argument, "trace") == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
-			if (strcasecmp(isc_commandline_argument, "usage") == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
-			if (strcasecmp(isc_commandline_argument, "size") == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGSIZE;
-			if (strcasecmp(isc_commandline_argument, "mctx") == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGCTX;
-			break;
-		default:
-			break;
-		}
-	}
-	isc_commandline_reset = true;
-
-	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
-
-	while ((c = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != EOF) {
-		switch (c) {
-		case 'd':
-			debug++;
-			break;
-
-		case 'j':
-			nomerge = false;
-			break;
-
-		case 'l':
-			list_zones = true;
-			break;
-
-		case 'm':
-			break;
-
-		case 't':
-			result = isc_dir_chroot(isc_commandline_argument);
-			if (result != ISC_R_SUCCESS) {
-				fprintf(stderr, "isc_dir_chroot: %s\n",
-					isc_result_totext(result));
-				exit(1);
-			}
-			break;
-
-		case 'p':
-			print = true;
-			break;
-
-		case 'v':
-			printf(VERSION "\n");
-			exit(0);
-
-		case 'x':
-			flags |= CFG_PRINTER_XKEY;
-			break;
-
-		case 'z':
-			load_zones = true;
-			docheckmx = false;
-			docheckns = false;
-			dochecksrv = false;
-			break;
-
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-			/* FALLTHROUGH */
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (((flags & CFG_PRINTER_XKEY) != 0) && !print) {
-		fprintf(stderr, "%s: -x cannot be used without -p\n", program);
-		exit(1);
-	}
-	if (print && list_zones) {
-		fprintf(stderr, "%s: -l cannot be used with -p\n", program);
-		exit(1);
-	}
-
-	if (isc_commandline_index + 1 < argc)
-		usage();
-	if (argv[isc_commandline_index] != NULL)
-		conffile = argv[isc_commandline_index];
-	if (conffile == NULL || conffile[0] == '\0')
-		conffile = NAMED_CONFFILE;
-
-#ifdef _WIN32
-	InitSockets();
-#endif
-
-	RUNTIME_CHECK(setup_logging(mctx, stdout, &logc) == ISC_R_SUCCESS);
-
-	dns_result_register();
-
-	RUNTIME_CHECK(cfg_parser_create(mctx, logc, &parser) == ISC_R_SUCCESS);
-
-	cfg_parser_setcallback(parser, directory_callback, NULL);
-
-	if (cfg_parse_file(parser, conffile, &cfg_type_namedconf, &config) !=
-	    ISC_R_SUCCESS)
-		exit(1);
-
-	result = bind9_check_namedconf(config, logc, mctx);
-	if (result != ISC_R_SUCCESS)
-		exit_status = 1;
-
-	if (result == ISC_R_SUCCESS && (load_zones || list_zones)) {
-		result = load_zones_fromconfig(config, mctx, list_zones);
-		if (result != ISC_R_SUCCESS)
-			exit_status = 1;
-	}
-
-	if (print && exit_status == 0)
-		cfg_printx(config, flags, output, NULL);
-	cfg_obj_destroy(parser, &config);
-
-	cfg_parser_destroy(&parser);
-
-	dns_name_destroy();
-
-	isc_log_destroy(&logc);
-
-	isc_mem_destroy(&mctx);
-
-#ifdef _WIN32
-	DestroySockets();
-#endif
-
-	return (exit_status);
-}

bin/check/named-checkconf.docbook

@@ -1,207 +0,0 @@
-<!DOCTYPE book [
-<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-
-<!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkconf">
-  <info>
-    <date>2014-01-10</date>
-  </info>
-  <refentryinfo>
-    <corpname>ISC</corpname>
-    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>named-checkconf</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <docinfo>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <year>2004</year>
-      <year>2005</year>
-      <year>2007</year>
-      <year>2009</year>
-      <year>2014</year>
-      <year>2015</year>
-      <year>2016</year>
-      <year>2018</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refnamediv>
-    <refname><application>named-checkconf</application></refname>
-    <refpurpose>named configuration file syntax checking tool</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis sepchar=" ">
-      <command>named-checkconf</command>
-      <arg choice="opt" rep="norepeat"><option>-hjlvz</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-p</option>
-	<arg choice="opt" rep="norepeat"><option>-x</option>
-      </arg></arg>
-      <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg choice="req" rep="norepeat">filename</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsection><info><title>DESCRIPTION</title></info>
-
-    <para><command>named-checkconf</command>
-      checks the syntax, but not the semantics, of a
-      <command>named</command> configuration file.  The file is parsed
-      and checked for syntax errors, along with all files included by it.
-      If no file is specified, <filename>/etc/named.conf</filename> is read
-      by default.
-    </para>
-    <para>
-      Note: files that <command>named</command> reads in separate
-      parser contexts, such as <filename>rndc.key</filename> and
-      <filename>bind.keys</filename>, are not automatically read
-      by <command>named-checkconf</command>.  Configuration
-      errors in these files may cause <command>named</command> to
-      fail to run, even if <command>named-checkconf</command> was
-      successful.  <command>named-checkconf</command> can be run
-      on these files explicitly, however.
-    </para>
-  </refsection>
-
-  <refsection><info><title>OPTIONS</title></info>
-
-    <variablelist>
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Print the usage summary and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-j</term>
-        <listitem>
-          <para>
-            When loading a zonefile read the journal if it exists.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-l</term>
-        <listitem>
-          <para>
-            List all the configured zones. Each line of output
-            contains the zone name, class (e.g. IN), view, and type
-            (e.g. master or slave).
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p</term>
-        <listitem>
-          <para>
-	    Print out the <filename>named.conf</filename> and included files
-	    in canonical form if no errors were detected.
-            See also the <option>-x</option> option.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Chroot to <filename>directory</filename> so that include
-            directives in the configuration file are processed as if
-            run by a similarly chrooted <command>named</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v</term>
-        <listitem>
-          <para>
-            Print the version of the <command>named-checkconf</command>
-            program and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-x</term>
-        <listitem>
-          <para>
-	    When printing the configuration files in canonical
-            form, obscure shared secrets by replacing them with
-            strings of question marks ('?'). This allows the
-            contents of <filename>named.conf</filename> and related
-            files to be shared &mdash; for example, when submitting
-            bug reports &mdash; without compromising private data.
-            This option cannot be used without <option>-p</option>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-z</term>
-        <listitem>
-          <para>
-	    Perform a test load of all master zones found in
-	    <filename>named.conf</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>filename</term>
-        <listitem>
-          <para>
-            The name of the configuration file to be checked.  If not
-            specified, it defaults to <filename>/etc/named.conf</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-
-  </refsection>
-
-  <refsection><info><title>RETURN VALUES</title></info>
-
-    <para><command>named-checkconf</command>
-      returns an exit status of 1 if
-      errors were detected and 0 otherwise.
-    </para>
-  </refsection>
-
-  <refsection><info><title>SEE ALSO</title></info>
-
-    <para><citerefentry>
-        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>named-checkzone</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
-    </para>
-  </refsection>
-</refentry>

bin/check/named-checkconf.html

@@ -1,166 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007, 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
--->
-<html lang="en">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>named-checkconf</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
-<a name="man.named-checkconf"></a><div class="titlepage"></div>
-  
-  
-
-  
-
-  
-
-  <div class="refnamediv">
-<h2>Name</h2>
-<p>
-    <span class="application">named-checkconf</span>
-     &#8212; named configuration file syntax checking tool
-  </p>
-</div>
-
-  <div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-    <div class="cmdsynopsis"><p>
-      <code class="command">named-checkconf</code> 
-       [<code class="option">-hjlvz</code>]
-       [<code class="option">-p</code>
-	 [<code class="option">-x</code>
-      ]]
-       [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>]
-       {filename}
-    </p></div>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.7"></a><h2>DESCRIPTION</h2>
-
-    <p><span class="command"><strong>named-checkconf</strong></span>
-      checks the syntax, but not the semantics, of a
-      <span class="command"><strong>named</strong></span> configuration file.  The file is parsed
-      and checked for syntax errors, along with all files included by it.
-      If no file is specified, <code class="filename">/etc/named.conf</code> is read
-      by default.
-    </p>
-    <p>
-      Note: files that <span class="command"><strong>named</strong></span> reads in separate
-      parser contexts, such as <code class="filename">rndc.key</code> and
-      <code class="filename">bind.keys</code>, are not automatically read
-      by <span class="command"><strong>named-checkconf</strong></span>.  Configuration
-      errors in these files may cause <span class="command"><strong>named</strong></span> to
-      fail to run, even if <span class="command"><strong>named-checkconf</strong></span> was
-      successful.  <span class="command"><strong>named-checkconf</strong></span> can be run
-      on these files explicitly, however.
-    </p>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.8"></a><h2>OPTIONS</h2>
-
-    <div class="variablelist"><dl class="variablelist">
-<dt><span class="term">-h</span></dt>
-<dd>
-          <p>
-            Print the usage summary and exit.
-          </p>
-        </dd>
-<dt><span class="term">-j</span></dt>
-<dd>
-          <p>
-            When loading a zonefile read the journal if it exists.
-          </p>
-        </dd>
-<dt><span class="term">-l</span></dt>
-<dd>
-          <p>
-            List all the configured zones. Each line of output
-            contains the zone name, class (e.g. IN), view, and type
-            (e.g. master or slave).
-          </p>
-        </dd>
-<dt><span class="term">-p</span></dt>
-<dd>
-          <p>
-	    Print out the <code class="filename">named.conf</code> and included files
-	    in canonical form if no errors were detected.
-            See also the <code class="option">-x</code> option.
-          </p>
-        </dd>
-<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
-<dd>
-          <p>
-            Chroot to <code class="filename">directory</code> so that include
-            directives in the configuration file are processed as if
-            run by a similarly chrooted <span class="command"><strong>named</strong></span>.
-          </p>
-        </dd>
-<dt><span class="term">-v</span></dt>
-<dd>
-          <p>
-            Print the version of the <span class="command"><strong>named-checkconf</strong></span>
-            program and exit.
-          </p>
-        </dd>
-<dt><span class="term">-x</span></dt>
-<dd>
-          <p>
-	    When printing the configuration files in canonical
-            form, obscure shared secrets by replacing them with
-            strings of question marks ('?'). This allows the
-            contents of <code class="filename">named.conf</code> and related
-            files to be shared &#8212; for example, when submitting
-            bug reports &#8212; without compromising private data.
-            This option cannot be used without <code class="option">-p</code>.
-          </p>
-        </dd>
-<dt><span class="term">-z</span></dt>
-<dd>
-          <p>
-	    Perform a test load of all master zones found in
-	    <code class="filename">named.conf</code>.
-          </p>
-        </dd>
-<dt><span class="term">filename</span></dt>
-<dd>
-          <p>
-            The name of the configuration file to be checked.  If not
-            specified, it defaults to <code class="filename">/etc/named.conf</code>.
-          </p>
-        </dd>
-</dl></div>
-
-  </div>
-
-  <div class="refsection">
-<a name="id-1.9"></a><h2>RETURN VALUES</h2>
-
-    <p><span class="command"><strong>named-checkconf</strong></span>
-      returns an exit status of 1 if
-      errors were detected and 0 otherwise.
-    </p>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.10"></a><h2>SEE ALSO</h2>
-
-    <p><span class="citerefentry">
-        <span class="refentrytitle">named</span>(8)
-      </span>,
-      <span class="citerefentry">
-        <span class="refentrytitle">named-checkzone</span>(8)
-      </span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
-    </p>
-  </div>
-</div></body>
-</html>

bin/check/named-checkzone.8

@@ -1,329 +0,0 @@
-.\" Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
-.\"
-.hy 0
-.ad l
-'\" t
-.\"     Title: named-checkzone
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 2014-02-19
-.\"    Manual: BIND9
-.\"    Source: ISC
-.\"  Language: English
-.\"
-.TH "NAMED\-CHECKZONE" "8" "2014\-02\-19" "ISC" "BIND9"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-named-checkzone, named-compilezone \- zone file validity checking or converting tool
-.SH "SYNOPSIS"
-.HP \w'\fBnamed\-checkzone\fR\ 'u
-\fBnamed\-checkzone\fR [\fB\-d\fR] [\fB\-h\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-M\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-o\ \fR\fB\fIfilename\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-S\ \fR\fB\fImode\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {zonename} {filename}
-.HP \w'\fBnamed\-compilezone\fR\ 'u
-\fBnamed\-compilezone\fR [\fB\-d\fR] [\fB\-j\fR] [\fB\-q\fR] [\fB\-v\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-C\ \fR\fB\fImode\fR\fR] [\fB\-f\ \fR\fB\fIformat\fR\fR] [\fB\-F\ \fR\fB\fIformat\fR\fR] [\fB\-J\ \fR\fB\fIfilename\fR\fR] [\fB\-i\ \fR\fB\fImode\fR\fR] [\fB\-k\ \fR\fB\fImode\fR\fR] [\fB\-m\ \fR\fB\fImode\fR\fR] [\fB\-n\ \fR\fB\fImode\fR\fR] [\fB\-l\ \fR\fB\fIttl\fR\fR] [\fB\-L\ \fR\fB\fIserial\fR\fR] [\fB\-r\ \fR\fB\fImode\fR\fR] [\fB\-s\ \fR\fB\fIstyle\fR\fR] [\fB\-t\ \fR\fB\fIdirectory\fR\fR] [\fB\-T\ \fR\fB\fImode\fR\fR] [\fB\-w\ \fR\fB\fIdirectory\fR\fR] [\fB\-D\fR] [\fB\-W\ \fR\fB\fImode\fR\fR] {\fB\-o\ \fR\fB\fIfilename\fR\fR} {zonename} {filename}
-.SH "DESCRIPTION"
-.PP
-\fBnamed\-checkzone\fR
-checks the syntax and integrity of a zone file\&. It performs the same checks as
-\fBnamed\fR
-does when loading a zone\&. This makes
-\fBnamed\-checkzone\fR
-useful for checking zone files before configuring them into a name server\&.
-.PP
-\fBnamed\-compilezone\fR
-is similar to
-\fBnamed\-checkzone\fR, but it always dumps the zone contents to a specified file in a specified format\&. Additionally, it applies stricter check levels by default, since the dump output will be used as an actual zone file loaded by
-\fBnamed\fR\&. When manually specified otherwise, the check levels must at least be as strict as those specified in the
-\fBnamed\fR
-configuration file\&.
-.SH "OPTIONS"
-.PP
-\-d
-.RS 4
-Enable debugging\&.
-.RE
-.PP
-\-h
-.RS 4
-Print the usage summary and exit\&.
-.RE
-.PP
-\-q
-.RS 4
-Quiet mode \- exit code only\&.
-.RE
-.PP
-\-v
-.RS 4
-Print the version of the
-\fBnamed\-checkzone\fR
-program and exit\&.
-.RE
-.PP
-\-j
-.RS 4
-When loading a zone file, read the journal if it exists\&. The journal file name is assumed to be the zone file name appended with the string
-\&.jnl\&.
-.RE
-.PP
-\-J \fIfilename\fR
-.RS 4
-When loading the zone file read the journal from the given file, if it exists\&. (Implies \-j\&.)
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Specify the class of the zone\&. If not specified, "IN" is assumed\&.
-.RE
-.PP
-\-i \fImode\fR
-.RS 4
-Perform post\-load zone integrity checks\&. Possible modes are
-\fB"full"\fR
-(default),
-\fB"full\-sibling"\fR,
-\fB"local"\fR,
-\fB"local\-sibling"\fR
-and
-\fB"none"\fR\&.
-.sp
-Mode
-\fB"full"\fR
-checks that MX records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. Mode
-\fB"local"\fR
-only checks MX records which refer to in\-zone hostnames\&.
-.sp
-Mode
-\fB"full"\fR
-checks that SRV records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. Mode
-\fB"local"\fR
-only checks SRV records which refer to in\-zone hostnames\&.
-.sp
-Mode
-\fB"full"\fR
-checks that delegation NS records refer to A or AAAA record (both in\-zone and out\-of\-zone hostnames)\&. It also checks that glue address records in the zone match those advertised by the child\&. Mode
-\fB"local"\fR
-only checks NS records which refer to in\-zone hostnames or that some required glue exists, that is when the nameserver is in a child zone\&.
-.sp
-Mode
-\fB"full\-sibling"\fR
-and
-\fB"local\-sibling"\fR
-disable sibling glue checks but are otherwise the same as
-\fB"full"\fR
-and
-\fB"local"\fR
-respectively\&.
-.sp
-Mode
-\fB"none"\fR
-disables the checks\&.
-.RE
-.PP
-\-f \fIformat\fR
-.RS 4
-Specify the format of the zone file\&. Possible formats are
-\fB"text"\fR
-(default),
-\fB"raw"\fR, and
-\fB"map"\fR\&.
-.RE
-.PP
-\-F \fIformat\fR
-.RS 4
-Specify the format of the output file specified\&. For
-\fBnamed\-checkzone\fR, this does not cause any effects unless it dumps the zone contents\&.
-.sp
-Possible formats are
-\fB"text"\fR
-(default), which is the standard textual representation of the zone, and
-\fB"map"\fR,
-\fB"raw"\fR, and
-\fB"raw=N"\fR, which store the zone in a binary format for rapid loading by
-\fBnamed\fR\&.
-\fB"raw=N"\fR
-specifies the format version of the raw zone file: if N is 0, the raw file can be read by any version of
-\fBnamed\fR; if N is 1, the file can be read by release 9\&.9\&.0 or higher; the default is 1\&.
-.RE
-.PP
-\-k \fImode\fR
-.RS 4
-Perform
-\fB"check\-names"\fR
-checks with the specified failure mode\&. Possible modes are
-\fB"fail"\fR
-(default for
-\fBnamed\-compilezone\fR),
-\fB"warn"\fR
-(default for
-\fBnamed\-checkzone\fR) and
-\fB"ignore"\fR\&.
-.RE
-.PP
-\-l \fIttl\fR
-.RS 4
-Sets a maximum permissible TTL for the input file\&. Any record with a TTL higher than this value will cause the zone to be rejected\&. This is similar to using the
-\fBmax\-zone\-ttl\fR
-option in
-named\&.conf\&.
-.RE
-.PP
-\-L \fIserial\fR
-.RS 4
-When compiling a zone to "raw" or "map" format, set the "source serial" value in the header to the specified serial number\&. (This is expected to be used primarily for testing purposes\&.)
-.RE
-.PP
-\-m \fImode\fR
-.RS 4
-Specify whether MX records should be checked to see if they are addresses\&. Possible modes are
-\fB"fail"\fR,
-\fB"warn"\fR
-(default) and
-\fB"ignore"\fR\&.
-.RE
-.PP
-\-M \fImode\fR
-.RS 4
-Check if a MX record refers to a CNAME\&. Possible modes are
-\fB"fail"\fR,
-\fB"warn"\fR
-(default) and
-\fB"ignore"\fR\&.
-.RE
-.PP
-\-n \fImode\fR
-.RS 4
-Specify whether NS records should be checked to see if they are addresses\&. Possible modes are
-\fB"fail"\fR
-(default for
-\fBnamed\-compilezone\fR),
-\fB"warn"\fR
-(default for
-\fBnamed\-checkzone\fR) and
-\fB"ignore"\fR\&.
-.RE
-.PP
-\-o \fIfilename\fR
-.RS 4
-Write zone output to
-filename\&. If
-filename
-is
-\-
-then write to standard out\&. This is mandatory for
-\fBnamed\-compilezone\fR\&.
-.RE
-.PP
-\-r \fImode\fR
-.RS 4
-Check for records that are treated as different by DNSSEC but are semantically equal in plain DNS\&. Possible modes are
-\fB"fail"\fR,
-\fB"warn"\fR
-(default) and
-\fB"ignore"\fR\&.
-.RE
-.PP
-\-s \fIstyle\fR
-.RS 4
-Specify the style of the dumped zone file\&. Possible styles are
-\fB"full"\fR
-(default) and
-\fB"relative"\fR\&. The full format is most suitable for processing automatically by a separate script\&. On the other hand, the relative format is more human\-readable and is thus suitable for editing by hand\&. For
-\fBnamed\-checkzone\fR
-this does not cause any effects unless it dumps the zone contents\&. It also does not have any meaning if the output format is not text\&.
-.RE
-.PP
-\-S \fImode\fR
-.RS 4
-Check if a SRV record refers to a CNAME\&. Possible modes are
-\fB"fail"\fR,
-\fB"warn"\fR
-(default) and
-\fB"ignore"\fR\&.
-.RE
-.PP
-\-t \fIdirectory\fR
-.RS 4
-Chroot to
-directory
-so that include directives in the configuration file are processed as if run by a similarly chrooted
-\fBnamed\fR\&.
-.RE
-.PP
-\-T \fImode\fR
-.RS 4
-Check if Sender Policy Framework (SPF) records exist and issues a warning if an SPF\-formatted TXT record is not also present\&. Possible modes are
-\fB"warn"\fR
-(default),
-\fB"ignore"\fR\&.
-.RE
-.PP
-\-w \fIdirectory\fR
-.RS 4
-chdir to
-directory
-so that relative filenames in master file $INCLUDE directives work\&. This is similar to the directory clause in
-named\&.conf\&.
-.RE
-.PP
-\-D
-.RS 4
-Dump zone file in canonical format\&. This is always enabled for
-\fBnamed\-compilezone\fR\&.
-.RE
-.PP
-\-W \fImode\fR
-.RS 4
-Specify whether to check for non\-terminal wildcards\&. Non\-terminal wildcards are almost always the result of a failure to understand the wildcard matching algorithm (RFC 1034)\&. Possible modes are
-\fB"warn"\fR
-(default) and
-\fB"ignore"\fR\&.
-.RE
-.PP
-zonename
-.RS 4
-The domain name of the zone being checked\&.
-.RE
-.PP
-filename
-.RS 4
-The name of the zone file\&.
-.RE
-.SH "RETURN VALUES"
-.PP
-\fBnamed\-checkzone\fR
-returns an exit status of 1 if errors were detected and 0 otherwise\&.
-.SH "SEE ALSO"
-.PP
-\fBnamed\fR(8),
-\fBnamed-checkconf\fR(8),
-RFC 1035,
-BIND 9 Administrator Reference Manual\&.
-.SH "AUTHOR"
-.PP
-\fBInternet Systems Consortium, Inc\&.\fR
-.SH "COPYRIGHT"
-.br
-Copyright \(co 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/check/named-checkzone.c

@@ -1,562 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdbool.h>
-#include <stdlib.h>
-#include <inttypes.h>
-
-#include <isc/app.h>
-#include <isc/commandline.h>
-#include <isc/dir.h>
-#include <isc/hash.h>
-#include <isc/log.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/socket.h>
-#include <isc/string.h>
-#include <isc/task.h>
-#include <isc/timer.h>
-#include <isc/util.h>
-
-#include <dns/db.h>
-#include <dns/fixedname.h>
-#include <dns/log.h>
-#include <dns/master.h>
-#include <dns/masterdump.h>
-#include <dns/name.h>
-#include <dns/rdataclass.h>
-#include <dns/rdataset.h>
-#include <dns/result.h>
-#include <dns/types.h>
-#include <dns/zone.h>
-
-#include "check-tool.h"
-
-static int quiet = 0;
-static isc_mem_t *mctx = NULL;
-dns_zone_t *zone = NULL;
-dns_zonetype_t zonetype = dns_zone_master;
-static int dumpzone = 0;
-static const char *output_filename;
-static const char *prog_name = NULL;
-static const dns_master_style_t *outputstyle = NULL;
-static enum { progmode_check, progmode_compile } progmode;
-
-#define ERRRET(result, function) \
-	do { \
-		if (result != ISC_R_SUCCESS) { \
-			if (!quiet) \
-				fprintf(stderr, "%s() returned %s\n", \
-					function, dns_result_totext(result)); \
-			return (result); \
-		} \
-	} while (0)
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(void) {
-	fprintf(stderr,
-		"usage: %s [-djqvD] [-c class] "
-		"[-f inputformat] [-F outputformat] [-J filename] "
-		"[-t directory] [-w directory] [-k (ignore|warn|fail)] "
-		"[-n (ignore|warn|fail)] [-m (ignore|warn|fail)] "
-		"[-r (ignore|warn|fail)] "
-		"[-i (full|full-sibling|local|local-sibling|none)] "
-		"[-M (ignore|warn|fail)] [-S (ignore|warn|fail)] "
-		"[-W (ignore|warn)] "
-		"%s zonename filename\n",
-		prog_name,
-		progmode == progmode_check ? "[-o filename]" : "-o filename");
-	exit(1);
-}
-
-static void
-destroy(void) {
-	if (zone != NULL)
-		dns_zone_detach(&zone);
-	dns_name_destroy();
-}
-
-/*% main processing routine */
-int
-main(int argc, char **argv) {
-	int c;
-	char *origin = NULL;
-	char *filename = NULL;
-	isc_log_t *lctx = NULL;
-	isc_result_t result;
-	char classname_in[] = "IN";
-	char *classname = classname_in;
-	const char *workdir = NULL;
-	const char *inputformatstr = NULL;
-	const char *outputformatstr = NULL;
-	dns_masterformat_t inputformat = dns_masterformat_text;
-	dns_masterformat_t outputformat = dns_masterformat_text;
-	dns_masterrawheader_t header;
-	uint32_t rawversion = 1, serialnum = 0;
-	dns_ttl_t maxttl = 0;
-	bool snset = false;
-	bool logdump = false;
-	FILE *errout = stdout;
-	char *endp;
-
-	/*
-	 * Uncomment the following line if memory debugging is needed:
-	 * isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
-	 */
-
-	outputstyle = &dns_master_style_full;
-
-	prog_name = strrchr(argv[0], '/');
-	if (prog_name == NULL)
-		prog_name = strrchr(argv[0], '\\');
-	if (prog_name != NULL)
-		prog_name++;
-	else
-		prog_name = argv[0];
-	/*
-	 * Libtool doesn't preserve the program name prior to final
-	 * installation.  Remove the libtool prefix ("lt-").
-	 */
-	if (strncmp(prog_name, "lt-", 3) == 0)
-		prog_name += 3;
-
-#define PROGCMP(X) \
-	(strcasecmp(prog_name, X) == 0 || strcasecmp(prog_name, X ".exe") == 0)
-
-	if (PROGCMP("named-checkzone")) {
-		progmode = progmode_check;
-	} else if (PROGCMP("named-compilezone")) {
-		progmode = progmode_compile;
-	} else {
-		INSIST(0);
-		ISC_UNREACHABLE();
-	}
-
-	/* Compilation specific defaults */
-	if (progmode == progmode_compile) {
-		zone_options |= (DNS_ZONEOPT_CHECKNS |
-				 DNS_ZONEOPT_FATALNS |
-				 DNS_ZONEOPT_CHECKSPF |
-				 DNS_ZONEOPT_CHECKDUPRR |
-				 DNS_ZONEOPT_CHECKNAMES |
-				 DNS_ZONEOPT_CHECKNAMESFAIL |
-				 DNS_ZONEOPT_CHECKWILDCARD);
-	} else
-		zone_options |= (DNS_ZONEOPT_CHECKDUPRR |
-				 DNS_ZONEOPT_CHECKSPF);
-
-#define ARGCMP(X) (strcmp(isc_commandline_argument, X) == 0)
-
-	isc_commandline_errprint = false;
-
-	while ((c = isc_commandline_parse(argc, argv,
-			       "c:df:hi:jJ:k:L:l:m:n:qr:s:t:o:vw:DF:M:S:T:W:"))
-	       != EOF) {
-		switch (c) {
-		case 'c':
-			classname = isc_commandline_argument;
-			break;
-
-		case 'd':
-			debug++;
-			break;
-
-		case 'i':
-			if (ARGCMP("full")) {
-				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY |
-						DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = true;
-				docheckns = true;
-				dochecksrv = true;
-			} else if (ARGCMP("full-sibling")) {
-				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = true;
-				docheckns = true;
-				dochecksrv = true;
-			} else if (ARGCMP("local")) {
-				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-				zone_options |= DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = false;
-				docheckns = false;
-				dochecksrv = false;
-			} else if (ARGCMP("local-sibling")) {
-				zone_options |= DNS_ZONEOPT_CHECKINTEGRITY;
-				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = false;
-				docheckns = false;
-				dochecksrv = false;
-			} else if (ARGCMP("none")) {
-				zone_options &= ~DNS_ZONEOPT_CHECKINTEGRITY;
-				zone_options &= ~DNS_ZONEOPT_CHECKSIBLING;
-				docheckmx = false;
-				docheckns = false;
-				dochecksrv = false;
-			} else {
-				fprintf(stderr, "invalid argument to -i: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'f':
-			inputformatstr = isc_commandline_argument;
-			break;
-
-		case 'F':
-			outputformatstr = isc_commandline_argument;
-			break;
-
-		case 'j':
-			nomerge = false;
-			break;
-
-		case 'J':
-			journal = isc_commandline_argument;
-			nomerge = false;
-			break;
-
-		case 'k':
-			if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKNAMES;
-				zone_options &= ~DNS_ZONEOPT_CHECKNAMESFAIL;
-			} else if (ARGCMP("fail")) {
-				zone_options |= DNS_ZONEOPT_CHECKNAMES |
-						DNS_ZONEOPT_CHECKNAMESFAIL;
-			} else if (ARGCMP("ignore")) {
-				zone_options &= ~(DNS_ZONEOPT_CHECKNAMES |
-						  DNS_ZONEOPT_CHECKNAMESFAIL);
-			} else {
-				fprintf(stderr, "invalid argument to -k: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'L':
-			snset = true;
-			endp = NULL;
-			serialnum = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0') {
-				fprintf(stderr, "source serial number "
-						"must be numeric");
-				exit(1);
-			}
-			break;
-
-		case 'l':
-			zone_options |= DNS_ZONEOPT_CHECKTTL;
-			endp = NULL;
-			maxttl = strtol(isc_commandline_argument, &endp, 0);
-			if (*endp != '\0') {
-				fprintf(stderr, "maximum TTL "
-						"must be numeric");
-				exit(1);
-			}
-			break;
-
-
-		case 'n':
-			if (ARGCMP("ignore")) {
-				zone_options &= ~(DNS_ZONEOPT_CHECKNS|
-						  DNS_ZONEOPT_FATALNS);
-			} else if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKNS;
-				zone_options &= ~DNS_ZONEOPT_FATALNS;
-			} else if (ARGCMP("fail")) {
-				zone_options |= DNS_ZONEOPT_CHECKNS|
-						DNS_ZONEOPT_FATALNS;
-			} else {
-				fprintf(stderr, "invalid argument to -n: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'm':
-			if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKMX;
-				zone_options &= ~DNS_ZONEOPT_CHECKMXFAIL;
-			} else if (ARGCMP("fail")) {
-				zone_options |= DNS_ZONEOPT_CHECKMX |
-						DNS_ZONEOPT_CHECKMXFAIL;
-			} else if (ARGCMP("ignore")) {
-				zone_options &= ~(DNS_ZONEOPT_CHECKMX |
-						  DNS_ZONEOPT_CHECKMXFAIL);
-			} else {
-				fprintf(stderr, "invalid argument to -m: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'o':
-			output_filename = isc_commandline_argument;
-			break;
-
-		case 'q':
-			quiet++;
-			break;
-
-		case 'r':
-			if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKDUPRR;
-				zone_options &= ~DNS_ZONEOPT_CHECKDUPRRFAIL;
-			} else if (ARGCMP("fail")) {
-				zone_options |= DNS_ZONEOPT_CHECKDUPRR |
-						DNS_ZONEOPT_CHECKDUPRRFAIL;
-			} else if (ARGCMP("ignore")) {
-				zone_options &= ~(DNS_ZONEOPT_CHECKDUPRR |
-						  DNS_ZONEOPT_CHECKDUPRRFAIL);
-			} else {
-				fprintf(stderr, "invalid argument to -r: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 's':
-			if (ARGCMP("full"))
-				outputstyle = &dns_master_style_full;
-			else if (ARGCMP("relative")) {
-				outputstyle = &dns_master_style_default;
-			} else {
-				fprintf(stderr,
-					"unknown or unsupported style: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 't':
-			result = isc_dir_chroot(isc_commandline_argument);
-			if (result != ISC_R_SUCCESS) {
-				fprintf(stderr, "isc_dir_chroot: %s: %s\n",
-					isc_commandline_argument,
-					isc_result_totext(result));
-				exit(1);
-			}
-			break;
-
-		case 'v':
-			printf(VERSION "\n");
-			exit(0);
-
-		case 'w':
-			workdir = isc_commandline_argument;
-			break;
-
-		case 'D':
-			dumpzone++;
-			break;
-
-		case 'M':
-			if (ARGCMP("fail")) {
-				zone_options &= ~DNS_ZONEOPT_WARNMXCNAME;
-				zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
-			} else if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_WARNMXCNAME;
-				zone_options &= ~DNS_ZONEOPT_IGNOREMXCNAME;
-			} else if (ARGCMP("ignore")) {
-				zone_options |= DNS_ZONEOPT_WARNMXCNAME;
-				zone_options |= DNS_ZONEOPT_IGNOREMXCNAME;
-			} else {
-				fprintf(stderr, "invalid argument to -M: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'S':
-			if (ARGCMP("fail")) {
-				zone_options &= ~DNS_ZONEOPT_WARNSRVCNAME;
-				zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
-			} else if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
-				zone_options &= ~DNS_ZONEOPT_IGNORESRVCNAME;
-			} else if (ARGCMP("ignore")) {
-				zone_options |= DNS_ZONEOPT_WARNSRVCNAME;
-				zone_options |= DNS_ZONEOPT_IGNORESRVCNAME;
-			} else {
-				fprintf(stderr, "invalid argument to -S: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'T':
-			if (ARGCMP("warn")) {
-				zone_options |= DNS_ZONEOPT_CHECKSPF;
-			} else if (ARGCMP("ignore")) {
-				zone_options &= ~DNS_ZONEOPT_CHECKSPF;
-			} else {
-				fprintf(stderr, "invalid argument to -T: %s\n",
-					isc_commandline_argument);
-				exit(1);
-			}
-			break;
-
-		case 'W':
-			if (ARGCMP("warn"))
-				zone_options |= DNS_ZONEOPT_CHECKWILDCARD;
-			else if (ARGCMP("ignore"))
-				zone_options &= ~DNS_ZONEOPT_CHECKWILDCARD;
-			break;
-
-		case '?':
-			if (isc_commandline_option != '?')
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					prog_name, isc_commandline_option);
-			/* FALLTHROUGH */
-		case 'h':
-			usage();
-
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				prog_name, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (workdir != NULL) {
-		result = isc_dir_chdir(workdir);
-		if (result != ISC_R_SUCCESS) {
-			fprintf(stderr, "isc_dir_chdir: %s: %s\n",
-				workdir, isc_result_totext(result));
-			exit(1);
-		}
-	}
-
-	if (inputformatstr != NULL) {
-		if (strcasecmp(inputformatstr, "text") == 0)
-			inputformat = dns_masterformat_text;
-		else if (strcasecmp(inputformatstr, "raw") == 0)
-			inputformat = dns_masterformat_raw;
-		else if (strncasecmp(inputformatstr, "raw=", 4) == 0) {
-			inputformat = dns_masterformat_raw;
-			fprintf(stderr,
-				"WARNING: input format raw, version ignored\n");
-		} else if (strcasecmp(inputformatstr, "map") == 0) {
-			inputformat = dns_masterformat_map;
-		} else {
-			fprintf(stderr, "unknown file format: %s\n",
-			    inputformatstr);
-			exit(1);
-		}
-	}
-
-	if (outputformatstr != NULL) {
-		if (strcasecmp(outputformatstr, "text") == 0) {
-			outputformat = dns_masterformat_text;
-		} else if (strcasecmp(outputformatstr, "raw") == 0) {
-			outputformat = dns_masterformat_raw;
-		} else if (strncasecmp(outputformatstr, "raw=", 4) == 0) {
-			char *end;
-
-			outputformat = dns_masterformat_raw;
-			rawversion = strtol(outputformatstr + 4, &end, 10);
-			if (end == outputformatstr + 4 || *end != '\0' ||
-			    rawversion > 1U) {
-				fprintf(stderr,
-					"unknown raw format version\n");
-				exit(1);
-			}
-		} else if (strcasecmp(outputformatstr, "map") == 0) {
-			outputformat = dns_masterformat_map;
-		} else {
-			fprintf(stderr, "unknown file format: %s\n",
-				outputformatstr);
-			exit(1);
-		}
-	}
-
-	if (progmode == progmode_compile) {
-		dumpzone = 1;	/* always dump */
-		logdump = !quiet;
-		if (output_filename == NULL) {
-			fprintf(stderr,
-				"output file required, but not specified\n");
-			usage();
-		}
-	}
-
-	if (output_filename != NULL)
-		dumpzone = 1;
-
-	/*
-	 * If we are outputing to stdout then send the informational
-	 * output to stderr.
-	 */
-	if (dumpzone &&
-	    (output_filename == NULL ||
-	     strcmp(output_filename, "-") == 0 ||
-	     strcmp(output_filename, "/dev/fd/1") == 0 ||
-	     strcmp(output_filename, "/dev/stdout") == 0)) {
-		errout = stderr;
-		logdump = false;
-	}
-
-	if (isc_commandline_index + 2 != argc)
-		usage();
-
-#ifdef _WIN32
-	InitSockets();
-#endif
-
-	RUNTIME_CHECK(isc_mem_create(0, 0, &mctx) == ISC_R_SUCCESS);
-	if (!quiet)
-		RUNTIME_CHECK(setup_logging(mctx, errout, &lctx)
-			      == ISC_R_SUCCESS);
-
-	dns_result_register();
-
-	origin = argv[isc_commandline_index++];
-	filename = argv[isc_commandline_index++];
-	result = load_zone(mctx, origin, filename, inputformat, classname,
-			   maxttl, &zone);
-
-	if (snset) {
-		dns_master_initrawheader(&header);
-		header.flags = DNS_MASTERRAW_SOURCESERIALSET;
-		header.sourceserial = serialnum;
-		dns_zone_setrawdata(zone, &header);
-	}
-
-	if (result == ISC_R_SUCCESS && dumpzone) {
-		if (logdump) {
-			fprintf(errout, "dump zone to %s...", output_filename);
-			fflush(errout);
-		}
-		result = dump_zone(origin, zone, output_filename,
-				   outputformat, outputstyle, rawversion);
-		if (logdump)
-			fprintf(errout, "done\n");
-	}
-
-	if (!quiet && result == ISC_R_SUCCESS)
-		fprintf(errout, "OK\n");
-	destroy();
-	if (lctx != NULL)
-		isc_log_destroy(&lctx);
-	isc_mem_destroy(&mctx);
-#ifdef _WIN32
-	DestroySockets();
-#endif
-	return ((result == ISC_R_SUCCESS) ? 0 : 1);
-}

bin/check/named-checkzone.docbook

@@ -1,527 +0,0 @@
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-
-<!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named-checkzone">
-  <info>
-    <date>2014-02-19</date>
-  </info>
-  <refentryinfo>
-    <corpname>ISC</corpname>
-    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>named-checkzone</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <docinfo>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <year>2004</year>
-      <year>2005</year>
-      <year>2006</year>
-      <year>2007</year>
-      <year>2009</year>
-      <year>2010</year>
-      <year>2011</year>
-      <year>2012</year>
-      <year>2013</year>
-      <year>2014</year>
-      <year>2015</year>
-      <year>2016</year>
-      <year>2018</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refnamediv>
-    <refname><application>named-checkzone</application></refname>
-    <refname><application>named-compilezone</application></refname>
-    <refpurpose>zone file validity checking or converting tool</refpurpose>
-  </refnamediv>
-
-  <refsynopsisdiv>
-    <cmdsynopsis sepchar=" ">
-      <command>named-checkzone</command>
-      <arg choice="opt" rep="norepeat"><option>-d</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-j</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-q</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-v</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">format</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-F <replaceable class="parameter">format</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-J <replaceable class="parameter">filename</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-M <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">ttl</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">style</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-S <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-D</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="req" rep="norepeat">zonename</arg>
-      <arg choice="req" rep="norepeat">filename</arg>
-    </cmdsynopsis>
-    <cmdsynopsis sepchar=" ">
-      <command>named-compilezone</command>
-      <arg choice="opt" rep="norepeat"><option>-d</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-j</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-q</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-v</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-C <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-f <replaceable class="parameter">format</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-F <replaceable class="parameter">format</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-J <replaceable class="parameter">filename</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-i <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-n <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-l <replaceable class="parameter">ttl</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-L <replaceable class="parameter">serial</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">style</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-w <replaceable class="parameter">directory</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-D</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">mode</replaceable></option></arg>
-      <arg choice="req" rep="norepeat"><option>-o <replaceable class="parameter">filename</replaceable></option></arg>
-      <arg choice="req" rep="norepeat">zonename</arg>
-      <arg choice="req" rep="norepeat">filename</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsection><info><title>DESCRIPTION</title></info>
-
-    <para><command>named-checkzone</command>
-      checks the syntax and integrity of a zone file.  It performs the
-      same checks as <command>named</command> does when loading a
-      zone.  This makes <command>named-checkzone</command> useful for
-      checking zone files before configuring them into a name server.
-    </para>
-    <para>
-        <command>named-compilezone</command> is similar to
-	<command>named-checkzone</command>, but it always dumps the
-        zone contents to a specified file in a specified format.
-	Additionally, it applies stricter check levels by default,
-        since the dump output will be used as an actual zone file
-	loaded by <command>named</command>.
-	When manually specified otherwise, the check levels must at
-        least be as strict as those specified in the
-	<command>named</command> configuration file.
-     </para>
-  </refsection>
-
-  <refsection><info><title>OPTIONS</title></info>
-
-
-    <variablelist>
-      <varlistentry>
-        <term>-d</term>
-        <listitem>
-          <para>
-            Enable debugging.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Print the usage summary and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-q</term>
-        <listitem>
-          <para>
-            Quiet mode - exit code only.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-v</term>
-        <listitem>
-          <para>
-            Print the version of the <command>named-checkzone</command>
-            program and exit.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-j</term>
-        <listitem>
-          <para>
-            When loading a zone file, read the journal if it exists.
-            The journal file name is assumed to be the zone file name
-	    appended with the string <filename>.jnl</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-J <replaceable class="parameter">filename</replaceable></term>
-        <listitem>
-          <para>
-            When loading the zone file read the journal from the given
-            file, if it exists. (Implies -j.)
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">class</replaceable></term>
-        <listitem>
-          <para>
-            Specify the class of the zone.  If not specified, "IN" is assumed.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-i <replaceable class="parameter">mode</replaceable></term>
-	<listitem>
-	  <para>
-	      Perform post-load zone integrity checks.  Possible modes are
-	      <command>"full"</command> (default),
-	      <command>"full-sibling"</command>,
-	      <command>"local"</command>,
-	      <command>"local-sibling"</command> and
-	      <command>"none"</command>.
-	  </para>
-	  <para>
-	      Mode <command>"full"</command> checks that MX records
-	      refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  Mode <command>"local"</command> only
-	      checks MX records which refer to in-zone hostnames.
-	  </para>
-	  <para>
-	      Mode <command>"full"</command> checks that SRV records
-	      refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  Mode <command>"local"</command> only
-	      checks SRV records which refer to in-zone hostnames.
-	  </para>
-	  <para>
-	      Mode <command>"full"</command> checks that delegation NS
-	      records refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  It also checks that glue address records
-	      in the zone match those advertised by the child.
-	      Mode <command>"local"</command> only checks NS records which
-	      refer to in-zone hostnames or that some required glue exists,
-	      that is when the nameserver is in a child zone.
-	  </para>
-	  <para>
-	      Mode <command>"full-sibling"</command> and
-	      <command>"local-sibling"</command> disable sibling glue
-	      checks but are otherwise the same as <command>"full"</command>
-	      and <command>"local"</command> respectively.
-	  </para>
-	  <para>
-	      Mode <command>"none"</command> disables the checks.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-f <replaceable class="parameter">format</replaceable></term>
-	<listitem>
-	  <para>
-	    Specify the format of the zone file.
-	    Possible formats are <command>"text"</command> (default),
-	    <command>"raw"</command>, and <command>"map"</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-F <replaceable class="parameter">format</replaceable></term>
-	<listitem>
-	  <para>
-	    Specify the format of the output file specified.
-	    For <command>named-checkzone</command>,
-	    this does not cause any effects unless it dumps the zone
-	    contents.
-	  </para>
-	  <para>
-	    Possible formats are <command>"text"</command> (default),
-	    which is the standard textual representation of the zone,
-	    and <command>"map"</command>, <command>"raw"</command>,
-            and <command>"raw=N"</command>, which store the zone in a
-            binary format for rapid loading by <command>named</command>.
-            <command>"raw=N"</command> specifies the format version of
-            the raw zone file: if N is 0, the raw file can be read by
-            any version of <command>named</command>; if N is 1, the file
-            can be read by release 9.9.0 or higher; the default is 1.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-k <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-          <para>
-            Perform <command>"check-names"</command> checks with the
-	    specified failure mode.
-            Possible modes are <command>"fail"</command>
-	    (default for <command>named-compilezone</command>),
-            <command>"warn"</command>
-	    (default for <command>named-checkzone</command>) and
-            <command>"ignore"</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-l <replaceable class="parameter">ttl</replaceable></term>
-        <listitem>
-          <para>
-            Sets a maximum permissible TTL for the input file.
-            Any record with a TTL higher than this value will cause
-            the zone to be rejected.  This is similar to using the
-            <command>max-zone-ttl</command> option in
-            <filename>named.conf</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-L <replaceable class="parameter">serial</replaceable></term>
-        <listitem>
-          <para>
-            When compiling a zone to "raw" or "map" format, set the
-            "source serial" value in the header to the specified serial
-            number.  (This is expected to be used primarily for testing
-            purposes.)
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-m <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-          <para>
-            Specify whether MX records should be checked to see if they
-            are addresses.  Possible modes are <command>"fail"</command>,
-            <command>"warn"</command> (default) and
-            <command>"ignore"</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-M <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-	  <para>
-	    Check if a MX record refers to a CNAME.
-            Possible modes are <command>"fail"</command>,
-            <command>"warn"</command> (default) and
-            <command>"ignore"</command>.
-	  </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-n <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-          <para>
-            Specify whether NS records should be checked to see if they
-            are addresses.
-	    Possible modes are <command>"fail"</command>
-	    (default for <command>named-compilezone</command>),
-            <command>"warn"</command>
-	    (default for <command>named-checkzone</command>) and
-            <command>"ignore"</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-o <replaceable class="parameter">filename</replaceable></term>
-        <listitem>
-          <para>
-            Write zone output to <filename>filename</filename>.
-	    If <filename>filename</filename> is <filename>-</filename> then
-	    write to standard out.
-	    This is mandatory for <command>named-compilezone</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-r <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-	  <para>
-            Check for records that are treated as different by DNSSEC but
-	    are semantically equal in plain DNS.
-            Possible modes are <command>"fail"</command>,
-            <command>"warn"</command> (default) and
-            <command>"ignore"</command>.
-	  </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-s <replaceable class="parameter">style</replaceable></term>
-	<listitem>
-	  <para>
-	    Specify the style of the dumped zone file.
-	    Possible styles are <command>"full"</command> (default)
-	    and <command>"relative"</command>.
-	    The full format is most suitable for processing
-	    automatically by a separate script.
-	    On the other hand, the relative format is more
-	    human-readable and is thus suitable for editing by hand.
-	    For <command>named-checkzone</command>
-	    this does not cause any effects unless it dumps the zone
-	    contents.
-	    It also does not have any meaning if the output format
-	    is not text.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-S <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-	  <para>
-	    Check if a SRV record refers to a CNAME.
-            Possible modes are <command>"fail"</command>,
-            <command>"warn"</command> (default) and
-            <command>"ignore"</command>.
-	  </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            Chroot to <filename>directory</filename> so that
-            include
-            directives in the configuration file are processed as if
-            run by a similarly chrooted <command>named</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-T <replaceable class="parameter">mode</replaceable></term>
-	<listitem>
-	  <para>
-	    Check if Sender Policy Framework (SPF) records exist
-	    and issues a warning if an SPF-formatted TXT record is
-	    not also present.  Possible modes are <command>"warn"</command>
-	    (default), <command>"ignore"</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-w <replaceable class="parameter">directory</replaceable></term>
-        <listitem>
-          <para>
-            chdir to <filename>directory</filename> so that
-            relative
-            filenames in master file $INCLUDE directives work.  This
-            is similar to the directory clause in
-            <filename>named.conf</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-D</term>
-        <listitem>
-          <para>
-            Dump zone file in canonical format.
-	    This is always enabled for <command>named-compilezone</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-W <replaceable class="parameter">mode</replaceable></term>
-        <listitem>
-          <para>
-            Specify whether to check for non-terminal wildcards.
-            Non-terminal wildcards are almost always the result of a
-            failure to understand the wildcard matching algorithm (RFC 1034).
-            Possible modes are <command>"warn"</command> (default)
-            and
-            <command>"ignore"</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>zonename</term>
-        <listitem>
-          <para>
-            The domain name of the zone being checked.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>filename</term>
-        <listitem>
-          <para>
-            The name of the zone file.
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-
-  </refsection>
-
-  <refsection><info><title>RETURN VALUES</title></info>
-
-    <para><command>named-checkzone</command>
-      returns an exit status of 1 if
-      errors were detected and 0 otherwise.
-    </para>
-  </refsection>
-
-  <refsection><info><title>SEE ALSO</title></info>
-
-    <para><citerefentry>
-        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>named-checkconf</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>RFC 1035</citetitle>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
-    </para>
-  </refsection>
-
-</refentry>

bin/check/named-checkzone.html

@@ -1,429 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<!--
- - Copyright (C) 2000-2002, 2004-2007, 2009-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
--->
-<html lang="en">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>named-checkzone</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
-<a name="man.named-checkzone"></a><div class="titlepage"></div>
-  
-  
-
-  
-
-  
-
-  <div class="refnamediv">
-<h2>Name</h2>
-<p>
-    <span class="application">named-checkzone</span>, 
-    <span class="application">named-compilezone</span>
-     &#8212; zone file validity checking or converting tool
-  </p>
-</div>
-
-  <div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-    <div class="cmdsynopsis"><p>
-      <code class="command">named-checkzone</code> 
-       [<code class="option">-d</code>]
-       [<code class="option">-h</code>]
-       [<code class="option">-j</code>]
-       [<code class="option">-q</code>]
-       [<code class="option">-v</code>]
-       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
-       [<code class="option">-f <em class="replaceable"><code>format</code></em></code>]
-       [<code class="option">-F <em class="replaceable"><code>format</code></em></code>]
-       [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>]
-       [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-M <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>]
-       [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>]
-       [<code class="option">-o <em class="replaceable"><code>filename</code></em></code>]
-       [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-s <em class="replaceable"><code>style</code></em></code>]
-       [<code class="option">-S <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>]
-       [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>]
-       [<code class="option">-D</code>]
-       [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>]
-       {zonename}
-       {filename}
-    </p></div>
-    <div class="cmdsynopsis"><p>
-      <code class="command">named-compilezone</code> 
-       [<code class="option">-d</code>]
-       [<code class="option">-j</code>]
-       [<code class="option">-q</code>]
-       [<code class="option">-v</code>]
-       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
-       [<code class="option">-C <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-f <em class="replaceable"><code>format</code></em></code>]
-       [<code class="option">-F <em class="replaceable"><code>format</code></em></code>]
-       [<code class="option">-J <em class="replaceable"><code>filename</code></em></code>]
-       [<code class="option">-i <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-k <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-m <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-n <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-l <em class="replaceable"><code>ttl</code></em></code>]
-       [<code class="option">-L <em class="replaceable"><code>serial</code></em></code>]
-       [<code class="option">-r <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-s <em class="replaceable"><code>style</code></em></code>]
-       [<code class="option">-t <em class="replaceable"><code>directory</code></em></code>]
-       [<code class="option">-T <em class="replaceable"><code>mode</code></em></code>]
-       [<code class="option">-w <em class="replaceable"><code>directory</code></em></code>]
-       [<code class="option">-D</code>]
-       [<code class="option">-W <em class="replaceable"><code>mode</code></em></code>]
-       {<code class="option">-o <em class="replaceable"><code>filename</code></em></code>}
-       {zonename}
-       {filename}
-    </p></div>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.7"></a><h2>DESCRIPTION</h2>
-
-    <p><span class="command"><strong>named-checkzone</strong></span>
-      checks the syntax and integrity of a zone file.  It performs the
-      same checks as <span class="command"><strong>named</strong></span> does when loading a
-      zone.  This makes <span class="command"><strong>named-checkzone</strong></span> useful for
-      checking zone files before configuring them into a name server.
-    </p>
-    <p>
-        <span class="command"><strong>named-compilezone</strong></span> is similar to
-	<span class="command"><strong>named-checkzone</strong></span>, but it always dumps the
-        zone contents to a specified file in a specified format.
-	Additionally, it applies stricter check levels by default,
-        since the dump output will be used as an actual zone file
-	loaded by <span class="command"><strong>named</strong></span>.
-	When manually specified otherwise, the check levels must at
-        least be as strict as those specified in the
-	<span class="command"><strong>named</strong></span> configuration file.
-     </p>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.8"></a><h2>OPTIONS</h2>
-
-
-    <div class="variablelist"><dl class="variablelist">
-<dt><span class="term">-d</span></dt>
-<dd>
-          <p>
-            Enable debugging.
-          </p>
-        </dd>
-<dt><span class="term">-h</span></dt>
-<dd>
-          <p>
-            Print the usage summary and exit.
-          </p>
-        </dd>
-<dt><span class="term">-q</span></dt>
-<dd>
-          <p>
-            Quiet mode - exit code only.
-          </p>
-        </dd>
-<dt><span class="term">-v</span></dt>
-<dd>
-          <p>
-            Print the version of the <span class="command"><strong>named-checkzone</strong></span>
-            program and exit.
-          </p>
-        </dd>
-<dt><span class="term">-j</span></dt>
-<dd>
-          <p>
-            When loading a zone file, read the journal if it exists.
-            The journal file name is assumed to be the zone file name
-	    appended with the string <code class="filename">.jnl</code>.
-          </p>
-        </dd>
-<dt><span class="term">-J <em class="replaceable"><code>filename</code></em></span></dt>
-<dd>
-          <p>
-            When loading the zone file read the journal from the given
-            file, if it exists. (Implies -j.)
-          </p>
-        </dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd>
-          <p>
-            Specify the class of the zone.  If not specified, "IN" is assumed.
-          </p>
-        </dd>
-<dt><span class="term">-i <em class="replaceable"><code>mode</code></em></span></dt>
-<dd>
-	  <p>
-	      Perform post-load zone integrity checks.  Possible modes are
-	      <span class="command"><strong>"full"</strong></span> (default),
-	      <span class="command"><strong>"full-sibling"</strong></span>,
-	      <span class="command"><strong>"local"</strong></span>,
-	      <span class="command"><strong>"local-sibling"</strong></span> and
-	      <span class="command"><strong>"none"</strong></span>.
-	  </p>
-	  <p>
-	      Mode <span class="command"><strong>"full"</strong></span> checks that MX records
-	      refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  Mode <span class="command"><strong>"local"</strong></span> only
-	      checks MX records which refer to in-zone hostnames.
-	  </p>
-	  <p>
-	      Mode <span class="command"><strong>"full"</strong></span> checks that SRV records
-	      refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  Mode <span class="command"><strong>"local"</strong></span> only
-	      checks SRV records which refer to in-zone hostnames.
-	  </p>
-	  <p>
-	      Mode <span class="command"><strong>"full"</strong></span> checks that delegation NS
-	      records refer to A or AAAA record (both in-zone and out-of-zone
-	      hostnames).  It also checks that glue address records
-	      in the zone match those advertised by the child.
-	      Mode <span class="command"><strong>"local"</strong></span> only checks NS records which
-	      refer to in-zone hostnames or that some required glue exists,
-	      that is when the nameserver is in a child zone.
-	  </p>
-	  <p>
-	      Mode <span class="command"><strong>"full-sibling"</strong></span> and
-	      <span class="command"><strong>"local-sibling"</strong></span> disable sibling glue
-	      checks but are otherwise the same as <span class="command"><strong>"full"</strong></span>
-	      and <span class="command"><strong>"local"</strong></span> respectively.
-	  </p>
-	  <p>
-	      Mode <span class="command"><strong>"none"</strong></span> disables the checks.
-	  </p>
-	</dd>
-<dt><span class="term">-f <em class="replaceable"><code>format</code></em></span></dt>
-<dd>
-	  <p>
-	    Specify the format of the zone file.
-	    Possible formats are <span class="command"><strong>"text"</strong></span> (default),
-	    <span class="command"><strong>"raw"</strong></span>, and <span class="command"><strong>"map"</strong></span>.
-	  </p>
-	</dd>
-<dt><span class="term">-F <em class="replaceable"><code>format</code></em></span></dt>
-<dd>
-	  <p>
-	    Specify the format of the output file specified.
-	    For <span class="command"><strong>named-checkzone</strong></span>,
-	    this does not cause any effects unless it dumps the zone
-	    contents.
-	  </p>
-	  <p>
-	    Possible formats are <span class="command"><strong>"text"</strong></span> (default),
-	    which is the standard textual representation of the zone,
-	    and <span class="command"><strong>"map"</strong></span>, <span class="command"><strong>"raw"</strong></span>,
-            and <span class="command"><strong>"raw=N"</strong></span>, which store the zone in a
-            binary format for rapid loading by <span class="command"><strong>named</strong></span>.
-            <span class="command"><strong>"raw=N"</strong></span> specifies the format version of
-            the raw zone file: if N is 0, the raw file can be read by
-            any version of <span class="command"><strong>named</strong></span>; if N is 1, the file
-            can be read by release 9.9.0 or higher; the default is 1.
-	  </p>
-	</dd>
-<dt><span class="term">-k <em class="replaceable"><code>mode</code></em></span></dt>
-<dd>
-          <p>
-            Perform <span class="command"><strong>"check-names"</strong></span> checks with the
-	    specified failure mode.
-            Possible modes are <span class="command"><strong>"fail"</strong></span>
-	    (default for <span class="command"><strong>named-compilezone</strong></span>),
-            <span class="command"><strong>"warn"</strong></span>
-	    (default for <span class="command"><strong>named-checkzone</strong></span>) and
-            <span class="command"><strong>"ignore"</strong></span>.
-          </p>
-        </dd>
-<dt><span class="term">-l <em class="replaceable"><code>ttl</code></em></span></dt>
-<dd>
-          <p>
-            Sets a maximum permissible TTL for the input file.
-            Any record with a TTL higher than this value will cause
-            the zone to be rejected.  This is similar to using the
-            <span class="command"><strong>max-zone-ttl</strong></span> option in
-            <code class="filename">named.conf</code>.
-          </p>
-        </dd>
-<dt><span class="term">-L <em class="replaceable"><code>serial</code></em></span></dt>
-<dd>
-          <p>
-            When compiling a zone to "raw" or "map" format, set the
-            "source serial" value in the header to the specified serial
-            number.  (This is expected to be used primarily for testing
-            purposes.)
-          </p>
-        </dd>
-<dt><span class="term">-m <em class="replaceable"><code>mode</code></em></span></dt>
-<dd>
-          <p>
-            Specify whether MX records should be checked to see if they
-            are addresses.  Possible modes are <span class="command"><strong>"fail"</strong></span>,
-            <span class="command"><strong>"warn"</strong></span> (default) and
-            <span class="command"><strong>"ignore"</strong></span>.
-          </p>
-        </dd>
-<dt><span class="term">-M <em class="replaceable"><code>mode</code></em></span></dt>
-<dd>
-	  <p>
-	    Check if a MX record refers to a CNAME.
-            Possible modes are <span class="command"><strong>"fail"</strong></span>,
-            <span class="command"><strong>"warn"</strong></span> (default) and
-            <span class="command"><strong>"ignore"</strong></span>.
-	  </p>
-        </dd>
-<dt><span class="term">-n <em class="replaceable"><code>mode</code></em></span></dt>
-<dd>
-          <p>
-            Specify whether NS records should be checked to see if they
-            are addresses.
-	    Possible modes are <span class="command"><strong>"fail"</strong></span>
-	    (default for <span class="command"><strong>named-compilezone</strong></span>),
-            <span class="command"><strong>"warn"</strong></span>
-	    (default for <span class="command"><strong>named-checkzone</strong></span>) and
-            <span class="command"><strong>"ignore"</strong></span>.
-          </p>
-        </dd>
-<dt><span class="term">-o <em class="replaceable"><code>filename</code></em></span></dt>
-<dd>
-          <p>
-            Write zone output to <code class="filename">filename</code>.
-	    If <code class="filename">filename</code> is <code class="filename">-</code> then
-	    write to standard out.
-	    This is mandatory for <span class="command"><strong>named-compilezone</strong></span>.
-          </p>
-        </dd>
-<dt><span class="term">-r <em class="replaceable"><code>mode</code></em></span></dt>
-<dd>
-	  <p>
-            Check for records that are treated as different by DNSSEC but
-	    are semantically equal in plain DNS.
-            Possible modes are <span class="command"><strong>"fail"</strong></span>,
-            <span class="command"><strong>"warn"</strong></span> (default) and
-            <span class="command"><strong>"ignore"</strong></span>.
-	  </p>
-        </dd>
-<dt><span class="term">-s <em class="replaceable"><code>style</code></em></span></dt>
-<dd>
-	  <p>
-	    Specify the style of the dumped zone file.
-	    Possible styles are <span class="command"><strong>"full"</strong></span> (default)
-	    and <span class="command"><strong>"relative"</strong></span>.
-	    The full format is most suitable for processing
-	    automatically by a separate script.
-	    On the other hand, the relative format is more
-	    human-readable and is thus suitable for editing by hand.
-	    For <span class="command"><strong>named-checkzone</strong></span>
-	    this does not cause any effects unless it dumps the zone
-	    contents.
-	    It also does not have any meaning if the output format
-	    is not text.
-	  </p>
-	</dd>
-<dt><span class="term">-S <em class="replaceable"><code>mode</code></em></span></dt>
-<dd>
-	  <p>
-	    Check if a SRV record refers to a CNAME.
-            Possible modes are <span class="command"><strong>"fail"</strong></span>,
-            <span class="command"><strong>"warn"</strong></span> (default) and
-            <span class="command"><strong>"ignore"</strong></span>.
-	  </p>
-        </dd>
-<dt><span class="term">-t <em class="replaceable"><code>directory</code></em></span></dt>
-<dd>
-          <p>
-            Chroot to <code class="filename">directory</code> so that
-            include
-            directives in the configuration file are processed as if
-            run by a similarly chrooted <span class="command"><strong>named</strong></span>.
-          </p>
-        </dd>
-<dt><span class="term">-T <em class="replaceable"><code>mode</code></em></span></dt>
-<dd>
-	  <p>
-	    Check if Sender Policy Framework (SPF) records exist
-	    and issues a warning if an SPF-formatted TXT record is
-	    not also present.  Possible modes are <span class="command"><strong>"warn"</strong></span>
-	    (default), <span class="command"><strong>"ignore"</strong></span>.
-	  </p>
-	</dd>
-<dt><span class="term">-w <em class="replaceable"><code>directory</code></em></span></dt>
-<dd>
-          <p>
-            chdir to <code class="filename">directory</code> so that
-            relative
-            filenames in master file $INCLUDE directives work.  This
-            is similar to the directory clause in
-            <code class="filename">named.conf</code>.
-          </p>
-        </dd>
-<dt><span class="term">-D</span></dt>
-<dd>
-          <p>
-            Dump zone file in canonical format.
-	    This is always enabled for <span class="command"><strong>named-compilezone</strong></span>.
-          </p>
-        </dd>
-<dt><span class="term">-W <em class="replaceable"><code>mode</code></em></span></dt>
-<dd>
-          <p>
-            Specify whether to check for non-terminal wildcards.
-            Non-terminal wildcards are almost always the result of a
-            failure to understand the wildcard matching algorithm (RFC 1034).
-            Possible modes are <span class="command"><strong>"warn"</strong></span> (default)
-            and
-            <span class="command"><strong>"ignore"</strong></span>.
-          </p>
-        </dd>
-<dt><span class="term">zonename</span></dt>
-<dd>
-          <p>
-            The domain name of the zone being checked.
-          </p>
-        </dd>
-<dt><span class="term">filename</span></dt>
-<dd>
-          <p>
-            The name of the zone file.
-          </p>
-        </dd>
-</dl></div>
-
-  </div>
-
-  <div class="refsection">
-<a name="id-1.9"></a><h2>RETURN VALUES</h2>
-
-    <p><span class="command"><strong>named-checkzone</strong></span>
-      returns an exit status of 1 if
-      errors were detected and 0 otherwise.
-    </p>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.10"></a><h2>SEE ALSO</h2>
-
-    <p><span class="citerefentry">
-        <span class="refentrytitle">named</span>(8)
-      </span>,
-      <span class="citerefentry">
-        <span class="refentrytitle">named-checkconf</span>(8)
-      </span>,
-      <em class="citetitle">RFC 1035</em>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
-    </p>
-  </div>
-
-</div></body>
-</html>

bin/check/win32/checkconf.vcxproj.filters.in

@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <Filter Include="Source Files">
-      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
-      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
-    </Filter>
-    <Filter Include="Header Files">
-      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
-      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
-    </Filter>
-    <Filter Include="Resource Files">
-      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
-      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
-    </Filter>
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="..\check-tool.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="..\named-checkconf.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-  </ItemGroup>
-</Project>

bin/check/win32/checkconf.vcxproj.in

@@ -1,115 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|@PLATFORM@">
-      <Configuration>Debug</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|@PLATFORM@">
-      <Configuration>Release</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{03A96113-CB14-43AA-AEB2-48950E3915C5}</ProjectGuid>
-    <Keyword>Win32Proj</Keyword>
-    <RootNamespace>checkconf</RootNamespace>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>true</UseDebugLibraries>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>false</UseDebugLibraries>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <LinkIncremental>true</LinkIncremental>
-    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
-    <IntDir>.\$(Configuration)\</IntDir>
-    <TargetName>named-$(ProjectName)</TargetName>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <LinkIncremental>false</LinkIncremental>
-    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
-    <IntDir>.\$(Configuration)\</IntDir>
-    <TargetName>named-$(ProjectName)</TargetName>
-  </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <ClCompile>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <BrowseInformation>true</BrowseInformation>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <Optimization>MaxSpeed</Optimization>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <WholeProgramOptimization>false</WholeProgramOptimization>
-      <StringPooling>true</StringPooling>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>false</GenerateDebugInformation>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <OptimizeReferences>true</OptimizeReferences>
-      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemGroup>
-    <ClInclude Include="..\check-tool.h" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="..\named-checkconf.c" />
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
-</Project>

bin/check/win32/checkconf.vcxproj.user

@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-</Project>

bin/check/win32/checktool.vcxproj.filters.in

@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <Filter Include="Source Files">
-      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
-      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
-    </Filter>
-    <Filter Include="Resource Files">
-      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
-      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
-    </Filter>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="..\check-tool.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-  </ItemGroup>
-</Project>

bin/check/win32/checktool.vcxproj.in

@@ -1,101 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|@PLATFORM@">
-      <Configuration>Debug</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|@PLATFORM@">
-      <Configuration>Release</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="..\check-tool.c" />
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{2C1F7096-C5B5-48D4-846F-A7ACA454335D}</ProjectGuid>
-    <Keyword>Win32Proj</Keyword>
-    <RootNamespace>checktool</RootNamespace>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>StaticLibrary</ConfigurationType>
-    <UseDebugLibraries>true</UseDebugLibraries>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>StaticLibrary</ConfigurationType>
-    <UseDebugLibraries>false</UseDebugLibraries>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <OutDir>.\$(Configuration)\</OutDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <IntDir>.\$(Configuration)\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <OutDir>.\$(Configuration)\</OutDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <IntDir>.\$(Configuration)\</IntDir>
-  </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <ClCompile>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <BrowseInformation>true</BrowseInformation>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;..\..\..\lib\ns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Lib>
-      <OutputFile>.\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-    </Lib>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <Optimization>MaxSpeed</Optimization>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <WholeProgramOptimization>false</WholeProgramOptimization>
-      <StringPooling>true</StringPooling>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\include;..\..\..\lib\ns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Lib>
-      <OutputFile>.\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-    </Lib>
-  </ItemDefinitionGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
-</Project>

bin/check/win32/checktool.vcxproj.user

@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-</Project>

bin/check/win32/checkzone.vcxproj.filters.in

@@ -1,27 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <Filter Include="Source Files">
-      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
-      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
-    </Filter>
-    <Filter Include="Header Files">
-      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
-      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
-    </Filter>
-    <Filter Include="Resource Files">
-      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
-      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
-    </Filter>
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="..\check-tool.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="..\named-checkzone.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-  </ItemGroup>
-</Project>

bin/check/win32/checkzone.vcxproj.in

@@ -1,126 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|@PLATFORM@">
-      <Configuration>Debug</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|@PLATFORM@">
-      <Configuration>Release</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{66028555-7DD5-4016-B601-9EF9A1EE8BFA}</ProjectGuid>
-    <Keyword>Win32Proj</Keyword>
-    <RootNamespace>checkzone</RootNamespace>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>true</UseDebugLibraries>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>false</UseDebugLibraries>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <LinkIncremental>true</LinkIncremental>
-    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
-    <IntDir>.\$(Configuration)\</IntDir>
-    <TargetName>named-$(ProjectName)</TargetName>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <LinkIncremental>false</LinkIncremental>
-    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
-    <IntDir>.\$(Configuration)\</IntDir>
-    <TargetName>named-$(ProjectName)</TargetName>
-  </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <ClCompile>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <BrowseInformation>true</BrowseInformation>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-    </Link>
-    <PostBuildEvent>
-      <Command>cd ..\..\..\Build\$(Configuration)
-copy /Y named-checkzone.exe named-compilezone.exe
-copy /Y named-checkzone.ilk named-compilezone.ilk
-</Command>
-    </PostBuildEvent>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <Optimization>MaxSpeed</Optimization>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <WholeProgramOptimization>false</WholeProgramOptimization>
-      <StringPooling>true</StringPooling>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@@OPENSSL_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\bind9\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>false</GenerateDebugInformation>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <OptimizeReferences>true</OptimizeReferences>
-      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-      <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
-    </Link>
-    <PostBuildEvent>
-      <Command>cd ..\..\..\Build\$(Configuration)
-copy /Y named-checkzone.exe named-compilezone.exe
-</Command>
-    </PostBuildEvent>
-  </ItemDefinitionGroup>
-  <ItemGroup>
-    <ClInclude Include="..\check-tool.h" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="..\named-checkzone.c" />
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
-</Project>

bin/check/win32/checkzone.vcxproj.user

@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-</Project>

bin/confgen/.gitignore

@@ -1,3 +0,0 @@
-ddns-confgen
-rndc-confgen
-tsig-keygen

bin/confgen/Makefile.in

@@ -1,113 +0,0 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-srcdir =	@srcdir@
-VPATH =		@srcdir@
-top_srcdir =	@top_srcdir@
-
-# Attempt to disable parallel processing.
-.NOTPARALLEL:
-.NO_PARALLEL:
-
-VERSION=@BIND9_VERSION@
-
-@BIND9_MAKE_INCLUDES@
-
-CINCLUDES = -I${srcdir}/include ${ISC_INCLUDES} ${ISCCC_INCLUDES} \
-	${ISCCFG_INCLUDES} ${DNS_INCLUDES} ${BIND9_INCLUDES}
-
-CDEFINES =
-CWARNINGS =
-
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCCCLIBS =	../../lib/isccc/libisccc.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-BIND9LIBS =	../../lib/bind9/libbind9.@A@
-
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
-ISCCCDEPLIBS =	../../lib/isccc/libisccc.@A@
-ISCDEPLIBS =	../../lib/isc/libisc.@A@
-DNSDEPLIBS =	../../lib/dns/libdns.@A@
-BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
-
-RNDCLIBS =	${ISCCFGLIBS} ${ISCCCLIBS} ${BIND9LIBS} ${DNSLIBS} ${ISCLIBS} @LIBS@
-RNDCDEPLIBS =	${ISCCFGDEPLIBS} ${ISCCCDEPLIBS} ${BIND9DEPLIBS} ${DNSDEPLIBS} ${ISCDEPLIBS}
-
-LIBS =		${DNSLIBS} ${ISCLIBS} @LIBS@
-
-NOSYMLIBS =	${DNSLIBS} ${ISCNOSYMLIBS} @LIBS@
-
-CONFDEPLIBS =	${DNSDEPLIBS} ${ISCDEPLIBS}
-
-SRCS=		rndc-confgen.c ddns-confgen.c
-
-SUBDIRS =	unix
-
-TARGETS =	rndc-confgen@EXEEXT@ ddns-confgen@EXEEXT@ tsig-keygen@EXEEXT@
-
-MANPAGES =	rndc-confgen.8 ddns-confgen.8
-
-HTMLPAGES =	rndc-confgen.html ddns-confgen.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
-
-UOBJS =		unix/os.@O@
-
-@BIND9_MAKE_RULES@
-
-rndc-confgen.@O@: rndc-confgen.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} \
-		-DRNDC_KEYFILE=\"${sysconfdir}/rndc.key\" \
-		-c ${srcdir}/rndc-confgen.c
-
-ddns-confgen.@O@: ddns-confgen.c
-	${LIBTOOL_MODE_COMPILE} ${CC} ${ALL_CFLAGS} -c ${srcdir}/ddns-confgen.c
-
-rndc-confgen@EXEEXT@: rndc-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS}
-	export BASEOBJS="rndc-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
-	${FINALBUILDCMD}
-
-ddns-confgen@EXEEXT@: ddns-confgen.@O@ util.@O@ keygen.@O@ ${CONFDEPLIBS}
-	export BASEOBJS="ddns-confgen.@O@ util.@O@ keygen.@O@ ${UOBJS}"; \
-	${FINALBUILDCMD}
-
-# make a link in the build directory to assist with testing
-tsig-keygen@EXEEXT@: ddns-confgen@EXEEXT@
-	rm -f tsig-keygen@EXEEXT@
-	${LINK_PROGRAM} ddns-confgen@EXEEXT@ tsig-keygen@EXEEXT@
-
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${sbindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
-
-install:: rndc-confgen@EXEEXT@ ddns-confgen@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} rndc-confgen@EXEEXT@ ${DESTDIR}${sbindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} ddns-confgen@EXEEXT@ ${DESTDIR}${sbindir}
-	${INSTALL_DATA} ${srcdir}/rndc-confgen.8 ${DESTDIR}${mandir}/man8
-	${INSTALL_DATA} ${srcdir}/ddns-confgen.8 ${DESTDIR}${mandir}/man8
-	(cd ${DESTDIR}${sbindir}; rm -f tsig-keygen@EXEEXT@; ${LINK_PROGRAM} ddns-confgen@EXEEXT@ tsig-keygen@EXEEXT@)
-	(cd ${DESTDIR}${mandir}/man8; rm -f tsig-keygen.8; ${LINK_PROGRAM} ddns-confgen.8 tsig-keygen.8)
-
-uninstall::
-	rm -f ${DESTDIR}${mandir}/man8/tsig-keygen.8
-	rm -f ${DESTDIR}${sbindir}/tsig-keygen@EXEEXT@
-	rm -f ${DESTDIR}${mandir}/man8/ddns-confgen.8
-	rm -f ${DESTDIR}${mandir}/man8/rndc-confgen.8
-	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/ddns-confgen@EXEEXT@
-	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/rndc-confgen@EXEEXT@
-
-clean distclean maintainer-clean::
-	rm -f ${TARGETS}

bin/confgen/ddns-confgen.8

@@ -1,148 +0,0 @@
-.\" Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
-.\"
-.hy 0
-.ad l
-'\" t
-.\"     Title: ddns-confgen
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 2014-03-06
-.\"    Manual: BIND9
-.\"    Source: ISC
-.\"  Language: English
-.\"
-.TH "DDNS\-CONFGEN" "8" "2014\-03\-06" "ISC" "BIND9"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-ddns-confgen \- ddns key generation tool
-.SH "SYNOPSIS"
-.HP \w'\fBtsig\-keygen\fR\ 'u
-\fBtsig\-keygen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [name]
-.HP \w'\fBddns\-confgen\fR\ 'u
-\fBddns\-confgen\fR [\fB\-a\ \fR\fB\fIalgorithm\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-q\fR] [\fB\-r\ \fR\fB\fIrandomfile\fR\fR] [\-s\ \fIname\fR | \-z\ \fIzone\fR]
-.SH "DESCRIPTION"
-.PP
-\fBtsig\-keygen\fR
-and
-\fBddns\-confgen\fR
-are invocation methods for a utility that generates keys for use in TSIG signing\&. The resulting keys can be used, for example, to secure dynamic DNS updates to a zone or for the
-\fBrndc\fR
-command channel\&.
-.PP
-When run as
-\fBtsig\-keygen\fR, a domain name can be specified on the command line which will be used as the name of the generated key\&. If no name is specified, the default is
-\fBtsig\-key\fR\&.
-.PP
-When run as
-\fBddns\-confgen\fR, the generated key is accompanied by configuration text and instructions that can be used with
-\fBnsupdate\fR
-and
-\fBnamed\fR
-when setting up dynamic DNS, including an example
-\fBupdate\-policy\fR
-statement\&. (This usage similar to the
-\fBrndc\-confgen\fR
-command for setting up command channel security\&.)
-.PP
-Note that
-\fBnamed\fR
-itself can configure a local DDNS key for use with
-\fBnsupdate \-l\fR: it does this when a zone is configured with
-\fBupdate\-policy local;\fR\&.
-\fBddns\-confgen\fR
-is only needed when a more elaborate configuration is required: for instance, if
-\fBnsupdate\fR
-is to be used from a remote system\&.
-.SH "OPTIONS"
-.PP
-\-a \fIalgorithm\fR
-.RS 4
-Specifies the algorithm to use for the TSIG key\&. Available choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384 and hmac\-sha512\&. The default is hmac\-sha256\&. Options are case\-insensitive, and the "hmac\-" prefix may be omitted\&.
-.RE
-.PP
-\-h
-.RS 4
-Prints a short summary of options and arguments\&.
-.RE
-.PP
-\-k \fIkeyname\fR
-.RS 4
-Specifies the key name of the DDNS authentication key\&. The default is
-\fBddns\-key\fR
-when neither the
-\fB\-s\fR
-nor
-\fB\-z\fR
-option is specified; otherwise, the default is
-\fBddns\-key\fR
-as a separate label followed by the argument of the option, e\&.g\&.,
-\fBddns\-key\&.example\&.com\&.\fR
-The key name must have the format of a valid domain name, consisting of letters, digits, hyphens and periods\&.
-.RE
-.PP
-\-q
-.RS 4
-(\fBddns\-confgen\fR
-only\&.) Quiet mode: Print only the key, with no explanatory text or usage examples; This is essentially identical to
-\fBtsig\-keygen\fR\&.
-.RE
-.PP
-\-s \fIname\fR
-.RS 4
-(\fBddns\-confgen\fR
-only\&.) Generate configuration example to allow dynamic updates of a single hostname\&. The example
-\fBnamed\&.conf\fR
-text shows how to set an update policy for the specified
-\fIname\fR
-using the "name" nametype\&. The default key name is ddns\-key\&.\fIname\fR\&. Note that the "self" nametype cannot be used, since the name to be updated may differ from the key name\&. This option cannot be used with the
-\fB\-z\fR
-option\&.
-.RE
-.PP
-\-z \fIzone\fR
-.RS 4
-(\fBddns\-confgen\fR
-only\&.) Generate configuration example to allow dynamic updates of a zone: The example
-\fBnamed\&.conf\fR
-text shows how to set an update policy for the specified
-\fIzone\fR
-using the "zonesub" nametype, allowing updates to all subdomain names within that
-\fIzone\fR\&. This option cannot be used with the
-\fB\-s\fR
-option\&.
-.RE
-.SH "SEE ALSO"
-.PP
-\fBnsupdate\fR(1),
-\fBnamed.conf\fR(5),
-\fBnamed\fR(8),
-BIND 9 Administrator Reference Manual\&.
-.SH "AUTHOR"
-.PP
-\fBInternet Systems Consortium, Inc\&.\fR
-.SH "COPYRIGHT"
-.br
-Copyright \(co 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/confgen/ddns-confgen.c

@@ -1,301 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-/*! \file */
-
-/**
- * ddns-confgen generates configuration files for dynamic DNS. It can
- * be used as a convenient alternative to writing the ddns.key file
- * and the corresponding key and update-policy statements in named.conf.
- */
-
-#include <config.h>
-
-#include <stdarg.h>
-#include <stdbool.h>
-#include <stdlib.h>
-
-#include <isc/assertions.h>
-#include <isc/base64.h>
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/file.h>
-#include <isc/mem.h>
-#include <isc/net.h>
-#include <isc/print.h>
-#include <isc/result.h>
-#include <isc/string.h>
-#include <isc/time.h>
-#include <isc/util.h>
-
-#if USE_PKCS11
-#include <pk11/result.h>
-#endif
-
-#include <dns/keyvalues.h>
-#include <dns/name.h>
-#include <dns/result.h>
-
-#include <dst/dst.h>
-#include <confgen/os.h>
-
-#include "util.h"
-#include "keygen.h"
-
-#define KEYGEN_DEFAULT		"tsig-key"
-#define CONFGEN_DEFAULT		"ddns-key"
-
-static char program[256];
-const char *progname;
-static enum { progmode_keygen, progmode_confgen} progmode;
-bool verbose = false; /* needed by util.c but not used here */
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(int status) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(int status) {
-	if (progmode == progmode_confgen) {
-		fprintf(stderr, "\
-Usage:\n\
- %s [-a alg] [-k keyname] [-q] [-s name | -z zone]\n\
-  -a alg:        algorithm (default hmac-sha256)\n\
-  -k keyname:    name of the key as it will be used in named.conf\n\
-  -s name:       domain name to be updated using the created key\n\
-  -z zone:       name of the zone as it will be used in named.conf\n\
-  -q:            quiet mode: print the key, with no explanatory text\n",
-			 progname);
-	} else {
-		fprintf(stderr, "\
-Usage:\n\
- %s [-a alg] [keyname]\n\
-  -a alg:        algorithm (default hmac-sha256)\n\n",
-			 progname);
-	}
-
-	exit (status);
-}
-
-int
-main(int argc, char **argv) {
-	isc_result_t result = ISC_R_SUCCESS;
-	bool show_final_mem = false;
-	bool quiet = false;
-	isc_buffer_t key_txtbuffer;
-	char key_txtsecret[256];
-	isc_mem_t *mctx = NULL;
-	const char *keyname = NULL;
-	const char *zone = NULL;
-	const char *self_domain = NULL;
-	char *keybuf = NULL;
-	dns_secalg_t alg = DST_ALG_HMACSHA256;
-	const char *algname;
-	int keysize = 256;
-	int len = 0;
-	int ch;
-
-#if USE_PKCS11
-	pk11_result_register();
-#endif
-	dns_result_register();
-
-	result = isc_file_progname(*argv, program, sizeof(program));
-	if (result != ISC_R_SUCCESS)
-		memmove(program, "tsig-keygen", 11);
-	progname = program;
-
-	/*
-	 * Libtool doesn't preserve the program name prior to final
-	 * installation.  Remove the libtool prefix ("lt-").
-	 */
-	if (strncmp(progname, "lt-", 3) == 0)
-		progname += 3;
-
-#define PROGCMP(X) \
-	(strcasecmp(progname, X) == 0 || strcasecmp(progname, X ".exe") == 0)
-
-	if (PROGCMP("tsig-keygen")) {
-		progmode = progmode_keygen;
-		quiet = true;
-	} else if (PROGCMP("ddns-confgen")) {
-		progmode = progmode_confgen;
-	} else {
-		INSIST(0);
-		ISC_UNREACHABLE();
-	}
-
-	isc_commandline_errprint = false;
-
-	while ((ch = isc_commandline_parse(argc, argv,
-					   "a:hk:Mmr:qs:y:z:")) != -1) {
-		switch (ch) {
-		case 'a':
-			algname = isc_commandline_argument;
-			alg = alg_fromtext(algname);
-			if (alg == DST_ALG_UNKNOWN)
-				fatal("Unsupported algorithm '%s'", algname);
-			keysize = alg_bits(alg);
-			break;
-		case 'h':
-			usage(0);
-		case 'k':
-		case 'y':
-			if (progmode == progmode_confgen)
-				keyname = isc_commandline_argument;
-			else
-				usage(1);
-			break;
-		case 'M':
-			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
-			break;
-		case 'm':
-			show_final_mem = true;
-			break;
-		case 'q':
-			if (progmode == progmode_confgen)
-				quiet = true;
-			else
-				usage(1);
-			break;
-		case 'r':
-			fatal("The -r option has been deprecated.");
-			break;
-		case 's':
-			if (progmode == progmode_confgen)
-				self_domain = isc_commandline_argument;
-			else
-				usage(1);
-			break;
-		case 'z':
-			if (progmode == progmode_confgen)
-				zone = isc_commandline_argument;
-			else
-				usage(1);
-			break;
-		case '?':
-			if (isc_commandline_option != '?') {
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-				usage(1);
-			} else
-				usage(0);
-			break;
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	if (progmode == progmode_keygen)
-		keyname = argv[isc_commandline_index++];
-
-	POST(argv);
-
-	if (self_domain != NULL && zone != NULL)
-		usage(1);	/* -s and -z cannot coexist */
-
-	if (argc > isc_commandline_index)
-		usage(1);
-
-	/* Use canonical algorithm name */
-	algname = alg_totext(alg);
-
-	DO("create memory context", isc_mem_create(0, 0, &mctx));
-
-	if (keyname == NULL) {
-		const char *suffix = NULL;
-
-		keyname = ((progmode == progmode_keygen)
-			?  KEYGEN_DEFAULT
-			: CONFGEN_DEFAULT);
-		if (self_domain != NULL)
-			suffix = self_domain;
-		else if (zone != NULL)
-			suffix = zone;
-		if (suffix != NULL) {
-			len = strlen(keyname) + strlen(suffix) + 2;
-			keybuf = isc_mem_get(mctx, len);
-			if (keybuf == NULL)
-				fatal("failed to allocate memory for keyname");
-			snprintf(keybuf, len, "%s.%s", keyname, suffix);
-			keyname = (const char *) keybuf;
-		}
-	}
-
-	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
-
-	generate_key(mctx, alg, keysize, &key_txtbuffer);
-
-
-	if (!quiet)
-		printf("\
-# To activate this key, place the following in named.conf, and\n\
-# in a separate keyfile on the system or systems from which nsupdate\n\
-# will be run:\n");
-
-	printf("\
-key \"%s\" {\n\
-	algorithm %s;\n\
-	secret \"%.*s\";\n\
-};\n",
-	       keyname, algname,
-	       (int)isc_buffer_usedlength(&key_txtbuffer),
-	       (char *)isc_buffer_base(&key_txtbuffer));
-
-	if (!quiet) {
-		if (self_domain != NULL) {
-			printf("\n\
-# Then, in the \"zone\" statement for the zone containing the\n\
-# name \"%s\", place an \"update-policy\" statement\n\
-# like this one, adjusted as needed for your preferred permissions:\n\
-update-policy {\n\
-	  grant %s name %s ANY;\n\
-};\n",
-			       self_domain, keyname, self_domain);
-		} else if (zone != NULL) {
-			printf("\n\
-# Then, in the \"zone\" definition statement for \"%s\",\n\
-# place an \"update-policy\" statement like this one, adjusted as \n\
-# needed for your preferred permissions:\n\
-update-policy {\n\
-	  grant %s zonesub ANY;\n\
-};\n",
-			       zone, keyname);
-		} else {
-			printf("\n\
-# Then, in the \"zone\" statement for each zone you wish to dynamically\n\
-# update, place an \"update-policy\" statement granting update permission\n\
-# to this key.  For example, the following statement grants this key\n\
-# permission to update any name within the zone:\n\
-update-policy {\n\
-	grant %s zonesub ANY;\n\
-};\n",
-			       keyname);
-		}
-
-		printf("\n\
-# After the keyfile has been placed, the following command will\n\
-# execute nsupdate using this key:\n\
-nsupdate -k <keyfile>\n");
-
-	}
-
-	if (keybuf != NULL)
-		isc_mem_put(mctx, keybuf, len);
-
-	if (show_final_mem)
-		isc_mem_stats(mctx, stderr);
-
-	isc_mem_destroy(&mctx);
-
-	return (0);
-}

bin/confgen/ddns-confgen.docbook

@@ -1,211 +0,0 @@
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-
-<!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.ddns-confgen">
-  <info>
-    <date>2014-03-06</date>
-  </info>
-  <refentryinfo>
-    <corpname>ISC</corpname>
-    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>ddns-confgen</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>ddns-confgen</application></refname>
-    <refpurpose>ddns key generation tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2009</year>
-      <year>2014</year>
-      <year>2015</year>
-      <year>2016</year>
-      <year>2018</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis sepchar=" ">
-      <command>tsig-keygen</command>
-      <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
-      <arg choice="opt" rep="norepeat">name</arg>
-    </cmdsynopsis>
-    <cmdsynopsis sepchar=" ">
-      <command>ddns-confgen</command>
-      <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-q</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
-      <group choice="opt" rep="norepeat">
-        <arg choice="plain" rep="norepeat">-s <replaceable class="parameter">name</replaceable></arg>
-        <arg choice="plain" rep="norepeat">-z <replaceable class="parameter">zone</replaceable></arg>
-      </group>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsection><info><title>DESCRIPTION</title></info>
-
-    <para>
-      <command>tsig-keygen</command> and <command>ddns-confgen</command>
-      are invocation methods for a utility that generates keys for use
-      in TSIG signing.  The resulting keys can be used, for example,
-      to secure dynamic DNS updates to a zone or for the
-      <command>rndc</command> command channel.
-    </para>
-
-    <para>
-      When run as <command>tsig-keygen</command>, a domain name
-      can be specified on the command line which will be used as
-      the name of the generated key.  If no name is specified,
-      the default is <constant>tsig-key</constant>.
-    </para>
-
-    <para>
-      When run as <command>ddns-confgen</command>, the generated
-      key is accompanied by configuration text and instructions
-      that can be used with <command>nsupdate</command> and
-      <command>named</command> when setting up dynamic DNS,
-      including an example <command>update-policy</command>
-      statement.  (This usage similar to the
-      <command>rndc-confgen</command> command for setting
-      up command channel security.)
-    </para>
-
-    <para>
-      Note that <command>named</command> itself can configure a
-      local DDNS key for use with <command>nsupdate -l</command>:
-      it does this when a zone is configured with
-      <command>update-policy local;</command>.
-      <command>ddns-confgen</command> is only needed when a
-      more elaborate configuration is required: for instance,
-      if <command>nsupdate</command> is to be used from a remote
-      system.
-    </para>
-  </refsection>
-
-  <refsection><info><title>OPTIONS</title></info>
-
-
-    <variablelist>
-      <varlistentry>
-	<term>-a <replaceable class="parameter">algorithm</replaceable></term>
-	<listitem>
-	  <para>
-            Specifies the algorithm to use for the TSIG key.  Available
-            choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
-            hmac-sha384 and hmac-sha512.  The default is hmac-sha256.
-            Options are case-insensitive, and the "hmac-" prefix
-            may be omitted.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-h</term>
-	<listitem>
-	  <para>
-	    Prints a short summary of options and arguments.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-k <replaceable class="parameter">keyname</replaceable></term>
-	<listitem>
-	  <para>
-	    Specifies the key name of the DDNS authentication key.
-	    The default is <constant>ddns-key</constant> when neither
-	    the <option>-s</option> nor <option>-z</option> option is
-	    specified; otherwise, the default
-	    is <constant>ddns-key</constant> as a separate label
-	    followed by the argument of the option, e.g.,
-	    <constant>ddns-key.example.com.</constant>
-	    The key name must have the format of a valid domain name,
-	    consisting of letters, digits, hyphens and periods.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-q</term>
-	<listitem>
-	  <para>
-	    (<command>ddns-confgen</command> only.) Quiet mode:  Print
-            only the key, with no explanatory text or usage examples;
-            This is essentially identical to <command>tsig-keygen</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-s <replaceable class="parameter">name</replaceable></term>
-	<listitem>
-	  <para>
-            (<command>ddns-confgen</command> only.)
-	    Generate configuration example to allow dynamic updates
-            of a single hostname.  The example <command>named.conf</command>
-            text shows how to set an update policy for the specified
-            <replaceable class="parameter">name</replaceable>
-	    using the "name" nametype.  The default key name is
-	    ddns-key.<replaceable class="parameter">name</replaceable>.
-	    Note that the "self" nametype cannot be used, since
-	    the name to be updated may differ from the key name.
-	    This option cannot be used with the <option>-z</option> option.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-z <replaceable class="parameter">zone</replaceable></term>
-	<listitem>
-	  <para>
-            (<command>ddns-confgen</command> only.)
-	    Generate configuration example to allow dynamic updates
-            of a zone:  The example <command>named.conf</command> text
-            shows how to set an update policy for the specified
-	    <replaceable class="parameter">zone</replaceable>
-	    using the "zonesub" nametype, allowing updates to
-            all subdomain names within that
-            <replaceable class="parameter">zone</replaceable>.
-	    This option cannot be used with the <option>-s</option> option.
-	  </para>
-	</listitem>
-      </varlistentry>
-    </variablelist>
-  </refsection>
-
-  <refsection><info><title>SEE ALSO</title></info>
-
-    <para><citerefentry>
-	<refentrytitle>nsupdate</refentrytitle><manvolnum>1</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>named.conf</refentrytitle><manvolnum>5</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
-    </para>
-  </refsection>
-
-</refentry>

bin/confgen/ddns-confgen.html

@@ -1,187 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<!--
- - Copyright (C) 2009, 2014-2016, 2018 Internet Systems Consortium, Inc. ("ISC")
- - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
--->
-<html lang="en">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>ddns-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
-<a name="man.ddns-confgen"></a><div class="titlepage"></div>
-  
-  
-
-  
-
-  <div class="refnamediv">
-<h2>Name</h2>
-<p>
-    <span class="application">ddns-confgen</span>
-     &#8212; ddns key generation tool
-  </p>
-</div>
-
-  
-
-  <div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-    <div class="cmdsynopsis"><p>
-      <code class="command">tsig-keygen</code> 
-       [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
-       [<code class="option">-h</code>]
-       [name]
-    </p></div>
-    <div class="cmdsynopsis"><p>
-      <code class="command">ddns-confgen</code> 
-       [<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
-       [<code class="option">-h</code>]
-       [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
-       [<code class="option">-q</code>]
-       [<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
-       [
-         -s <em class="replaceable"><code>name</code></em> 
-         |   -z <em class="replaceable"><code>zone</code></em> 
-      ]
-    </p></div>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.7"></a><h2>DESCRIPTION</h2>
-
-    <p>
-      <span class="command"><strong>tsig-keygen</strong></span> and <span class="command"><strong>ddns-confgen</strong></span>
-      are invocation methods for a utility that generates keys for use
-      in TSIG signing.  The resulting keys can be used, for example,
-      to secure dynamic DNS updates to a zone or for the
-      <span class="command"><strong>rndc</strong></span> command channel.
-    </p>
-
-    <p>
-      When run as <span class="command"><strong>tsig-keygen</strong></span>, a domain name
-      can be specified on the command line which will be used as
-      the name of the generated key.  If no name is specified,
-      the default is <code class="constant">tsig-key</code>.
-    </p>
-
-    <p>
-      When run as <span class="command"><strong>ddns-confgen</strong></span>, the generated
-      key is accompanied by configuration text and instructions
-      that can be used with <span class="command"><strong>nsupdate</strong></span> and
-      <span class="command"><strong>named</strong></span> when setting up dynamic DNS,
-      including an example <span class="command"><strong>update-policy</strong></span>
-      statement.  (This usage similar to the
-      <span class="command"><strong>rndc-confgen</strong></span> command for setting
-      up command channel security.)
-    </p>
-
-    <p>
-      Note that <span class="command"><strong>named</strong></span> itself can configure a
-      local DDNS key for use with <span class="command"><strong>nsupdate -l</strong></span>:
-      it does this when a zone is configured with
-      <span class="command"><strong>update-policy local;</strong></span>.
-      <span class="command"><strong>ddns-confgen</strong></span> is only needed when a
-      more elaborate configuration is required: for instance,
-      if <span class="command"><strong>nsupdate</strong></span> is to be used from a remote
-      system.
-    </p>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.8"></a><h2>OPTIONS</h2>
-
-
-    <div class="variablelist"><dl class="variablelist">
-<dt><span class="term">-a <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd>
-	  <p>
-            Specifies the algorithm to use for the TSIG key.  Available
-            choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
-            hmac-sha384 and hmac-sha512.  The default is hmac-sha256.
-            Options are case-insensitive, and the "hmac-" prefix
-            may be omitted.
-	  </p>
-	</dd>
-<dt><span class="term">-h</span></dt>
-<dd>
-	  <p>
-	    Prints a short summary of options and arguments.
-	  </p>
-	</dd>
-<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
-<dd>
-	  <p>
-	    Specifies the key name of the DDNS authentication key.
-	    The default is <code class="constant">ddns-key</code> when neither
-	    the <code class="option">-s</code> nor <code class="option">-z</code> option is
-	    specified; otherwise, the default
-	    is <code class="constant">ddns-key</code> as a separate label
-	    followed by the argument of the option, e.g.,
-	    <code class="constant">ddns-key.example.com.</code>
-	    The key name must have the format of a valid domain name,
-	    consisting of letters, digits, hyphens and periods.
-	  </p>
-	</dd>
-<dt><span class="term">-q</span></dt>
-<dd>
-	  <p>
-	    (<span class="command"><strong>ddns-confgen</strong></span> only.) Quiet mode:  Print
-            only the key, with no explanatory text or usage examples;
-            This is essentially identical to <span class="command"><strong>tsig-keygen</strong></span>.
-	  </p>
-	</dd>
-<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
-<dd>
-	  <p>
-            (<span class="command"><strong>ddns-confgen</strong></span> only.)
-	    Generate configuration example to allow dynamic updates
-            of a single hostname.  The example <span class="command"><strong>named.conf</strong></span>
-            text shows how to set an update policy for the specified
-            <em class="replaceable"><code>name</code></em>
-	    using the "name" nametype.  The default key name is
-	    ddns-key.<em class="replaceable"><code>name</code></em>.
-	    Note that the "self" nametype cannot be used, since
-	    the name to be updated may differ from the key name.
-	    This option cannot be used with the <code class="option">-z</code> option.
-	  </p>
-	</dd>
-<dt><span class="term">-z <em class="replaceable"><code>zone</code></em></span></dt>
-<dd>
-	  <p>
-            (<span class="command"><strong>ddns-confgen</strong></span> only.)
-	    Generate configuration example to allow dynamic updates
-            of a zone:  The example <span class="command"><strong>named.conf</strong></span> text
-            shows how to set an update policy for the specified
-	    <em class="replaceable"><code>zone</code></em>
-	    using the "zonesub" nametype, allowing updates to
-            all subdomain names within that
-            <em class="replaceable"><code>zone</code></em>.
-	    This option cannot be used with the <code class="option">-s</code> option.
-	  </p>
-	</dd>
-</dl></div>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.9"></a><h2>SEE ALSO</h2>
-
-    <p><span class="citerefentry">
-	<span class="refentrytitle">nsupdate</span>(1)
-      </span>,
-      <span class="citerefentry">
-	<span class="refentrytitle">named.conf</span>(5)
-      </span>,
-      <span class="citerefentry">
-	<span class="refentrytitle">named</span>(8)
-      </span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
-    </p>
-  </div>
-
-</div></body>
-</html>

bin/confgen/include/confgen/os.h

@@ -1,33 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-/*! \file */
-
-#ifndef RNDC_OS_H
-#define RNDC_OS_H 1
-
-#include <isc/lang.h>
-#include <stdio.h>
-
-ISC_LANG_BEGINDECLS
-
-int set_user(FILE *fd, const char *user);
-/*%<
- * Set the owner of the file referenced by 'fd' to 'user'.
- * Returns:
- *   0 		success
- *   -1 	insufficient permissions, or 'user' does not exist.
- */
-
-ISC_LANG_ENDDECLS
-
-#endif

bin/confgen/keygen.c

@@ -1,193 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdlib.h>
-#include <stdarg.h>
-
-#include <isc/base64.h>
-#include <isc/buffer.h>
-#include <isc/file.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/result.h>
-#include <isc/string.h>
-
-#include <pk11/site.h>
-
-#include <dns/keyvalues.h>
-#include <dns/name.h>
-
-#include <dst/dst.h>
-#include <confgen/os.h>
-
-#include "util.h"
-#include "keygen.h"
-
-/*%
- * Convert algorithm type to string.
- */
-const char *
-alg_totext(dns_secalg_t alg) {
-	switch (alg) {
-	    case DST_ALG_HMACMD5:
-		return "hmac-md5";
-	    case DST_ALG_HMACSHA1:
-		return "hmac-sha1";
-	    case DST_ALG_HMACSHA224:
-		return "hmac-sha224";
-	    case DST_ALG_HMACSHA256:
-		return "hmac-sha256";
-	    case DST_ALG_HMACSHA384:
-		return "hmac-sha384";
-	    case DST_ALG_HMACSHA512:
-		return "hmac-sha512";
-	    default:
-		return "(unknown)";
-	}
-}
-
-/*%
- * Convert string to algorithm type.
- */
-dns_secalg_t
-alg_fromtext(const char *name) {
-	const char *p = name;
-	if (strncasecmp(p, "hmac-", 5) == 0)
-		p = &name[5];
-
-	if (strcasecmp(p, "md5") == 0)
-		return DST_ALG_HMACMD5;
-	if (strcasecmp(p, "sha1") == 0)
-		return DST_ALG_HMACSHA1;
-	if (strcasecmp(p, "sha224") == 0)
-		return DST_ALG_HMACSHA224;
-	if (strcasecmp(p, "sha256") == 0)
-		return DST_ALG_HMACSHA256;
-	if (strcasecmp(p, "sha384") == 0)
-		return DST_ALG_HMACSHA384;
-	if (strcasecmp(p, "sha512") == 0)
-		return DST_ALG_HMACSHA512;
-	return DST_ALG_UNKNOWN;
-}
-
-/*%
- * Return default keysize for a given algorithm type.
- */
-int
-alg_bits(dns_secalg_t alg) {
-	switch (alg) {
-	    case DST_ALG_HMACMD5:
-		return 128;
-	    case DST_ALG_HMACSHA1:
-		return 160;
-	    case DST_ALG_HMACSHA224:
-		return 224;
-	    case DST_ALG_HMACSHA256:
-		return 256;
-	    case DST_ALG_HMACSHA384:
-		return 384;
-	    case DST_ALG_HMACSHA512:
-		return 512;
-	    default:
-		return 0;
-	}
-}
-
-/*%
- * Generate a key of size 'keysize' and place it in 'key_txtbuffer'
- */
-void
-generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
-	     isc_buffer_t *key_txtbuffer) {
-	isc_result_t result = ISC_R_SUCCESS;
-	isc_buffer_t key_rawbuffer;
-	isc_region_t key_rawregion;
-	char key_rawsecret[64];
-	dst_key_t *key = NULL;
-
-	switch (alg) {
-	    case DST_ALG_HMACMD5:
-	    case DST_ALG_HMACSHA1:
-	    case DST_ALG_HMACSHA224:
-	    case DST_ALG_HMACSHA256:
-		if (keysize < 1 || keysize > 512)
-			fatal("keysize %d out of range (must be 1-512)\n",
-			      keysize);
-		break;
-	    case DST_ALG_HMACSHA384:
-	    case DST_ALG_HMACSHA512:
-		if (keysize < 1 || keysize > 1024)
-			fatal("keysize %d out of range (must be 1-1024)\n",
-			      keysize);
-		break;
-	    default:
-		fatal("unsupported algorithm %d\n", alg);
-	}
-
-	DO("initialize dst library", dst_lib_init(mctx, NULL));
-
-	DO("generate key", dst_key_generate(dns_rootname, alg,
-					    keysize, 0, 0, DNS_KEYPROTO_ANY,
-					    dns_rdataclass_in, mctx, &key,
-					    NULL));
-
-	isc_buffer_init(&key_rawbuffer, &key_rawsecret, sizeof(key_rawsecret));
-
-	DO("dump key to buffer", dst_key_tobuffer(key, &key_rawbuffer));
-
-	isc_buffer_usedregion(&key_rawbuffer, &key_rawregion);
-
-	DO("bsse64 encode secret", isc_base64_totext(&key_rawregion, -1, "",
-						     key_txtbuffer));
-
-	if (key != NULL)
-		dst_key_free(&key);
-
-	dst_lib_destroy();
-}
-
-/*%
- * Write a key file to 'keyfile'.  If 'user' is non-NULL,
- * make that user the owner of the file.  The key will have
- * the name 'keyname' and the secret in the buffer 'secret'.
- */
-void
-write_key_file(const char *keyfile, const char *user,
-	       const char *keyname, isc_buffer_t *secret,
-	       dns_secalg_t alg) {
-	isc_result_t result;
-	const char *algname = alg_totext(alg);
-	FILE *fd = NULL;
-
-	DO("create keyfile", isc_file_safecreate(keyfile, &fd));
-
-	if (user != NULL) {
-		if (set_user(fd, user) == -1)
-			fatal("unable to set file owner\n");
-	}
-
-	fprintf(fd, "key \"%s\" {\n\talgorithm %s;\n"
-		"\tsecret \"%.*s\";\n};\n",
-		keyname, algname,
-		(int)isc_buffer_usedlength(secret),
-		(char *)isc_buffer_base(secret));
-	fflush(fd);
-	if (ferror(fd))
-		fatal("write to %s failed\n", keyfile);
-	if (fclose(fd))
-		fatal("fclose(%s) failed\n", keyfile);
-	fprintf(stderr, "wrote key file \"%s\"\n", keyfile);
-}

bin/confgen/keygen.h

@@ -1,35 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-#ifndef RNDC_KEYGEN_H
-#define RNDC_KEYGEN_H 1
-
-/*! \file */
-
-#include <isc/lang.h>
-
-ISC_LANG_BEGINDECLS
-
-void generate_key(isc_mem_t *mctx, dns_secalg_t alg, int keysize,
-		  isc_buffer_t *key_txtbuffer);
-
-void write_key_file(const char *keyfile, const char *user,
-		    const char *keyname, isc_buffer_t *secret,
-		    dns_secalg_t alg);
-
-const char *alg_totext(dns_secalg_t alg);
-dns_secalg_t alg_fromtext(const char *name);
-int alg_bits(dns_secalg_t alg);
-
-ISC_LANG_ENDDECLS
-
-#endif /* RNDC_KEYGEN_H */

bin/confgen/rndc-confgen.8

@@ -1,210 +0,0 @@
-.\" Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
-.\"
-.hy 0
-.ad l
-'\" t
-.\"     Title: rndc-confgen
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 2013-03-14
-.\"    Manual: BIND9
-.\"    Source: ISC
-.\"  Language: English
-.\"
-.TH "RNDC\-CONFGEN" "8" "2013\-03\-14" "ISC" "BIND9"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-rndc-confgen \- rndc key generation tool
-.SH "SYNOPSIS"
-.HP \w'\fBrndc\-confgen\fR\ 'u
-\fBrndc\-confgen\fR [\fB\-a\fR] [\fB\-A\ \fR\fB\fIalgorithm\fR\fR] [\fB\-b\ \fR\fB\fIkeysize\fR\fR] [\fB\-c\ \fR\fB\fIkeyfile\fR\fR] [\fB\-h\fR] [\fB\-k\ \fR\fB\fIkeyname\fR\fR] [\fB\-p\ \fR\fB\fIport\fR\fR] [\fB\-s\ \fR\fB\fIaddress\fR\fR] [\fB\-t\ \fR\fB\fIchrootdir\fR\fR] [\fB\-u\ \fR\fB\fIuser\fR\fR]
-.SH "DESCRIPTION"
-.PP
-\fBrndc\-confgen\fR
-generates configuration files for
-\fBrndc\fR\&. It can be used as a convenient alternative to writing the
-rndc\&.conf
-file and the corresponding
-\fBcontrols\fR
-and
-\fBkey\fR
-statements in
-named\&.conf
-by hand\&. Alternatively, it can be run with the
-\fB\-a\fR
-option to set up a
-rndc\&.key
-file and avoid the need for a
-rndc\&.conf
-file and a
-\fBcontrols\fR
-statement altogether\&.
-.SH "OPTIONS"
-.PP
-\-a
-.RS 4
-Do automatic
-\fBrndc\fR
-configuration\&. This creates a file
-rndc\&.key
-in
-/etc
-(or whatever
-\fIsysconfdir\fR
-was specified as when
-BIND
-was built) that is read by both
-\fBrndc\fR
-and
-\fBnamed\fR
-on startup\&. The
-rndc\&.key
-file defines a default command channel and authentication key allowing
-\fBrndc\fR
-to communicate with
-\fBnamed\fR
-on the local host with no further configuration\&.
-.sp
-Running
-\fBrndc\-confgen \-a\fR
-allows BIND 9 and
-\fBrndc\fR
-to be used as drop\-in replacements for BIND 8 and
-\fBndc\fR, with no changes to the existing BIND 8
-named\&.conf
-file\&.
-.sp
-If a more elaborate configuration than that generated by
-\fBrndc\-confgen \-a\fR
-is required, for example if rndc is to be used remotely, you should run
-\fBrndc\-confgen\fR
-without the
-\fB\-a\fR
-option and set up a
-rndc\&.conf
-and
-named\&.conf
-as directed\&.
-.RE
-.PP
-\-A \fIalgorithm\fR
-.RS 4
-Specifies the algorithm to use for the TSIG key\&. Available choices are: hmac\-md5, hmac\-sha1, hmac\-sha224, hmac\-sha256, hmac\-sha384 and hmac\-sha512\&. The default is hmac\-sha256\&.
-.RE
-.PP
-\-b \fIkeysize\fR
-.RS 4
-Specifies the size of the authentication key in bits\&. Must be between 1 and 512 bits; the default is the hash size\&.
-.RE
-.PP
-\-c \fIkeyfile\fR
-.RS 4
-Used with the
-\fB\-a\fR
-option to specify an alternate location for
-rndc\&.key\&.
-.RE
-.PP
-\-h
-.RS 4
-Prints a short summary of the options and arguments to
-\fBrndc\-confgen\fR\&.
-.RE
-.PP
-\-k \fIkeyname\fR
-.RS 4
-Specifies the key name of the rndc authentication key\&. This must be a valid domain name\&. The default is
-\fBrndc\-key\fR\&.
-.RE
-.PP
-\-p \fIport\fR
-.RS 4
-Specifies the command channel port where
-\fBnamed\fR
-listens for connections from
-\fBrndc\fR\&. The default is 953\&.
-.RE
-.PP
-\-s \fIaddress\fR
-.RS 4
-Specifies the IP address where
-\fBnamed\fR
-listens for command channel connections from
-\fBrndc\fR\&. The default is the loopback address 127\&.0\&.0\&.1\&.
-.RE
-.PP
-\-t \fIchrootdir\fR
-.RS 4
-Used with the
-\fB\-a\fR
-option to specify a directory where
-\fBnamed\fR
-will run chrooted\&. An additional copy of the
-rndc\&.key
-will be written relative to this directory so that it will be found by the chrooted
-\fBnamed\fR\&.
-.RE
-.PP
-\-u \fIuser\fR
-.RS 4
-Used with the
-\fB\-a\fR
-option to set the owner of the
-rndc\&.key
-file generated\&. If
-\fB\-t\fR
-is also specified only the file in the chroot area has its owner changed\&.
-.RE
-.SH "EXAMPLES"
-.PP
-To allow
-\fBrndc\fR
-to be used with no manual configuration, run
-.PP
-\fBrndc\-confgen \-a\fR
-.PP
-To print a sample
-rndc\&.conf
-file and corresponding
-\fBcontrols\fR
-and
-\fBkey\fR
-statements to be manually inserted into
-named\&.conf, run
-.PP
-\fBrndc\-confgen\fR
-.SH "SEE ALSO"
-.PP
-\fBrndc\fR(8),
-\fBrndc.conf\fR(5),
-\fBnamed\fR(8),
-BIND 9 Administrator Reference Manual\&.
-.SH "AUTHOR"
-.PP
-\fBInternet Systems Consortium, Inc\&.\fR
-.SH "COPYRIGHT"
-.br
-Copyright \(co 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/confgen/rndc-confgen.c

@@ -1,277 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-/*! \file */
-
-/**
- * rndc-confgen generates configuration files for rndc. It can be used
- * as a convenient alternative to writing the rndc.conf file and the
- * corresponding controls and key statements in named.conf by hand.
- * Alternatively, it can be run with the -a option to set up a
- * rndc.key file and avoid the need for a rndc.conf file and a
- * controls statement altogether.
- */
-
-#include <config.h>
-
-#include <stdarg.h>
-#include <stdbool.h>
-#include <stdlib.h>
-
-#include <isc/assertions.h>
-#include <isc/base64.h>
-#include <isc/buffer.h>
-#include <isc/commandline.h>
-#include <isc/file.h>
-#include <isc/mem.h>
-#include <isc/net.h>
-#include <isc/print.h>
-#include <isc/result.h>
-#include <isc/string.h>
-#include <isc/time.h>
-#include <isc/util.h>
-
-#include <pk11/site.h>
-
-#include <dns/keyvalues.h>
-#include <dns/name.h>
-
-#include <dst/dst.h>
-#include <confgen/os.h>
-
-#include "util.h"
-#include "keygen.h"
-
-#define DEFAULT_KEYNAME		"rndc-key"
-#define DEFAULT_SERVER		"127.0.0.1"
-#define DEFAULT_PORT		953
-
-static char program[256];
-const char *progname;
-
-bool verbose = false;
-
-const char *keyfile, *keydef;
-
-ISC_PLATFORM_NORETURN_PRE static void
-usage(int status) ISC_PLATFORM_NORETURN_POST;
-
-static void
-usage(int status) {
-
-	fprintf(stderr, "\
-Usage:\n\
- %s [-a] [-b bits] [-c keyfile] [-k keyname] [-p port] \
-[-s addr] [-t chrootdir] [-u user]\n\
-  -a:		 generate just the key clause and write it to keyfile (%s)\n\
-  -A alg:	 algorithm (default hmac-sha256)\n\
-  -b bits:	 from 1 through 512, default 256; total length of the secret\n\
-  -c keyfile:	 specify an alternate key file (requires -a)\n\
-  -k keyname:	 the name as it will be used  in named.conf and rndc.conf\n\
-  -p port:	 the port named will listen on and rndc will connect to\n\
-  -s addr:	 the address to which rndc should connect\n\
-  -t chrootdir:	 write a keyfile in chrootdir as well (requires -a)\n\
-  -u user:	 set the keyfile owner to \"user\" (requires -a)\n",
-		 progname, keydef);
-
-	exit (status);
-}
-
-int
-main(int argc, char **argv) {
-	bool show_final_mem = false;
-	isc_buffer_t key_txtbuffer;
-	char key_txtsecret[256];
-	isc_mem_t *mctx = NULL;
-	isc_result_t result = ISC_R_SUCCESS;
-	const char *keyname = NULL;
-	const char *serveraddr = NULL;
-	dns_secalg_t alg;
-	const char *algname;
-	char *p;
-	int ch;
-	int port;
-	int keysize = -1;
-	struct in_addr addr4_dummy;
-	struct in6_addr addr6_dummy;
-	char *chrootdir = NULL;
-	char *user = NULL;
-	bool keyonly = false;
-	int len;
-
-	keydef = keyfile = RNDC_KEYFILE;
-
-	result = isc_file_progname(*argv, program, sizeof(program));
-	if (result != ISC_R_SUCCESS)
-		memmove(program, "rndc-confgen", 13);
-	progname = program;
-
-	keyname = DEFAULT_KEYNAME;
-	alg = DST_ALG_HMACSHA256;
-	serveraddr = DEFAULT_SERVER;
-	port = DEFAULT_PORT;
-
-	isc_commandline_errprint = false;
-
-	while ((ch = isc_commandline_parse(argc, argv,
-					   "aA:b:c:hk:Mmp:r:s:t:u:Vy")) != -1)
-	{
-		switch (ch) {
-		case 'a':
-			keyonly = true;
-			break;
-		case 'A':
-			algname = isc_commandline_argument;
-			alg = alg_fromtext(algname);
-			if (alg == DST_ALG_UNKNOWN)
-				fatal("Unsupported algorithm '%s'", algname);
-			break;
-		case 'b':
-			keysize = strtol(isc_commandline_argument, &p, 10);
-			if (*p != '\0' || keysize < 0)
-				fatal("-b requires a non-negative number");
-			break;
-		case 'c':
-			keyfile = isc_commandline_argument;
-			break;
-		case 'h':
-			usage(0);
-		case 'k':
-		case 'y':	/* Compatible with rndc -y. */
-			keyname = isc_commandline_argument;
-			break;
-		case 'M':
-			isc_mem_debugging = ISC_MEM_DEBUGTRACE;
-			break;
-
-		case 'm':
-			show_final_mem = true;
-			break;
-		case 'p':
-			port = strtol(isc_commandline_argument, &p, 10);
-			if (*p != '\0' || port < 0 || port > 65535)
-				fatal("port '%s' out of range",
-				      isc_commandline_argument);
-			break;
-		case 'r':
-			fatal("The -r option has been deprecated.");
-			break;
-		case 's':
-			serveraddr = isc_commandline_argument;
-			if (inet_pton(AF_INET, serveraddr, &addr4_dummy) != 1 &&
-			    inet_pton(AF_INET6, serveraddr, &addr6_dummy) != 1)
-				fatal("-s should be an IPv4 or IPv6 address");
-			break;
-		case 't':
-			chrootdir = isc_commandline_argument;
-			break;
-		case 'u':
-			user = isc_commandline_argument;
-			break;
-		case 'V':
-			verbose = true;
-			break;
-		case '?':
-			if (isc_commandline_option != '?') {
-				fprintf(stderr, "%s: invalid argument -%c\n",
-					program, isc_commandline_option);
-				usage(1);
-			} else
-				usage(0);
-			break;
-		default:
-			fprintf(stderr, "%s: unhandled option -%c\n",
-				program, isc_commandline_option);
-			exit(1);
-		}
-	}
-
-	argc -= isc_commandline_index;
-	argv += isc_commandline_index;
-	POST(argv);
-
-	if (argc > 0)
-		usage(1);
-
-	if (alg == DST_ALG_HMACMD5) {
-		fprintf(stderr,
-			"warning: use of hmac-md5 for RNDC keys "
-			"is deprecated; hmac-sha256 is now recommended.\n");
-	}
-
-	if (keysize < 0)
-		keysize = alg_bits(alg);
-	algname = alg_totext(alg);
-
-	DO("create memory context", isc_mem_create(0, 0, &mctx));
-	isc_buffer_init(&key_txtbuffer, &key_txtsecret, sizeof(key_txtsecret));
-
-	generate_key(mctx, alg, keysize, &key_txtbuffer);
-
-	if (keyonly) {
-		write_key_file(keyfile, chrootdir == NULL ? user : NULL,
-			       keyname, &key_txtbuffer, alg);
-
-		if (chrootdir != NULL) {
-			char *buf;
-			len = strlen(chrootdir) + strlen(keyfile) + 2;
-			buf = isc_mem_get(mctx, len);
-			if (buf == NULL)
-				fatal("isc_mem_get(%d) failed\n", len);
-			snprintf(buf, len, "%s%s%s", chrootdir,
-				 (*keyfile != '/') ? "/" : "", keyfile);
-
-			write_key_file(buf, user, keyname, &key_txtbuffer, alg);
-			isc_mem_put(mctx, buf, len);
-		}
-	} else {
-		printf("\
-# Start of rndc.conf\n\
-key \"%s\" {\n\
-	algorithm %s;\n\
-	secret \"%.*s\";\n\
-};\n\
-\n\
-options {\n\
-	default-key \"%s\";\n\
-	default-server %s;\n\
-	default-port %d;\n\
-};\n\
-# End of rndc.conf\n\
-\n\
-# Use with the following in named.conf, adjusting the allow list as needed:\n\
-# key \"%s\" {\n\
-# 	algorithm %s;\n\
-# 	secret \"%.*s\";\n\
-# };\n\
-# \n\
-# controls {\n\
-# 	inet %s port %d\n\
-# 		allow { %s; } keys { \"%s\"; };\n\
-# };\n\
-# End of named.conf\n",
-		       keyname, algname,
-		       (int)isc_buffer_usedlength(&key_txtbuffer),
-		       (char *)isc_buffer_base(&key_txtbuffer),
-		       keyname, serveraddr, port,
-		       keyname, algname,
-		       (int)isc_buffer_usedlength(&key_txtbuffer),
-		       (char *)isc_buffer_base(&key_txtbuffer),
-		       serveraddr, port, serveraddr, keyname);
-	}
-
-	if (show_final_mem)
-		isc_mem_stats(mctx, stderr);
-
-	isc_mem_destroy(&mctx);
-
-	return (0);
-}

bin/confgen/rndc-confgen.docbook

@@ -1,269 +0,0 @@
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-
-<!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.rndc-confgen">
-  <info>
-    <date>2013-03-14</date>
-  </info>
-  <refentryinfo>
-    <corpname>ISC</corpname>
-    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle><application>rndc-confgen</application></refentrytitle>
-    <manvolnum>8</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname><application>rndc-confgen</application></refname>
-    <refpurpose>rndc key generation tool</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2001</year>
-      <year>2003</year>
-      <year>2004</year>
-      <year>2005</year>
-      <year>2007</year>
-      <year>2009</year>
-      <year>2013</year>
-      <year>2014</year>
-      <year>2015</year>
-      <year>2016</year>
-      <year>2017</year>
-      <year>2018</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis sepchar=" ">
-      <command>rndc-confgen</command>
-      <arg choice="opt" rep="norepeat"><option>-a</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-A <replaceable class="parameter">algorithm</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">keysize</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">keyfile</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">address</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsection><info><title>DESCRIPTION</title></info>
-
-    <para><command>rndc-confgen</command>
-      generates configuration files
-      for <command>rndc</command>.  It can be used as a
-      convenient alternative to writing the
-      <filename>rndc.conf</filename> file
-      and the corresponding <command>controls</command>
-      and <command>key</command>
-      statements in <filename>named.conf</filename> by hand.
-      Alternatively, it can be run with the <command>-a</command>
-      option to set up a <filename>rndc.key</filename> file and
-      avoid the need for a <filename>rndc.conf</filename> file
-      and a <command>controls</command> statement altogether.
-    </para>
-
-  </refsection>
-
-  <refsection><info><title>OPTIONS</title></info>
-
-
-    <variablelist>
-      <varlistentry>
-        <term>-a</term>
-        <listitem>
-          <para>
-            Do automatic <command>rndc</command> configuration.
-            This creates a file <filename>rndc.key</filename>
-            in <filename>/etc</filename> (or whatever
-            <varname>sysconfdir</varname>
-            was specified as when <acronym>BIND</acronym> was
-            built)
-            that is read by both <command>rndc</command>
-            and <command>named</command> on startup.  The
-            <filename>rndc.key</filename> file defines a default
-            command channel and authentication key allowing
-            <command>rndc</command> to communicate with
-            <command>named</command> on the local host
-            with no further configuration.
-          </para>
-          <para>
-            Running <command>rndc-confgen -a</command> allows
-            BIND 9 and <command>rndc</command> to be used as
-            drop-in
-            replacements for BIND 8 and <command>ndc</command>,
-            with no changes to the existing BIND 8
-            <filename>named.conf</filename> file.
-          </para>
-          <para>
-            If a more elaborate configuration than that
-            generated by <command>rndc-confgen -a</command>
-            is required, for example if rndc is to be used remotely,
-            you should run <command>rndc-confgen</command> without
-            the
-            <command>-a</command> option and set up a
-            <filename>rndc.conf</filename> and
-            <filename>named.conf</filename>
-            as directed.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-A <replaceable class="parameter">algorithm</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the algorithm to use for the TSIG key.  Available
-            choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
-            hmac-sha384 and hmac-sha512.  The default is hmac-sha256.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-b <replaceable class="parameter">keysize</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the size of the authentication key in bits.
-            Must be between 1 and 512 bits; the default is the
-            hash size.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-c <replaceable class="parameter">keyfile</replaceable></term>
-        <listitem>
-          <para>
-            Used with the <command>-a</command> option to specify
-            an alternate location for <filename>rndc.key</filename>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-h</term>
-        <listitem>
-          <para>
-            Prints a short summary of the options and arguments to
-            <command>rndc-confgen</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-k <replaceable class="parameter">keyname</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the key name of the rndc authentication key.
-            This must be a valid domain name.
-            The default is <constant>rndc-key</constant>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-p <replaceable class="parameter">port</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the command channel port where <command>named</command>
-            listens for connections from <command>rndc</command>.
-            The default is 953.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-s <replaceable class="parameter">address</replaceable></term>
-        <listitem>
-          <para>
-            Specifies the IP address where <command>named</command>
-            listens for command channel connections from
-            <command>rndc</command>.  The default is the loopback
-            address 127.0.0.1.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-t <replaceable class="parameter">chrootdir</replaceable></term>
-        <listitem>
-          <para>
-            Used with the <command>-a</command> option to specify
-            a directory where <command>named</command> will run
-            chrooted.  An additional copy of the <filename>rndc.key</filename>
-            will be written relative to this directory so that
-            it will be found by the chrooted <command>named</command>.
-          </para>
-        </listitem>
-      </varlistentry>
-
-      <varlistentry>
-        <term>-u <replaceable class="parameter">user</replaceable></term>
-        <listitem>
-          <para>
-            Used with the <command>-a</command> option to set the
-            owner
-            of the <filename>rndc.key</filename> file generated.
-            If
-            <command>-t</command> is also specified only the file
-            in
-            the chroot area has its owner changed.
-          </para>
-        </listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsection>
-
-  <refsection><info><title>EXAMPLES</title></info>
-
-    <para>
-      To allow <command>rndc</command> to be used with
-      no manual configuration, run
-    </para>
-    <para><userinput>rndc-confgen -a</userinput>
-    </para>
-    <para>
-      To print a sample <filename>rndc.conf</filename> file and
-      corresponding <command>controls</command> and <command>key</command>
-      statements to be manually inserted into <filename>named.conf</filename>,
-      run
-    </para>
-    <para><userinput>rndc-confgen</userinput>
-    </para>
-  </refsection>
-
-  <refsection><info><title>SEE ALSO</title></info>
-
-    <para><citerefentry>
-        <refentrytitle>rndc</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>rndc.conf</refentrytitle><manvolnum>5</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>BIND 9 Administrator Reference Manual</citetitle>.
-    </para>
-  </refsection>
-
-</refentry>

bin/confgen/rndc-confgen.html

@@ -1,226 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<!--
- - Copyright (C) 2001, 2003-2005, 2007, 2009, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
- - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
--->
-<html lang="en">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>rndc-confgen</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
-<a name="man.rndc-confgen"></a><div class="titlepage"></div>
-  
-  
-
-  
-
-  <div class="refnamediv">
-<h2>Name</h2>
-<p>
-    <span class="application">rndc-confgen</span>
-     &#8212; rndc key generation tool
-  </p>
-</div>
-
-  
-
-  <div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-    <div class="cmdsynopsis"><p>
-      <code class="command">rndc-confgen</code> 
-       [<code class="option">-a</code>]
-       [<code class="option">-A <em class="replaceable"><code>algorithm</code></em></code>]
-       [<code class="option">-b <em class="replaceable"><code>keysize</code></em></code>]
-       [<code class="option">-c <em class="replaceable"><code>keyfile</code></em></code>]
-       [<code class="option">-h</code>]
-       [<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
-       [<code class="option">-p <em class="replaceable"><code>port</code></em></code>]
-       [<code class="option">-s <em class="replaceable"><code>address</code></em></code>]
-       [<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>]
-       [<code class="option">-u <em class="replaceable"><code>user</code></em></code>]
-    </p></div>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.7"></a><h2>DESCRIPTION</h2>
-
-    <p><span class="command"><strong>rndc-confgen</strong></span>
-      generates configuration files
-      for <span class="command"><strong>rndc</strong></span>.  It can be used as a
-      convenient alternative to writing the
-      <code class="filename">rndc.conf</code> file
-      and the corresponding <span class="command"><strong>controls</strong></span>
-      and <span class="command"><strong>key</strong></span>
-      statements in <code class="filename">named.conf</code> by hand.
-      Alternatively, it can be run with the <span class="command"><strong>-a</strong></span>
-      option to set up a <code class="filename">rndc.key</code> file and
-      avoid the need for a <code class="filename">rndc.conf</code> file
-      and a <span class="command"><strong>controls</strong></span> statement altogether.
-    </p>
-
-  </div>
-
-  <div class="refsection">
-<a name="id-1.8"></a><h2>OPTIONS</h2>
-
-
-    <div class="variablelist"><dl class="variablelist">
-<dt><span class="term">-a</span></dt>
-<dd>
-          <p>
-            Do automatic <span class="command"><strong>rndc</strong></span> configuration.
-            This creates a file <code class="filename">rndc.key</code>
-            in <code class="filename">/etc</code> (or whatever
-            <code class="varname">sysconfdir</code>
-            was specified as when <acronym class="acronym">BIND</acronym> was
-            built)
-            that is read by both <span class="command"><strong>rndc</strong></span>
-            and <span class="command"><strong>named</strong></span> on startup.  The
-            <code class="filename">rndc.key</code> file defines a default
-            command channel and authentication key allowing
-            <span class="command"><strong>rndc</strong></span> to communicate with
-            <span class="command"><strong>named</strong></span> on the local host
-            with no further configuration.
-          </p>
-          <p>
-            Running <span class="command"><strong>rndc-confgen -a</strong></span> allows
-            BIND 9 and <span class="command"><strong>rndc</strong></span> to be used as
-            drop-in
-            replacements for BIND 8 and <span class="command"><strong>ndc</strong></span>,
-            with no changes to the existing BIND 8
-            <code class="filename">named.conf</code> file.
-          </p>
-          <p>
-            If a more elaborate configuration than that
-            generated by <span class="command"><strong>rndc-confgen -a</strong></span>
-            is required, for example if rndc is to be used remotely,
-            you should run <span class="command"><strong>rndc-confgen</strong></span> without
-            the
-            <span class="command"><strong>-a</strong></span> option and set up a
-            <code class="filename">rndc.conf</code> and
-            <code class="filename">named.conf</code>
-            as directed.
-          </p>
-        </dd>
-<dt><span class="term">-A <em class="replaceable"><code>algorithm</code></em></span></dt>
-<dd>
-          <p>
-            Specifies the algorithm to use for the TSIG key.  Available
-            choices are: hmac-md5, hmac-sha1, hmac-sha224, hmac-sha256,
-            hmac-sha384 and hmac-sha512.  The default is hmac-sha256.
-          </p>
-        </dd>
-<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
-<dd>
-          <p>
-            Specifies the size of the authentication key in bits.
-            Must be between 1 and 512 bits; the default is the
-            hash size.
-          </p>
-        </dd>
-<dt><span class="term">-c <em class="replaceable"><code>keyfile</code></em></span></dt>
-<dd>
-          <p>
-            Used with the <span class="command"><strong>-a</strong></span> option to specify
-            an alternate location for <code class="filename">rndc.key</code>.
-          </p>
-        </dd>
-<dt><span class="term">-h</span></dt>
-<dd>
-          <p>
-            Prints a short summary of the options and arguments to
-            <span class="command"><strong>rndc-confgen</strong></span>.
-          </p>
-        </dd>
-<dt><span class="term">-k <em class="replaceable"><code>keyname</code></em></span></dt>
-<dd>
-          <p>
-            Specifies the key name of the rndc authentication key.
-            This must be a valid domain name.
-            The default is <code class="constant">rndc-key</code>.
-          </p>
-        </dd>
-<dt><span class="term">-p <em class="replaceable"><code>port</code></em></span></dt>
-<dd>
-          <p>
-            Specifies the command channel port where <span class="command"><strong>named</strong></span>
-            listens for connections from <span class="command"><strong>rndc</strong></span>.
-            The default is 953.
-          </p>
-        </dd>
-<dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
-<dd>
-          <p>
-            Specifies the IP address where <span class="command"><strong>named</strong></span>
-            listens for command channel connections from
-            <span class="command"><strong>rndc</strong></span>.  The default is the loopback
-            address 127.0.0.1.
-          </p>
-        </dd>
-<dt><span class="term">-t <em class="replaceable"><code>chrootdir</code></em></span></dt>
-<dd>
-          <p>
-            Used with the <span class="command"><strong>-a</strong></span> option to specify
-            a directory where <span class="command"><strong>named</strong></span> will run
-            chrooted.  An additional copy of the <code class="filename">rndc.key</code>
-            will be written relative to this directory so that
-            it will be found by the chrooted <span class="command"><strong>named</strong></span>.
-          </p>
-        </dd>
-<dt><span class="term">-u <em class="replaceable"><code>user</code></em></span></dt>
-<dd>
-          <p>
-            Used with the <span class="command"><strong>-a</strong></span> option to set the
-            owner
-            of the <code class="filename">rndc.key</code> file generated.
-            If
-            <span class="command"><strong>-t</strong></span> is also specified only the file
-            in
-            the chroot area has its owner changed.
-          </p>
-        </dd>
-</dl></div>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.9"></a><h2>EXAMPLES</h2>
-
-    <p>
-      To allow <span class="command"><strong>rndc</strong></span> to be used with
-      no manual configuration, run
-    </p>
-    <p><strong class="userinput"><code>rndc-confgen -a</code></strong>
-    </p>
-    <p>
-      To print a sample <code class="filename">rndc.conf</code> file and
-      corresponding <span class="command"><strong>controls</strong></span> and <span class="command"><strong>key</strong></span>
-      statements to be manually inserted into <code class="filename">named.conf</code>,
-      run
-    </p>
-    <p><strong class="userinput"><code>rndc-confgen</code></strong>
-    </p>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.10"></a><h2>SEE ALSO</h2>
-
-    <p><span class="citerefentry">
-        <span class="refentrytitle">rndc</span>(8)
-      </span>,
-      <span class="citerefentry">
-        <span class="refentrytitle">rndc.conf</span>(5)
-      </span>,
-      <span class="citerefentry">
-        <span class="refentrytitle">named</span>(8)
-      </span>,
-      <em class="citetitle">BIND 9 Administrator Reference Manual</em>.
-    </p>
-  </div>
-
-</div></body>
-</html>

bin/confgen/unix/Makefile.in

@@ -1,28 +0,0 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-srcdir =	@srcdir@
-VPATH =		@srcdir@
-top_srcdir =	@top_srcdir@
-
-@BIND9_MAKE_INCLUDES@
-
-CINCLUDES =	-I${srcdir}/include -I${srcdir}/../include \
-		${DNS_INCLUDES} ${ISC_INCLUDES}
-
-CDEFINES =
-CWARNINGS =
-
-OBJS =		os.@O@
-
-SRCS =		os.c
-
-TARGETS =	${OBJS}
-
-@BIND9_MAKE_RULES@

bin/confgen/unix/os.c

@@ -1,37 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-/*! \file */
-
-#include <config.h>
-
-#include <confgen/os.h>
-
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <pwd.h>
-#include <errno.h>
-#include <stdio.h>
-#include <sys/stat.h>
-
-int
-set_user(FILE *fd, const char *user) {
-	struct passwd *pw;
-
-	pw = getpwnam(user);
-	if (pw == NULL) {
-		errno = EINVAL;
-		return (-1);
-	}
-	return (fchown(fileno(fd), pw->pw_uid, -1));
-}

bin/confgen/util.c

@@ -1,51 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-/*! \file */
-
-#include <config.h>
-
-#include <stdarg.h>
-#include <stdbool.h>
-#include <stdlib.h>
-#include <stdio.h>
-
-#include <isc/print.h>
-
-#include "util.h"
-
-extern bool verbose;
-extern const char *progname;
-
-void
-notify(const char *fmt, ...) {
-	va_list ap;
-
-	if (verbose) {
-		va_start(ap, fmt);
-		vfprintf(stderr, fmt, ap);
-		va_end(ap);
-		fputs("\n", stderr);
-	}
-}
-
-void
-fatal(const char *format, ...) {
-	va_list args;
-
-	fprintf(stderr, "%s: ", progname);
-	va_start(args, format);
-	vfprintf(stderr, format, args);
-	va_end(args);
-	fprintf(stderr, "\n");
-	exit(1);
-}

bin/confgen/util.h

@@ -1,46 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-#ifndef RNDC_UTIL_H
-#define RNDC_UTIL_H 1
-
-/*! \file */
-
-#include <isc/lang.h>
-#include <isc/platform.h>
-
-#include <isc/formatcheck.h>
-
-#define NS_CONTROL_PORT		953
-
-#undef DO
-#define DO(name, function) \
-	do { \
-		result = function; \
-		if (result != ISC_R_SUCCESS) \
-			fatal("%s: %s", name, isc_result_totext(result)); \
-		else \
-			notify("%s", name); \
-	} while (0)
-
-ISC_LANG_BEGINDECLS
-
-void
-notify(const char *fmt, ...) ISC_FORMAT_PRINTF(1, 2);
-
-ISC_PLATFORM_NORETURN_PRE void
-fatal(const char *format, ...)
-ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
-
-ISC_LANG_ENDDECLS
-
-#endif /* RNDC_UTIL_H */

bin/confgen/win32/confgentool.vcxproj.filters.in

@@ -1,39 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <Filter Include="Source Files">
-      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
-      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
-    </Filter>
-    <Filter Include="Header Files">
-      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
-      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
-    </Filter>
-    <Filter Include="Resource Files">
-      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
-      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
-    </Filter>
-  </ItemGroup>
-  <ItemGroup>
-    <ClInclude Include="..\keygen.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="..\util.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-    <ClInclude Include="..\include\confgen\os.h">
-      <Filter>Header Files</Filter>
-    </ClInclude>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="..\keygen.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="..\util.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-    <ClCompile Include="os.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-  </ItemGroup>
-</Project>

bin/confgen/win32/confgentool.vcxproj.in

@@ -1,111 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|@PLATFORM@">
-      <Configuration>Debug</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|@PLATFORM@">
-      <Configuration>Release</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{64964B03-4815-41F0-9057-E766A94AF197}</ProjectGuid>
-    <Keyword>Win32Proj</Keyword>
-    <RootNamespace>confgentool</RootNamespace>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>StaticLibrary</ConfigurationType>
-    <UseDebugLibraries>true</UseDebugLibraries>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>StaticLibrary</ConfigurationType>
-    <UseDebugLibraries>false</UseDebugLibraries>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <LinkIncremental>true</LinkIncremental>
-    <OutDir>.\$(Configuration)\</OutDir>
-    <IntDir>.\$(Configuration)\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <LinkIncremental>false</LinkIncremental>
-    <OutDir>.\$(Configuration)\</OutDir>
-    <IntDir>.\$(Configuration)\</IntDir>
-  </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <ClCompile>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <BrowseInformation>true</BrowseInformation>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <Optimization>MaxSpeed</Optimization>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <WholeProgramOptimization>false</WholeProgramOptimization>
-      <StringPooling>true</StringPooling>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <OptimizeReferences>true</OptimizeReferences>
-      <LinkTimeCodeGeneration>false</LinkTimeCodeGeneration>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemGroup>
-    <ClInclude Include="..\include\confgen\os.h" />
-    <ClInclude Include="..\keygen.h" />
-    <ClInclude Include="..\util.h" />
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="..\keygen.c" />
-    <ClCompile Include="..\util.c" />
-    <ClCompile Include="os.c" />
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
-</Project>

bin/confgen/win32/confgentool.vcxproj.user

@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-</Project>

bin/confgen/win32/ddnsconfgen.vcxproj.filters.in

@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <Filter Include="Source Files">
-      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
-      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
-    </Filter>
-    <Filter Include="Resource Files">
-      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
-      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
-    </Filter>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="..\ddns-confgen.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-  </ItemGroup>
-</Project>

bin/confgen/win32/ddnsconfgen.vcxproj.in

@@ -1,123 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|@PLATFORM@">
-      <Configuration>Debug</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|@PLATFORM@">
-      <Configuration>Release</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{1EA4FC64-F33B-4A50-970A-EA052BBE9CF1}</ProjectGuid>
-    <Keyword>Win32Proj</Keyword>
-    <RootNamespace>ddnsconfgen</RootNamespace>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>true</UseDebugLibraries>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>false</UseDebugLibraries>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <LinkIncremental>true</LinkIncremental>
-    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
-    <IntDir>.\$(Configuration)\</IntDir>
-    <TargetName>ddns-confgen</TargetName>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <LinkIncremental>false</LinkIncremental>
-    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
-    <IntDir>.\$(Configuration)\</IntDir>
-    <TargetName>ddns-confgen</TargetName>
-  </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <ClCompile>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <BrowseInformation>true</BrowseInformation>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-    </Link>
-    <PostBuildEvent>
-      <Command>cd ..\..\..\Build\$(Configuration)
-copy /Y ddns-confgen.exe tsig-keygen.exe
-copy /Y ddns-confgen.ilk tsig-keygen.ilk
-</Command>
-    </PostBuildEvent>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <Optimization>MaxSpeed</Optimization>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <WholeProgramOptimization>false</WholeProgramOptimization>
-      <StringPooling>true</StringPooling>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>false</GenerateDebugInformation>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <OptimizeReferences>true</OptimizeReferences>
-      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-    </Link>
-    <PostBuildEvent>
-      <Command>cd ..\..\..\Build\$(Configuration)
-copy /Y ddns-confgen.exe tsig-keygen.exe
-</Command>
-    </PostBuildEvent>
-  </ItemDefinitionGroup>
-  <ItemGroup>
-    <ClCompile Include="..\ddns-confgen.c" />
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
-</Project>

bin/confgen/win32/ddnsconfgen.vcxproj.user

@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-</Project>

bin/confgen/win32/os.c

@@ -1,28 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-
-#include <config.h>
-
-#include <confgen/os.h>
-
-#include <fcntl.h>
-#include <unistd.h>
-#include <sys/types.h>
-#include <errno.h>
-#include <stdio.h>
-#include <io.h>
-#include <sys/stat.h>
-
-int
-set_user(FILE *fd, const char *user) {
-	return (0);
-}

bin/confgen/win32/rndcconfgen.vcxproj.filters.in

@@ -1,18 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <Filter Include="Source Files">
-      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
-      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
-    </Filter>
-    <Filter Include="Resource Files">
-      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
-      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
-    </Filter>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="..\rndc-confgen.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-  </ItemGroup>
-</Project>

bin/confgen/win32/rndcconfgen.vcxproj.in

@@ -1,112 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|@PLATFORM@">
-      <Configuration>Debug</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|@PLATFORM@">
-      <Configuration>Release</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{1E2C1635-3093-4D59-80E7-4743AC10F22F}</ProjectGuid>
-    <Keyword>Win32Proj</Keyword>
-    <RootNamespace>rndcconfgen</RootNamespace>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>true</UseDebugLibraries>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>false</UseDebugLibraries>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <LinkIncremental>true</LinkIncremental>
-    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
-    <IntDir>.\$(Configuration)\</IntDir>
-    <TargetName>rndc-confgen</TargetName>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <LinkIncremental>false</LinkIncremental>
-    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
-    <IntDir>.\$(Configuration)\</IntDir>
-    <TargetName>rndc-confgen</TargetName>
-  </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <ClCompile>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <BrowseInformation>true</BrowseInformation>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <Optimization>MaxSpeed</Optimization>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <WholeProgramOptimization>false</WholeProgramOptimization>
-      <StringPooling>true</StringPooling>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <AdditionalIncludeDirectories>.\;..\..\..\;@LIBXML2_INC@..\include;..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\dns\include;..\..\..\lib\isccc\include;..\..\..\lib\isccfg\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>false</GenerateDebugInformation>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <OptimizeReferences>true</OptimizeReferences>
-      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
-      <AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemGroup>
-    <ClCompile Include="..\rndc-confgen.c" />
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
-</Project>

bin/confgen/win32/rndcconfgen.vcxproj.user

@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-</Project>

bin/delv/.gitignore

@@ -1 +0,0 @@
-/delv

bin/delv/Makefile.in

@@ -1,81 +0,0 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-srcdir =	@srcdir@
-VPATH =		@srcdir@
-top_srcdir =	@top_srcdir@
-
-VERSION=@BIND9_VERSION@
-
-@BIND9_MAKE_INCLUDES@
-
-CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES} \
-		${IRS_INCLUDES} ${ISCCFG_INCLUDES} @OPENSSL_INCLUDES@
-
-CDEFINES =	-DVERSION=\"${VERSION}\" \
-		-DSYSCONFDIR=\"${sysconfdir}\"
-CWARNINGS =
-
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
-ISCLIBS =	../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
-IRSLIBS =	../../lib/irs/libirs.@A@
-
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
-DNSDEPLIBS =	../../lib/dns/libdns.@A@
-ISCDEPLIBS =	../../lib/isc/libisc.@A@
-IRSDEPLIBS =	../../lib/irs/libirs.@A@
-
-DEPLIBS =	${DNSDEPLIBS} ${IRSDEPLIBS} ${ISCCFGDEPLIBS} ${ISCDEPLIBS}
-
-LIBS =		${DNSLIBS} ${IRSLIBS} ${ISCCFGLIBS} ${ISCLIBS} @LIBS@
-NOSYMLIBS =	${DNSLIBS} ${IRSLIBS} ${ISCCFGLIBS} ${ISCNOSYMLIBS} @LIBS@
-
-SUBDIRS =
-
-TARGETS =	delv@EXEEXT@
-
-OBJS =		delv.@O@
-
-SRCS =		delv.c
-
-MANPAGES =	delv.1
-
-HTMLPAGES =	delv.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
-
-@BIND9_MAKE_RULES@
-
-delv@EXEEXT@: delv.@O@ ${DEPLIBS}
-	export BASEOBJS="delv.@O@"; \
-	export LIBS0="${DNSLIBS}"; \
-	${FINALBUILDCMD}
-
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
-
-install:: delv@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
-		delv@EXEEXT@ ${DESTDIR}${bindir}
-	${INSTALL_DATA} ${srcdir}/delv.1 ${DESTDIR}${mandir}/man1
-
-uninstall::
-	rm -f ${DESTDIR}${mandir}/man1/delv.1
-	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/delv@EXEEXT@
-
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-clean distclean maintainer-clean::
-	rm -f ${TARGETS}

bin/delv/delv.1

@@ -1,441 +0,0 @@
-.\" Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
-.\"
-.hy 0
-.ad l
-'\" t
-.\"     Title: delv
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 2014-04-23
-.\"    Manual: BIND9
-.\"    Source: ISC
-.\"  Language: English
-.\"
-.TH "DELV" "1" "2014\-04\-23" "ISC" "BIND9"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-delv \- DNS lookup and validation utility
-.SH "SYNOPSIS"
-.HP \w'\fBdelv\fR\ 'u
-\fBdelv\fR [@server] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-a\ \fR\fB\fIanchor\-file\fR\fR] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-d\ \fR\fB\fIlevel\fR\fR] [\fB\-i\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [name] [type] [class] [queryopt...]
-.HP \w'\fBdelv\fR\ 'u
-\fBdelv\fR [\fB\-h\fR]
-.HP \w'\fBdelv\fR\ 'u
-\fBdelv\fR [\fB\-v\fR]
-.HP \w'\fBdelv\fR\ 'u
-\fBdelv\fR [queryopt...] [query...]
-.SH "DESCRIPTION"
-.PP
-\fBdelv\fR
-is a tool for sending DNS queries and validating the results, using the same internal resolver and validator logic as
-\fBnamed\fR\&.
-.PP
-\fBdelv\fR
-will send to a specified name server all queries needed to fetch and validate the requested data; this includes the original requested query, subsequent queries to follow CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records to establish a chain of trust for DNSSEC validation\&. It does not perform iterative resolution, but simulates the behavior of a name server configured for DNSSEC validating and forwarding\&.
-.PP
-By default, responses are validated using built\-in DNSSEC trust anchor for the root zone ("\&.")\&. Records returned by
-\fBdelv\fR
-are either fully validated or were not signed\&. If validation fails, an explanation of the failure is included in the output; the validation process can be traced in detail\&. Because
-\fBdelv\fR
-does not rely on an external server to carry out validation, it can be used to check the validity of DNS responses in environments where local name servers may not be trustworthy\&.
-.PP
-Unless it is told to query a specific name server,
-\fBdelv\fR
-will try each of the servers listed in
-/etc/resolv\&.conf\&. If no usable server addresses are found,
-\fBdelv\fR
-will send queries to the localhost addresses (127\&.0\&.0\&.1 for IPv4, ::1 for IPv6)\&.
-.PP
-When no command line arguments or options are given,
-\fBdelv\fR
-will perform an NS query for "\&." (the root zone)\&.
-.SH "SIMPLE USAGE"
-.PP
-A typical invocation of
-\fBdelv\fR
-looks like:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
- delv @server name type 
-.fi
-.if n \{\
-.RE
-.\}
-.sp
-where:
-.PP
-\fBserver\fR
-.RS 4
-is the name or IP address of the name server to query\&. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation\&. When the supplied
-\fIserver\fR
-argument is a hostname,
-\fBdelv\fR
-resolves that name before querying that name server (note, however, that this initial lookup is
-\fInot\fR
-validated by DNSSEC)\&.
-.sp
-If no
-\fIserver\fR
-argument is provided,
-\fBdelv\fR
-consults
-/etc/resolv\&.conf; if an address is found there, it queries the name server at that address\&. If either of the
-\fB\-4\fR
-or
-\fB\-6\fR
-options are in use, then only addresses for the corresponding transport will be tried\&. If no usable addresses are found,
-\fBdelv\fR
-will send queries to the localhost addresses (127\&.0\&.0\&.1 for IPv4, ::1 for IPv6)\&.
-.RE
-.PP
-\fBname\fR
-.RS 4
-is the domain name to be looked up\&.
-.RE
-.PP
-\fBtype\fR
-.RS 4
-indicates what type of query is required \(em ANY, A, MX, etc\&.
-\fItype\fR
-can be any valid query type\&. If no
-\fItype\fR
-argument is supplied,
-\fBdelv\fR
-will perform a lookup for an A record\&.
-.RE
-.SH "OPTIONS"
-.PP
-\-a \fIanchor\-file\fR
-.RS 4
-Specifies a file from which to read DNSSEC trust anchors\&. The default is
-/etc/bind\&.keys, which is included with
-BIND
-9 and contains one or more trust anchors for the root zone ("\&.")\&.
-.sp
-Keys that do not match the root zone name are ignored\&. An alternate key name can be specified using the
-\fB+root=NAME\fR
-options\&. DNSSEC Lookaside Validation can also be turned on by using the
-\fB+dlv=NAME\fR
-to specify the name of a zone containing DLV records\&.
-.sp
-Note: When reading the trust anchor file,
-\fBdelv\fR
-treats
-\fBmanaged\-keys\fR
-statements and
-\fBtrusted\-keys\fR
-statements identically\&. That is, for a managed key, it is the
-\fIinitial\fR
-key that is trusted; RFC 5011 key management is not supported\&.
-\fBdelv\fR
-will not consult the managed\-keys database maintained by
-\fBnamed\fR\&. This means that if either of the keys in
-/etc/bind\&.keys
-is revoked and rolled over, it will be necessary to update
-/etc/bind\&.keys
-to use DNSSEC validation in
-\fBdelv\fR\&.
-.RE
-.PP
-\-b \fIaddress\fR
-.RS 4
-Sets the source IP address of the query to
-\fIaddress\fR\&. This must be a valid address on one of the host\*(Aqs network interfaces or "0\&.0\&.0\&.0" or "::"\&. An optional source port may be specified by appending "#<port>"
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Sets the query class for the requested data\&. Currently, only class "IN" is supported in
-\fBdelv\fR
-and any other value is ignored\&.
-.RE
-.PP
-\-d \fIlevel\fR
-.RS 4
-Set the systemwide debug level to
-\fBlevel\fR\&. The allowed range is from 0 to 99\&. The default is 0 (no debugging)\&. Debugging traces from
-\fBdelv\fR
-become more verbose as the debug level increases\&. See the
-\fB+mtrace\fR,
-\fB+rtrace\fR, and
-\fB+vtrace\fR
-options below for additional debugging details\&.
-.RE
-.PP
-\-h
-.RS 4
-Display the
-\fBdelv\fR
-help usage output and exit\&.
-.RE
-.PP
-\-i
-.RS 4
-Insecure mode\&. This disables internal DNSSEC validation\&. (Note, however, this does not set the CD bit on upstream queries\&. If the server being queried is performing DNSSEC validation, then it will not return invalid data; this can cause
-\fBdelv\fR
-to time out\&. When it is necessary to examine invalid data to debug a DNSSEC problem, use
-\fBdig +cd\fR\&.)
-.RE
-.PP
-\-m
-.RS 4
-Enables memory usage debugging\&.
-.RE
-.PP
-\-p \fIport#\fR
-.RS 4
-Specifies a destination port to use for queries instead of the standard DNS port number 53\&. This option would be used with a name server that has been configured to listen for queries on a non\-standard port number\&.
-.RE
-.PP
-\-q \fIname\fR
-.RS 4
-Sets the query name to
-\fIname\fR\&. While the query name can be specified without using the
-\fB\-q\fR, it is sometimes necessary to disambiguate names from types or classes (for example, when looking up the name "ns", which could be misinterpreted as the type NS, or "ch", which could be misinterpreted as class CH)\&.
-.RE
-.PP
-\-t \fItype\fR
-.RS 4
-Sets the query type to
-\fItype\fR, which can be any valid query type supported in BIND 9 except for zone transfer types AXFR and IXFR\&. As with
-\fB\-q\fR, this is useful to distinguish query name type or class when they are ambiguous\&. it is sometimes necessary to disambiguate names from types\&.
-.sp
-The default query type is "A", unless the
-\fB\-x\fR
-option is supplied to indicate a reverse lookup, in which case it is "PTR"\&.
-.RE
-.PP
-\-v
-.RS 4
-Print the
-\fBdelv\fR
-version and exit\&.
-.RE
-.PP
-\-x \fIaddr\fR
-.RS 4
-Performs a reverse lookup, mapping an addresses to a name\&.
-\fIaddr\fR
-is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address\&. When
-\fB\-x\fR
-is used, there is no need to provide the
-\fIname\fR
-or
-\fItype\fR
-arguments\&.
-\fBdelv\fR
-automatically performs a lookup for a name like
-11\&.12\&.13\&.10\&.in\-addr\&.arpa
-and sets the query type to PTR\&. IPv6 addresses are looked up using nibble format under the IP6\&.ARPA domain\&.
-.RE
-.PP
-\-4
-.RS 4
-Forces
-\fBdelv\fR
-to only use IPv4\&.
-.RE
-.PP
-\-6
-.RS 4
-Forces
-\fBdelv\fR
-to only use IPv6\&.
-.RE
-.SH "QUERY OPTIONS"
-.PP
-\fBdelv\fR
-provides a number of query options which affect the way results are displayed, and in some cases the way lookups are performed\&.
-.PP
-Each query option is identified by a keyword preceded by a plus sign (+)\&. Some keywords set or reset an option\&. These may be preceded by the string
-no
-to negate the meaning of that keyword\&. Other keywords assign values to options like the timeout interval\&. They have the form
-\fB+keyword=value\fR\&. The query options are:
-.PP
-\fB+[no]cdflag\fR
-.RS 4
-Controls whether to set the CD (checking disabled) bit in queries sent by
-\fBdelv\fR\&. This may be useful when troubleshooting DNSSEC problems from behind a validating resolver\&. A validating resolver will block invalid responses, making it difficult to retrieve them for analysis\&. Setting the CD flag on queries will cause the resolver to return invalid responses, which
-\fBdelv\fR
-can then validate internally and report the errors in detail\&.
-.RE
-.PP
-\fB+[no]class\fR
-.RS 4
-Controls whether to display the CLASS when printing a record\&. The default is to display the CLASS\&.
-.RE
-.PP
-\fB+[no]ttl\fR
-.RS 4
-Controls whether to display the TTL when printing a record\&. The default is to display the TTL\&.
-.RE
-.PP
-\fB+[no]rtrace\fR
-.RS 4
-Toggle resolver fetch logging\&. This reports the name and type of each query sent by
-\fBdelv\fR
-in the process of carrying out the resolution and validation process: this includes including the original query and all subsequent queries to follow CNAMEs and to establish a chain of trust for DNSSEC validation\&.
-.sp
-This is equivalent to setting the debug level to 1 in the "resolver" logging category\&. Setting the systemwide debug level to 1 using the
-\fB\-d\fR
-option will product the same output (but will affect other logging categories as well)\&.
-.RE
-.PP
-\fB+[no]mtrace\fR
-.RS 4
-Toggle message logging\&. This produces a detailed dump of the responses received by
-\fBdelv\fR
-in the process of carrying out the resolution and validation process\&.
-.sp
-This is equivalent to setting the debug level to 10 for the "packets" module of the "resolver" logging category\&. Setting the systemwide debug level to 10 using the
-\fB\-d\fR
-option will produce the same output (but will affect other logging categories as well)\&.
-.RE
-.PP
-\fB+[no]vtrace\fR
-.RS 4
-Toggle validation logging\&. This shows the internal process of the validator as it determines whether an answer is validly signed, unsigned, or invalid\&.
-.sp
-This is equivalent to setting the debug level to 3 for the "validator" module of the "dnssec" logging category\&. Setting the systemwide debug level to 3 using the
-\fB\-d\fR
-option will produce the same output (but will affect other logging categories as well)\&.
-.RE
-.PP
-\fB+[no]short\fR
-.RS 4
-Provide a terse answer\&. The default is to print the answer in a verbose form\&.
-.RE
-.PP
-\fB+[no]comments\fR
-.RS 4
-Toggle the display of comment lines in the output\&. The default is to print comments\&.
-.RE
-.PP
-\fB+[no]rrcomments\fR
-.RS 4
-Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records)\&. The default is to print per\-record comments\&.
-.RE
-.PP
-\fB+[no]crypto\fR
-.RS 4
-Toggle the display of cryptographic fields in DNSSEC records\&. The contents of these field are unnecessary to debug most DNSSEC validation failures and removing them makes it easier to see the common failures\&. The default is to display the fields\&. When omitted they are replaced by the string "[omitted]" or in the DNSKEY case the key id is displayed as the replacement, e\&.g\&. "[ key id = value ]"\&.
-.RE
-.PP
-\fB+[no]trust\fR
-.RS 4
-Controls whether to display the trust level when printing a record\&. The default is to display the trust level\&.
-.RE
-.PP
-\fB+[no]split[=W]\fR
-.RS 4
-Split long hex\- or base64\-formatted fields in resource records into chunks of
-\fIW\fR
-characters (where
-\fIW\fR
-is rounded up to the nearest multiple of 4)\&.
-\fI+nosplit\fR
-or
-\fI+split=0\fR
-causes fields not to be split at all\&. The default is 56 characters, or 44 characters when multiline mode is active\&.
-.RE
-.PP
-\fB+[no]all\fR
-.RS 4
-Set or clear the display options
-\fB+[no]comments\fR,
-\fB+[no]rrcomments\fR, and
-\fB+[no]trust\fR
-as a group\&.
-.RE
-.PP
-\fB+[no]multiline\fR
-.RS 4
-Print long records (such as RRSIG, DNSKEY, and SOA records) in a verbose multi\-line format with human\-readable comments\&. The default is to print each record on a single line, to facilitate machine parsing of the
-\fBdelv\fR
-output\&.
-.RE
-.PP
-\fB+[no]dnssec\fR
-.RS 4
-Indicates whether to display RRSIG records in the
-\fBdelv\fR
-output\&. The default is to do so\&. Note that (unlike in
-\fBdig\fR) this does
-\fInot\fR
-control whether to request DNSSEC records or whether to validate them\&. DNSSEC records are always requested, and validation will always occur unless suppressed by the use of
-\fB\-i\fR
-or
-\fB+noroot\fR
-and
-\fB+nodlv\fR\&.
-.RE
-.PP
-\fB+[no]root[=ROOT]\fR
-.RS 4
-Indicates whether to perform conventional (non\-lookaside) DNSSEC validation, and if so, specifies the name of a trust anchor\&. The default is to validate using a trust anchor of "\&." (the root zone), for which there is a built\-in key\&. If specifying a different trust anchor, then
-\fB\-a\fR
-must be used to specify a file containing the key\&.
-.RE
-.PP
-\fB+[no]dlv[=DLV]\fR
-.RS 4
-Indicates whether to perform DNSSEC lookaside validation, and if so, specifies the name of the DLV trust anchor\&. The
-\fB\-a\fR
-option must also be used to specify a file containing the DLV key\&.
-.RE
-.PP
-\fB+[no]tcp\fR
-.RS 4
-Controls whether to use TCP when sending queries\&. The default is to use UDP unless a truncated response has been received\&.
-.RE
-.PP
-\fB+[no]unknownformat\fR
-.RS 4
-Print all RDATA in unknown RR type presentation format (RFC 3597)\&. The default is to print RDATA for known types in the type\*(Aqs presentation format\&.
-.RE
-.SH "FILES"
-.PP
-/etc/bind\&.keys
-.PP
-/etc/resolv\&.conf
-.SH "SEE ALSO"
-.PP
-\fBdig\fR(1),
-\fBnamed\fR(8),
-RFC4034,
-RFC4035,
-RFC4431,
-RFC5074,
-RFC5155\&.
-.SH "AUTHOR"
-.PP
-\fBInternet Systems Consortium, Inc\&.\fR
-.SH "COPYRIGHT"
-.br
-Copyright \(co 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/delv/delv.docbook

@@ -1,700 +0,0 @@
-<!DOCTYPE book [
-<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-
-<!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.delv">
-  <info>
-    <date>2014-04-23</date>
-  </info>
-  <refentryinfo>
-    <corpname>ISC</corpname>
-    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>delv</refentrytitle>
-    <manvolnum>1</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname>delv</refname>
-    <refpurpose>DNS lookup and validation utility</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2014</year>
-      <year>2015</year>
-      <year>2016</year>
-      <year>2017</year>
-      <year>2018</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis sepchar=" ">
-      <command>delv</command>
-      <arg choice="opt" rep="norepeat">@server</arg>
-      <group choice="opt" rep="norepeat">
-	<arg choice="opt" rep="norepeat"><option>-4</option></arg>
-	<arg choice="opt" rep="norepeat"><option>-6</option></arg>
-      </group>
-      <arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">anchor-file</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-b <replaceable class="parameter">address</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-d <replaceable class="parameter">level</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-i</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-m</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port#</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-q <replaceable class="parameter">name</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-x <replaceable class="parameter">addr</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat">name</arg>
-      <arg choice="opt" rep="norepeat">type</arg>
-      <arg choice="opt" rep="norepeat">class</arg>
-      <arg choice="opt" rep="repeat">queryopt</arg>
-    </cmdsynopsis>
-
-    <cmdsynopsis sepchar=" ">
-      <command>delv</command>
-      <arg choice="opt" rep="norepeat"><option>-h</option></arg>
-    </cmdsynopsis>
-
-    <cmdsynopsis sepchar=" ">
-      <command>delv</command>
-      <arg choice="opt" rep="norepeat"><option>-v</option></arg>
-    </cmdsynopsis>
-
-    <cmdsynopsis sepchar=" ">
-      <command>delv</command>
-      <arg choice="opt" rep="repeat">queryopt</arg>
-      <arg choice="opt" rep="repeat">query</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsection><info><title>DESCRIPTION</title></info>
-
-    <para><command>delv</command>
-      is a tool for sending
-      DNS queries and validating the results, using the same internal
-      resolver and validator logic as <command>named</command>.
-    </para>
-    <para>
-      <command>delv</command> will send to a specified name server all
-      queries needed to fetch and validate the requested data; this
-      includes the original requested query, subsequent queries to follow
-      CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records
-      to establish a chain of trust for DNSSEC validation.
-      It does not perform iterative resolution, but simulates the
-      behavior of a name server configured for DNSSEC validating and
-      forwarding.
-    </para>
-    <para>
-      By default, responses are validated using built-in DNSSEC trust
-      anchor for the root zone (".").  Records returned by
-      <command>delv</command> are either fully validated or
-      were not signed.  If validation fails, an explanation of
-      the failure is included in the output; the validation process
-      can be traced in detail.  Because <command>delv</command> does
-      not rely on an external server to carry out validation, it can
-      be used to check the validity of DNS responses in environments
-      where local name servers may not be trustworthy.
-    </para>
-    <para>
-      Unless it is told to query a specific name server,
-      <command>delv</command> will try each of the servers listed in
-      <filename>/etc/resolv.conf</filename>. If no usable server
-      addresses are found, <command>delv</command> will send
-      queries to the localhost addresses (127.0.0.1 for IPv4, ::1
-      for IPv6).
-    </para>
-    <para>
-      When no command line arguments or options are given,
-      <command>delv</command> will perform an NS query for "."
-      (the root zone).
-    </para>
-  </refsection>
-
-  <refsection><info><title>SIMPLE USAGE</title></info>
-
-
-    <para>
-      A typical invocation of <command>delv</command> looks like:
-      <programlisting> delv @server name type </programlisting>
-      where:
-
-      <variablelist>
-	<varlistentry>
-	  <term><constant>server</constant></term>
-	  <listitem>
-	    <para>
-	      is the name or IP address of the name server to query.  This
-	      can be an IPv4 address in dotted-decimal notation or an IPv6
-	      address in colon-delimited notation.  When the supplied
-	      <parameter>server</parameter> argument is a hostname,
-	      <command>delv</command> resolves that name before
-	      querying that name server (note, however, that this
-	      initial lookup is <emphasis>not</emphasis> validated
-	      by DNSSEC).
-	    </para>
-	    <para>
-	      If no <parameter>server</parameter> argument is
-	      provided, <command>delv</command> consults
-	      <filename>/etc/resolv.conf</filename>; if an
-	      address is found there, it queries the name server at
-	      that address. If either of the <option>-4</option> or
-	      <option>-6</option> options are in use, then
-	      only addresses for the corresponding transport
-	      will be tried.  If no usable addresses are found,
-	      <command>delv</command> will send queries to
-	      the localhost addresses (127.0.0.1 for IPv4,
-	      ::1 for IPv6).
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><constant>name</constant></term>
-	  <listitem>
-	    <para>
-	      is the domain name to be looked up.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><constant>type</constant></term>
-	  <listitem>
-	    <para>
-	      indicates what type of query is required &mdash;
-	      ANY, A, MX, etc.
-	      <parameter>type</parameter> can be any valid query
-	      type.  If no
-	      <parameter>type</parameter> argument is supplied,
-	      <command>delv</command> will perform a lookup for an
-	      A record.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-      </variablelist>
-    </para>
-
-  </refsection>
-
-  <refsection><info><title>OPTIONS</title></info>
-
-    <variablelist>
-
-      <varlistentry>
-	<term>-a <replaceable class="parameter">anchor-file</replaceable></term>
-	<listitem>
-	  <para>
-	    Specifies a file from which to read DNSSEC trust anchors.
-	    The default is <filename>/etc/bind.keys</filename>, which
-	    is included with <acronym>BIND</acronym> 9 and contains
-	    one or more trust anchors for the root zone (".").
-	  </para>
-	  <para>
-	    Keys that do not match the root zone name are ignored.
-            An alternate key name can be specified using the
-	    <option>+root=NAME</option> options. DNSSEC Lookaside
-            Validation can also be turned on by using the
-	    <option>+dlv=NAME</option> to specify the name of a
-            zone containing DLV records.
-	  </para>
-	  <para>
-	    Note: When reading the trust anchor file,
-	    <command>delv</command> treats <option>managed-keys</option>
-	    statements and <option>trusted-keys</option> statements
-	    identically.  That is, for a managed key, it is the
-	    <emphasis>initial</emphasis> key that is trusted; RFC 5011
-	    key management is not supported. <command>delv</command>
-	    will not consult the managed-keys database maintained by
-	    <command>named</command>. This means that if either of the
-	    keys in <filename>/etc/bind.keys</filename> is revoked
-	    and rolled over, it will be necessary to update
-	    <filename>/etc/bind.keys</filename> to use DNSSEC
-	    validation in <command>delv</command>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-b  <replaceable class="parameter">address</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the source IP address of the query to
-	    <parameter>address</parameter>.  This must be a valid address
-	    on one of the host's network interfaces or "0.0.0.0" or "::".
-	    An optional source port may be specified by appending
-	    "#&lt;port&gt;"
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-c <replaceable class="parameter">class</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the query class for the requested data. Currently,
-	    only class "IN" is supported in <command>delv</command>
-	    and any other value is ignored.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-d <replaceable class="parameter">level</replaceable></term>
-	<listitem>
-	  <para>
-	    Set the systemwide debug level to <option>level</option>.
-	    The allowed range is from 0 to 99.
-	    The default is 0 (no debugging).
-	    Debugging traces from <command>delv</command> become
-	    more verbose as the debug level increases.
-	    See the <option>+mtrace</option>, <option>+rtrace</option>,
-	    and <option>+vtrace</option> options below for additional
-	    debugging details.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-h</term>
-	<listitem>
-	  <para>
-	    Display the <command>delv</command> help usage output and exit.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-i</term>
-	<listitem>
-	  <para>
-	    Insecure mode. This disables internal DNSSEC validation.
-	    (Note, however, this does not set the CD bit on upstream
-	    queries. If the server being queried is performing DNSSEC
-	    validation, then it will not return invalid data; this
-	    can cause <command>delv</command> to time out. When it
-	    is necessary to examine invalid data to debug a DNSSEC
-	    problem, use <command>dig +cd</command>.)
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-m</term>
-	<listitem>
-	  <para>
-	    Enables memory usage debugging.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-p <replaceable class="parameter">port#</replaceable></term>
-	<listitem>
-	  <para>
-	    Specifies a destination port to use for queries instead of
-	    the standard DNS port number 53.  This option would be used
-	    with a name server that has been configured to listen
-	    for queries on a non-standard port number.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-q <replaceable class="parameter">name</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the query name to <parameter>name</parameter>.
-	    While the query name can be specified without using the
-	    <option>-q</option>, it is sometimes necessary to disambiguate
-	    names from types or classes (for example, when looking up the
-	    name "ns", which could be misinterpreted as the type NS,
-	    or "ch", which could be misinterpreted as class CH).
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-t <replaceable class="parameter">type</replaceable></term>
-	<listitem>
-	  <para>
-	    Sets the query type to <parameter>type</parameter>, which
-	    can be any valid query type supported in BIND 9 except
-	    for zone transfer types AXFR and IXFR. As with
-	    <option>-q</option>, this is useful to distinguish
-	    query name type or class when they are ambiguous.
-	    it is sometimes necessary to disambiguate names from types.
-	  </para>
-	  <para>
-	    The default query type is "A", unless the <option>-x</option>
-	    option is supplied to indicate a reverse lookup, in which case
-	    it is "PTR".
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-v</term>
-	<listitem>
-	  <para>
-	    Print the <command>delv</command> version and exit.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-x <replaceable class="parameter">addr</replaceable></term>
-	<listitem>
-	  <para>
-	    Performs a reverse lookup, mapping an addresses to
-	    a name.  <parameter>addr</parameter> is an IPv4 address in
-	    dotted-decimal notation, or a colon-delimited IPv6 address.
-	    When <option>-x</option> is used, there is no need to provide
-	    the <parameter>name</parameter> or <parameter>type</parameter>
-	    arguments.  <command>delv</command> automatically performs a
-	    lookup for a name like <literal>11.12.13.10.in-addr.arpa</literal>
-	    and sets the query type to PTR.  IPv6 addresses are looked up
-	    using nibble format under the IP6.ARPA domain.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-4</term>
-	<listitem>
-	  <para>
-	    Forces <command>delv</command> to only use IPv4.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-6</term>
-	<listitem>
-	  <para>
-	    Forces <command>delv</command> to only use IPv6.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-    </variablelist>
-  </refsection>
-
-  <refsection><info><title>QUERY OPTIONS</title></info>
-
-
-    <para><command>delv</command>
-      provides a number of query options which affect the way results are
-      displayed, and in some cases the way lookups are performed.
-    </para>
-
-    <para>
-      Each query option is identified by a keyword preceded by a plus sign
-      (<literal>+</literal>).  Some keywords set or reset an
-      option.  These may be preceded by the string
-      <literal>no</literal> to negate the meaning of that keyword.
-      Other keywords assign values to options like the timeout interval.
-      They have the form <option>+keyword=value</option>.
-      The query options are:
-
-      <variablelist>
-	<varlistentry>
-	  <term><option>+[no]cdflag</option></term>
-	  <listitem>
-	    <para>
-	      Controls whether to set the CD (checking disabled) bit in
-	      queries sent by <command>delv</command>. This may be useful
-	      when troubleshooting DNSSEC problems from behind a validating
-	      resolver. A validating resolver will block invalid responses,
-	      making it difficult to retrieve them for analysis. Setting
-	      the CD flag on queries will cause the resolver to return
-	      invalid responses, which <command>delv</command> can then
-	      validate internally and report the errors in detail.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]class</option></term>
-	  <listitem>
-	    <para>
-	      Controls whether to display the CLASS when printing
-	      a record. The default is to display the CLASS.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]ttl</option></term>
-	  <listitem>
-	    <para>
-	      Controls whether to display the TTL when printing
-	      a record. The default is to display the TTL.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]rtrace</option></term>
-	  <listitem>
-	    <para>
-	      Toggle resolver fetch logging. This reports the
-	      name and type of each query sent by <command>delv</command>
-	      in the process of carrying out the resolution and validation
-	      process: this includes including the original query and
-	      all subsequent queries to follow CNAMEs and to establish a
-	      chain of trust for DNSSEC validation.
-	    </para>
-	    <para>
-	      This is equivalent to setting the debug level to 1 in
-	      the "resolver" logging category. Setting the systemwide
-	      debug level to 1 using the <option>-d</option> option will
-	      product the same output (but will affect other logging
-	      categories as well).
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]mtrace</option></term>
-	  <listitem>
-	    <para>
-	      Toggle message logging. This produces a detailed dump of
-	      the responses received by <command>delv</command> in the
-	      process of carrying out the resolution and validation process.
-	    </para>
-	    <para>
-	      This is equivalent to setting the debug level to 10
-	      for the "packets" module of the "resolver" logging
-	      category. Setting the systemwide debug level to 10 using
-	      the <option>-d</option> option will produce the same output
-	      (but will affect other logging categories as well).
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]vtrace</option></term>
-	  <listitem>
-	    <para>
-	      Toggle validation logging. This shows the internal
-	      process of the validator as it determines whether an
-	      answer is validly signed, unsigned, or invalid.
-	    </para>
-	    <para>
-	      This is equivalent to setting the debug level to 3
-	      for the "validator" module of the "dnssec" logging
-	      category. Setting the systemwide debug level to 3 using
-	      the <option>-d</option> option will produce the same output
-	      (but will affect other logging categories as well).
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]short</option></term>
-	  <listitem>
-	    <para>
-	      Provide a terse answer.  The default is to print the answer in a
-	      verbose form.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]comments</option></term>
-	  <listitem>
-	    <para>
-	      Toggle the display of comment lines in the output.  The default
-	      is to print comments.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]rrcomments</option></term>
-	  <listitem>
-	    <para>
-	      Toggle the display of per-record comments in the output (for
-	      example, human-readable key information about DNSKEY records).
-	      The default is to print per-record comments.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]crypto</option></term>
-	  <listitem>
-	    <para>
-	      Toggle the display of cryptographic fields in DNSSEC records.
-	      The contents of these field are unnecessary to debug most DNSSEC
-	      validation failures and removing them makes it easier to see
-	      the common failures.  The default is to display the fields.
-	      When omitted they are replaced by the string "[omitted]" or
-	      in the DNSKEY case the key id is displayed as the replacement,
-	      e.g. "[ key id = value ]".
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]trust</option></term>
-	  <listitem>
-	    <para>
-	      Controls whether to display the trust level when printing
-	      a record. The default is to display the trust level.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]split[=W]</option></term>
-	  <listitem>
-	    <para>
-	      Split long hex- or base64-formatted fields in resource
-	      records into chunks of <parameter>W</parameter> characters
-	      (where <parameter>W</parameter> is rounded up to the nearest
-	      multiple of 4).
-	      <parameter>+nosplit</parameter> or
-	      <parameter>+split=0</parameter> causes fields not to be
-	      split at all.  The default is 56 characters, or 44 characters
-	      when multiline mode is active.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]all</option></term>
-	  <listitem>
-	    <para>
-	      Set or clear the display options
-	      <option>+[no]comments</option>,
-	      <option>+[no]rrcomments</option>, and
-	      <option>+[no]trust</option> as a group.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]multiline</option></term>
-	  <listitem>
-	    <para>
-	      Print long records (such as RRSIG, DNSKEY, and SOA records)
-	      in a verbose multi-line format with human-readable comments.
-	      The default is to print each record on a single line, to
-	      facilitate machine parsing of the <command>delv</command>
-	      output.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]dnssec</option></term>
-	  <listitem>
-	    <para>
-	      Indicates whether to display RRSIG records in the
-	      <command>delv</command> output.  The default is to
-	      do so.  Note that (unlike in <command>dig</command>)
-	      this does <emphasis>not</emphasis> control whether to
-	      request DNSSEC records or whether to validate them.
-	      DNSSEC records are always requested, and validation
-	      will always occur unless suppressed by the use of
-	      <option>-i</option> or <option>+noroot</option> and
-	      <option>+nodlv</option>.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]root[=ROOT]</option></term>
-	  <listitem>
-	    <para>
-	      Indicates whether to perform conventional (non-lookaside)
-	      DNSSEC validation, and if so, specifies the
-	      name of a trust anchor.  The default is to validate using
-	      a trust anchor of "." (the root zone), for which there is
-	      a built-in key.  If specifying a different trust anchor,
-	      then <option>-a</option> must be used to specify a file
-	      containing the key.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]dlv[=DLV]</option></term>
-	  <listitem>
-	    <para>
-	      Indicates whether to perform DNSSEC lookaside validation,
-	      and if so, specifies the name of the DLV trust anchor.
-	      The <option>-a</option> option must also be used to specify
-              a file containing the DLV key.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]tcp</option></term>
-	  <listitem>
-	    <para>
-	      Controls whether to use TCP when sending queries.
-	      The default is to use UDP unless a truncated
-	      response has been received.
-	    </para>
-	  </listitem>
-	</varlistentry>
-
-	<varlistentry>
-	  <term><option>+[no]unknownformat</option></term>
-	  <listitem>
-	    <para>
-	      Print all RDATA in unknown RR type presentation format
-	      (RFC 3597). The default is to print RDATA for known types
-	      in the type's presentation format.
-	    </para>
-	  </listitem>
-	</varlistentry>
-      </variablelist>
-
-    </para>
-  </refsection>
-
-  <refsection><info><title>FILES</title></info>
-
-    <para><filename>/etc/bind.keys</filename></para>
-    <para><filename>/etc/resolv.conf</filename></para>
-  </refsection>
-
-  <refsection><info><title>SEE ALSO</title></info>
-
-    <para><citerefentry>
-	<refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-	<refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>,
-      <citetitle>RFC4034</citetitle>,
-      <citetitle>RFC4035</citetitle>,
-      <citetitle>RFC4431</citetitle>,
-      <citetitle>RFC5074</citetitle>,
-      <citetitle>RFC5155</citetitle>.
-    </para>
-  </refsection>
-
-</refentry>

bin/delv/delv.html

@@ -1,592 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<!--
- - Copyright (C) 2014-2018 Internet Systems Consortium, Inc. ("ISC")
- - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
--->
-<html lang="en">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>delv</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
-<a name="man.delv"></a><div class="titlepage"></div>
-  
-  
-
-  
-
-  <div class="refnamediv">
-<h2>Name</h2>
-<p>
-    delv
-     &#8212; DNS lookup and validation utility
-  </p>
-</div>
-
-  
-
-  <div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-    <div class="cmdsynopsis"><p>
-      <code class="command">delv</code> 
-       [@server]
-       [
-	[<code class="option">-4</code>]
-	 |  [<code class="option">-6</code>]
-      ]
-       [<code class="option">-a <em class="replaceable"><code>anchor-file</code></em></code>]
-       [<code class="option">-b <em class="replaceable"><code>address</code></em></code>]
-       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
-       [<code class="option">-d <em class="replaceable"><code>level</code></em></code>]
-       [<code class="option">-i</code>]
-       [<code class="option">-m</code>]
-       [<code class="option">-p <em class="replaceable"><code>port#</code></em></code>]
-       [<code class="option">-q <em class="replaceable"><code>name</code></em></code>]
-       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
-       [<code class="option">-x <em class="replaceable"><code>addr</code></em></code>]
-       [name]
-       [type]
-       [class]
-       [queryopt...]
-    </p></div>
-
-    <div class="cmdsynopsis"><p>
-      <code class="command">delv</code> 
-       [<code class="option">-h</code>]
-    </p></div>
-
-    <div class="cmdsynopsis"><p>
-      <code class="command">delv</code> 
-       [<code class="option">-v</code>]
-    </p></div>
-
-    <div class="cmdsynopsis"><p>
-      <code class="command">delv</code> 
-       [queryopt...]
-       [query...]
-    </p></div>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.7"></a><h2>DESCRIPTION</h2>
-
-    <p><span class="command"><strong>delv</strong></span>
-      is a tool for sending
-      DNS queries and validating the results, using the same internal
-      resolver and validator logic as <span class="command"><strong>named</strong></span>.
-    </p>
-    <p>
-      <span class="command"><strong>delv</strong></span> will send to a specified name server all
-      queries needed to fetch and validate the requested data; this
-      includes the original requested query, subsequent queries to follow
-      CNAME or DNAME chains, and queries for DNSKEY, DS and DLV records
-      to establish a chain of trust for DNSSEC validation.
-      It does not perform iterative resolution, but simulates the
-      behavior of a name server configured for DNSSEC validating and
-      forwarding.
-    </p>
-    <p>
-      By default, responses are validated using built-in DNSSEC trust
-      anchor for the root zone (".").  Records returned by
-      <span class="command"><strong>delv</strong></span> are either fully validated or
-      were not signed.  If validation fails, an explanation of
-      the failure is included in the output; the validation process
-      can be traced in detail.  Because <span class="command"><strong>delv</strong></span> does
-      not rely on an external server to carry out validation, it can
-      be used to check the validity of DNS responses in environments
-      where local name servers may not be trustworthy.
-    </p>
-    <p>
-      Unless it is told to query a specific name server,
-      <span class="command"><strong>delv</strong></span> will try each of the servers listed in
-      <code class="filename">/etc/resolv.conf</code>. If no usable server
-      addresses are found, <span class="command"><strong>delv</strong></span> will send
-      queries to the localhost addresses (127.0.0.1 for IPv4, ::1
-      for IPv6).
-    </p>
-    <p>
-      When no command line arguments or options are given,
-      <span class="command"><strong>delv</strong></span> will perform an NS query for "."
-      (the root zone).
-    </p>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.8"></a><h2>SIMPLE USAGE</h2>
-
-
-    <p>
-      A typical invocation of <span class="command"><strong>delv</strong></span> looks like:
-      </p>
-<pre class="programlisting"> delv @server name type </pre>
-<p>
-      where:
-
-      </p>
-<div class="variablelist"><dl class="variablelist">
-<dt><span class="term"><code class="constant">server</code></span></dt>
-<dd>
-	    <p>
-	      is the name or IP address of the name server to query.  This
-	      can be an IPv4 address in dotted-decimal notation or an IPv6
-	      address in colon-delimited notation.  When the supplied
-	      <em class="parameter"><code>server</code></em> argument is a hostname,
-	      <span class="command"><strong>delv</strong></span> resolves that name before
-	      querying that name server (note, however, that this
-	      initial lookup is <span class="emphasis"><em>not</em></span> validated
-	      by DNSSEC).
-	    </p>
-	    <p>
-	      If no <em class="parameter"><code>server</code></em> argument is
-	      provided, <span class="command"><strong>delv</strong></span> consults
-	      <code class="filename">/etc/resolv.conf</code>; if an
-	      address is found there, it queries the name server at
-	      that address. If either of the <code class="option">-4</code> or
-	      <code class="option">-6</code> options are in use, then
-	      only addresses for the corresponding transport
-	      will be tried.  If no usable addresses are found,
-	      <span class="command"><strong>delv</strong></span> will send queries to
-	      the localhost addresses (127.0.0.1 for IPv4,
-	      ::1 for IPv6).
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="constant">name</code></span></dt>
-<dd>
-	    <p>
-	      is the domain name to be looked up.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="constant">type</code></span></dt>
-<dd>
-	    <p>
-	      indicates what type of query is required &#8212;
-	      ANY, A, MX, etc.
-	      <em class="parameter"><code>type</code></em> can be any valid query
-	      type.  If no
-	      <em class="parameter"><code>type</code></em> argument is supplied,
-	      <span class="command"><strong>delv</strong></span> will perform a lookup for an
-	      A record.
-	    </p>
-	  </dd>
-</dl></div>
-<p>
-    </p>
-
-  </div>
-
-  <div class="refsection">
-<a name="id-1.9"></a><h2>OPTIONS</h2>
-
-    <div class="variablelist"><dl class="variablelist">
-<dt><span class="term">-a <em class="replaceable"><code>anchor-file</code></em></span></dt>
-<dd>
-	  <p>
-	    Specifies a file from which to read DNSSEC trust anchors.
-	    The default is <code class="filename">/etc/bind.keys</code>, which
-	    is included with <acronym class="acronym">BIND</acronym> 9 and contains
-	    one or more trust anchors for the root zone (".").
-	  </p>
-	  <p>
-	    Keys that do not match the root zone name are ignored.
-            An alternate key name can be specified using the
-	    <code class="option">+root=NAME</code> options. DNSSEC Lookaside
-            Validation can also be turned on by using the
-	    <code class="option">+dlv=NAME</code> to specify the name of a
-            zone containing DLV records.
-	  </p>
-	  <p>
-	    Note: When reading the trust anchor file,
-	    <span class="command"><strong>delv</strong></span> treats <code class="option">managed-keys</code>
-	    statements and <code class="option">trusted-keys</code> statements
-	    identically.  That is, for a managed key, it is the
-	    <span class="emphasis"><em>initial</em></span> key that is trusted; RFC 5011
-	    key management is not supported. <span class="command"><strong>delv</strong></span>
-	    will not consult the managed-keys database maintained by
-	    <span class="command"><strong>named</strong></span>. This means that if either of the
-	    keys in <code class="filename">/etc/bind.keys</code> is revoked
-	    and rolled over, it will be necessary to update
-	    <code class="filename">/etc/bind.keys</code> to use DNSSEC
-	    validation in <span class="command"><strong>delv</strong></span>.
-	  </p>
-	</dd>
-<dt><span class="term">-b  <em class="replaceable"><code>address</code></em></span></dt>
-<dd>
-	  <p>
-	    Sets the source IP address of the query to
-	    <em class="parameter"><code>address</code></em>.  This must be a valid address
-	    on one of the host's network interfaces or "0.0.0.0" or "::".
-	    An optional source port may be specified by appending
-	    "#&lt;port&gt;"
-	  </p>
-	</dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd>
-	  <p>
-	    Sets the query class for the requested data. Currently,
-	    only class "IN" is supported in <span class="command"><strong>delv</strong></span>
-	    and any other value is ignored.
-	  </p>
-	</dd>
-<dt><span class="term">-d <em class="replaceable"><code>level</code></em></span></dt>
-<dd>
-	  <p>
-	    Set the systemwide debug level to <code class="option">level</code>.
-	    The allowed range is from 0 to 99.
-	    The default is 0 (no debugging).
-	    Debugging traces from <span class="command"><strong>delv</strong></span> become
-	    more verbose as the debug level increases.
-	    See the <code class="option">+mtrace</code>, <code class="option">+rtrace</code>,
-	    and <code class="option">+vtrace</code> options below for additional
-	    debugging details.
-	  </p>
-	</dd>
-<dt><span class="term">-h</span></dt>
-<dd>
-	  <p>
-	    Display the <span class="command"><strong>delv</strong></span> help usage output and exit.
-	  </p>
-	</dd>
-<dt><span class="term">-i</span></dt>
-<dd>
-	  <p>
-	    Insecure mode. This disables internal DNSSEC validation.
-	    (Note, however, this does not set the CD bit on upstream
-	    queries. If the server being queried is performing DNSSEC
-	    validation, then it will not return invalid data; this
-	    can cause <span class="command"><strong>delv</strong></span> to time out. When it
-	    is necessary to examine invalid data to debug a DNSSEC
-	    problem, use <span class="command"><strong>dig +cd</strong></span>.)
-	  </p>
-	</dd>
-<dt><span class="term">-m</span></dt>
-<dd>
-	  <p>
-	    Enables memory usage debugging.
-	  </p>
-	</dd>
-<dt><span class="term">-p <em class="replaceable"><code>port#</code></em></span></dt>
-<dd>
-	  <p>
-	    Specifies a destination port to use for queries instead of
-	    the standard DNS port number 53.  This option would be used
-	    with a name server that has been configured to listen
-	    for queries on a non-standard port number.
-	  </p>
-	</dd>
-<dt><span class="term">-q <em class="replaceable"><code>name</code></em></span></dt>
-<dd>
-	  <p>
-	    Sets the query name to <em class="parameter"><code>name</code></em>.
-	    While the query name can be specified without using the
-	    <code class="option">-q</code>, it is sometimes necessary to disambiguate
-	    names from types or classes (for example, when looking up the
-	    name "ns", which could be misinterpreted as the type NS,
-	    or "ch", which could be misinterpreted as class CH).
-	  </p>
-	</dd>
-<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
-<dd>
-	  <p>
-	    Sets the query type to <em class="parameter"><code>type</code></em>, which
-	    can be any valid query type supported in BIND 9 except
-	    for zone transfer types AXFR and IXFR. As with
-	    <code class="option">-q</code>, this is useful to distinguish
-	    query name type or class when they are ambiguous.
-	    it is sometimes necessary to disambiguate names from types.
-	  </p>
-	  <p>
-	    The default query type is "A", unless the <code class="option">-x</code>
-	    option is supplied to indicate a reverse lookup, in which case
-	    it is "PTR".
-	  </p>
-	</dd>
-<dt><span class="term">-v</span></dt>
-<dd>
-	  <p>
-	    Print the <span class="command"><strong>delv</strong></span> version and exit.
-	  </p>
-	</dd>
-<dt><span class="term">-x <em class="replaceable"><code>addr</code></em></span></dt>
-<dd>
-	  <p>
-	    Performs a reverse lookup, mapping an addresses to
-	    a name.  <em class="parameter"><code>addr</code></em> is an IPv4 address in
-	    dotted-decimal notation, or a colon-delimited IPv6 address.
-	    When <code class="option">-x</code> is used, there is no need to provide
-	    the <em class="parameter"><code>name</code></em> or <em class="parameter"><code>type</code></em>
-	    arguments.  <span class="command"><strong>delv</strong></span> automatically performs a
-	    lookup for a name like <code class="literal">11.12.13.10.in-addr.arpa</code>
-	    and sets the query type to PTR.  IPv6 addresses are looked up
-	    using nibble format under the IP6.ARPA domain.
-	  </p>
-	</dd>
-<dt><span class="term">-4</span></dt>
-<dd>
-	  <p>
-	    Forces <span class="command"><strong>delv</strong></span> to only use IPv4.
-	  </p>
-	</dd>
-<dt><span class="term">-6</span></dt>
-<dd>
-	  <p>
-	    Forces <span class="command"><strong>delv</strong></span> to only use IPv6.
-	  </p>
-	</dd>
-</dl></div>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.10"></a><h2>QUERY OPTIONS</h2>
-
-
-    <p><span class="command"><strong>delv</strong></span>
-      provides a number of query options which affect the way results are
-      displayed, and in some cases the way lookups are performed.
-    </p>
-
-    <p>
-      Each query option is identified by a keyword preceded by a plus sign
-      (<code class="literal">+</code>).  Some keywords set or reset an
-      option.  These may be preceded by the string
-      <code class="literal">no</code> to negate the meaning of that keyword.
-      Other keywords assign values to options like the timeout interval.
-      They have the form <code class="option">+keyword=value</code>.
-      The query options are:
-
-      </p>
-<div class="variablelist"><dl class="variablelist">
-<dt><span class="term"><code class="option">+[no]cdflag</code></span></dt>
-<dd>
-	    <p>
-	      Controls whether to set the CD (checking disabled) bit in
-	      queries sent by <span class="command"><strong>delv</strong></span>. This may be useful
-	      when troubleshooting DNSSEC problems from behind a validating
-	      resolver. A validating resolver will block invalid responses,
-	      making it difficult to retrieve them for analysis. Setting
-	      the CD flag on queries will cause the resolver to return
-	      invalid responses, which <span class="command"><strong>delv</strong></span> can then
-	      validate internally and report the errors in detail.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]class</code></span></dt>
-<dd>
-	    <p>
-	      Controls whether to display the CLASS when printing
-	      a record. The default is to display the CLASS.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]ttl</code></span></dt>
-<dd>
-	    <p>
-	      Controls whether to display the TTL when printing
-	      a record. The default is to display the TTL.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]rtrace</code></span></dt>
-<dd>
-	    <p>
-	      Toggle resolver fetch logging. This reports the
-	      name and type of each query sent by <span class="command"><strong>delv</strong></span>
-	      in the process of carrying out the resolution and validation
-	      process: this includes including the original query and
-	      all subsequent queries to follow CNAMEs and to establish a
-	      chain of trust for DNSSEC validation.
-	    </p>
-	    <p>
-	      This is equivalent to setting the debug level to 1 in
-	      the "resolver" logging category. Setting the systemwide
-	      debug level to 1 using the <code class="option">-d</code> option will
-	      product the same output (but will affect other logging
-	      categories as well).
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]mtrace</code></span></dt>
-<dd>
-	    <p>
-	      Toggle message logging. This produces a detailed dump of
-	      the responses received by <span class="command"><strong>delv</strong></span> in the
-	      process of carrying out the resolution and validation process.
-	    </p>
-	    <p>
-	      This is equivalent to setting the debug level to 10
-	      for the "packets" module of the "resolver" logging
-	      category. Setting the systemwide debug level to 10 using
-	      the <code class="option">-d</code> option will produce the same output
-	      (but will affect other logging categories as well).
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]vtrace</code></span></dt>
-<dd>
-	    <p>
-	      Toggle validation logging. This shows the internal
-	      process of the validator as it determines whether an
-	      answer is validly signed, unsigned, or invalid.
-	    </p>
-	    <p>
-	      This is equivalent to setting the debug level to 3
-	      for the "validator" module of the "dnssec" logging
-	      category. Setting the systemwide debug level to 3 using
-	      the <code class="option">-d</code> option will produce the same output
-	      (but will affect other logging categories as well).
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]short</code></span></dt>
-<dd>
-	    <p>
-	      Provide a terse answer.  The default is to print the answer in a
-	      verbose form.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]comments</code></span></dt>
-<dd>
-	    <p>
-	      Toggle the display of comment lines in the output.  The default
-	      is to print comments.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]rrcomments</code></span></dt>
-<dd>
-	    <p>
-	      Toggle the display of per-record comments in the output (for
-	      example, human-readable key information about DNSKEY records).
-	      The default is to print per-record comments.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]crypto</code></span></dt>
-<dd>
-	    <p>
-	      Toggle the display of cryptographic fields in DNSSEC records.
-	      The contents of these field are unnecessary to debug most DNSSEC
-	      validation failures and removing them makes it easier to see
-	      the common failures.  The default is to display the fields.
-	      When omitted they are replaced by the string "[omitted]" or
-	      in the DNSKEY case the key id is displayed as the replacement,
-	      e.g. "[ key id = value ]".
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]trust</code></span></dt>
-<dd>
-	    <p>
-	      Controls whether to display the trust level when printing
-	      a record. The default is to display the trust level.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]split[=W]</code></span></dt>
-<dd>
-	    <p>
-	      Split long hex- or base64-formatted fields in resource
-	      records into chunks of <em class="parameter"><code>W</code></em> characters
-	      (where <em class="parameter"><code>W</code></em> is rounded up to the nearest
-	      multiple of 4).
-	      <em class="parameter"><code>+nosplit</code></em> or
-	      <em class="parameter"><code>+split=0</code></em> causes fields not to be
-	      split at all.  The default is 56 characters, or 44 characters
-	      when multiline mode is active.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]all</code></span></dt>
-<dd>
-	    <p>
-	      Set or clear the display options
-	      <code class="option">+[no]comments</code>,
-	      <code class="option">+[no]rrcomments</code>, and
-	      <code class="option">+[no]trust</code> as a group.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]multiline</code></span></dt>
-<dd>
-	    <p>
-	      Print long records (such as RRSIG, DNSKEY, and SOA records)
-	      in a verbose multi-line format with human-readable comments.
-	      The default is to print each record on a single line, to
-	      facilitate machine parsing of the <span class="command"><strong>delv</strong></span>
-	      output.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]dnssec</code></span></dt>
-<dd>
-	    <p>
-	      Indicates whether to display RRSIG records in the
-	      <span class="command"><strong>delv</strong></span> output.  The default is to
-	      do so.  Note that (unlike in <span class="command"><strong>dig</strong></span>)
-	      this does <span class="emphasis"><em>not</em></span> control whether to
-	      request DNSSEC records or whether to validate them.
-	      DNSSEC records are always requested, and validation
-	      will always occur unless suppressed by the use of
-	      <code class="option">-i</code> or <code class="option">+noroot</code> and
-	      <code class="option">+nodlv</code>.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]root[=ROOT]</code></span></dt>
-<dd>
-	    <p>
-	      Indicates whether to perform conventional (non-lookaside)
-	      DNSSEC validation, and if so, specifies the
-	      name of a trust anchor.  The default is to validate using
-	      a trust anchor of "." (the root zone), for which there is
-	      a built-in key.  If specifying a different trust anchor,
-	      then <code class="option">-a</code> must be used to specify a file
-	      containing the key.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]dlv[=DLV]</code></span></dt>
-<dd>
-	    <p>
-	      Indicates whether to perform DNSSEC lookaside validation,
-	      and if so, specifies the name of the DLV trust anchor.
-	      The <code class="option">-a</code> option must also be used to specify
-              a file containing the DLV key.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
-<dd>
-	    <p>
-	      Controls whether to use TCP when sending queries.
-	      The default is to use UDP unless a truncated
-	      response has been received.
-	    </p>
-	  </dd>
-<dt><span class="term"><code class="option">+[no]unknownformat</code></span></dt>
-<dd>
-	    <p>
-	      Print all RDATA in unknown RR type presentation format
-	      (RFC 3597). The default is to print RDATA for known types
-	      in the type's presentation format.
-	    </p>
-	  </dd>
-</dl></div>
-<p>
-
-    </p>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.11"></a><h2>FILES</h2>
-
-    <p><code class="filename">/etc/bind.keys</code></p>
-    <p><code class="filename">/etc/resolv.conf</code></p>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.12"></a><h2>SEE ALSO</h2>
-
-    <p><span class="citerefentry">
-	<span class="refentrytitle">dig</span>(1)
-      </span>,
-      <span class="citerefentry">
-	<span class="refentrytitle">named</span>(8)
-      </span>,
-      <em class="citetitle">RFC4034</em>,
-      <em class="citetitle">RFC4035</em>,
-      <em class="citetitle">RFC4431</em>,
-      <em class="citetitle">RFC5074</em>,
-      <em class="citetitle">RFC5155</em>.
-    </p>
-  </div>
-
-</div></body>
-</html>

bin/delv/win32/delv.vcxproj.filters.in

@@ -1,22 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup>
-    <Filter Include="Source Files">
-      <UniqueIdentifier>{4FC737F1-C7A5-4376-A066-2A32D752A2FF}</UniqueIdentifier>
-      <Extensions>cpp;c;cc;cxx;def;odl;idl;hpj;bat;asm;asmx</Extensions>
-    </Filter>
-    <Filter Include="Header Files">
-      <UniqueIdentifier>{93995380-89BD-4b04-88EB-625FBE52EBFB}</UniqueIdentifier>
-      <Extensions>h;hpp;hxx;hm;inl;inc;xsd</Extensions>
-    </Filter>
-    <Filter Include="Resource Files">
-      <UniqueIdentifier>{67DA6AB6-F800-4c08-8B7A-83BB121AAD01}</UniqueIdentifier>
-      <Extensions>rc;ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe;resx;tiff;tif;png;wav;mfcribbon-ms</Extensions>
-    </Filter>
-  </ItemGroup>
-  <ItemGroup>
-    <ClCompile Include="..\delv.c">
-      <Filter>Source Files</Filter>
-    </ClCompile>
-  </ItemGroup>
-</Project>

bin/delv/win32/delv.vcxproj.in

@@ -1,110 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-  <ItemGroup Label="ProjectConfigurations">
-    <ProjectConfiguration Include="Debug|@PLATFORM@">
-      <Configuration>Debug</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-    <ProjectConfiguration Include="Release|@PLATFORM@">
-      <Configuration>Release</Configuration>
-      <Platform>@PLATFORM@</Platform>
-    </ProjectConfiguration>
-  </ItemGroup>
-  <PropertyGroup Label="Globals">
-    <ProjectGuid>{BE172EFE-C1DC-4812-BFB9-8C5F8ADB7E9F}</ProjectGuid>
-    <Keyword>Win32Proj</Keyword>
-    <RootNamespace>delv</RootNamespace>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.Default.props" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>true</UseDebugLibraries>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'" Label="Configuration">
-    <ConfigurationType>Application</ConfigurationType>
-    <UseDebugLibraries>false</UseDebugLibraries>
-    <WholeProgramOptimization>true</WholeProgramOptimization>
-    <CharacterSet>MultiByte</CharacterSet>
-  </PropertyGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.props" />
-  <ImportGroup Label="ExtensionSettings">
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <ImportGroup Label="PropertySheets" Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <Import Project="$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props" Condition="exists('$(UserRootDir)\Microsoft.Cpp.$(Platform).user.props')" Label="LocalAppDataPlatform" />
-  </ImportGroup>
-  <PropertyGroup Label="UserMacros" />
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <LinkIncremental>true</LinkIncremental>
-    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
-    <IntDir>.\$(Configuration)\</IntDir>
-  </PropertyGroup>
-  <PropertyGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <LinkIncremental>false</LinkIncremental>
-    <OutDir>..\..\..\Build\$(Configuration)\</OutDir>
-    <IntDir>.\$(Configuration)\</IntDir>
-  </PropertyGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Debug|@PLATFORM@'">
-    <ClCompile>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <WarningLevel>Level3</WarningLevel>
-      <Optimization>Disabled</Optimization>
-      <PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <BrowseInformation>true</BrowseInformation>
-      <AdditionalIncludeDirectories>..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@GEOIP_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\win32\include;..\..\..\lib\dns\include;..\..\..\lib\irs\win32\include;..\..\..\lib\irs\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>true</GenerateDebugInformation>
-      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@libisc.lib;libdns.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
-    <ClCompile>
-      <WarningLevel>Level3</WarningLevel>
-      <PrecompiledHeader>
-      </PrecompiledHeader>
-      <Optimization>MaxSpeed</Optimization>
-      <FunctionLevelLinking>true</FunctionLevelLinking>
-      <IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
-      <PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
-      <InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
-      <WholeProgramOptimization>false</WholeProgramOptimization>
-      <StringPooling>true</StringPooling>
-      <PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
-      <AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
-      <ObjectFileName>.\$(Configuration)\</ObjectFileName>
-      <ProgramDataBaseFileName>$(OutDir)$(TargetName).pdb</ProgramDataBaseFileName>
-      <AdditionalIncludeDirectories>..\..\..\;@LIBXML2_INC@@OPENSSL_INC@@GEOIP_INC@..\..\..\lib\isc\win32;..\..\..\lib\isc\win32\include;..\..\..\lib\isc\include;..\..\..\lib\isccfg\include;..\..\..\lib\dns\win32\include;..\..\..\lib\dns\include;..\..\..\lib\irs\win32\include;..\..\..\lib\irs\include;%(AdditionalIncludeDirectories)</AdditionalIncludeDirectories>
-      <CompileAs>CompileAsC</CompileAs>
-    </ClCompile>
-    <Link>
-      <SubSystem>Console</SubSystem>
-      <GenerateDebugInformation>false</GenerateDebugInformation>
-      <EnableCOMDATFolding>true</EnableCOMDATFolding>
-      <OptimizeReferences>true</OptimizeReferences>
-      <OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
-      <LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
-      <AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
-      <AdditionalDependencies>@OPENSSL_LIB@libisc.lib;libdns.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
-    </Link>
-  </ItemDefinitionGroup>
-  <ItemGroup>
-    <ClCompile Include="..\delv.c" />
-  </ItemGroup>
-  <Import Project="$(VCTargetsPath)\Microsoft.Cpp.targets" />
-  <ImportGroup Label="ExtensionTargets">
-  </ImportGroup>
-</Project>

bin/delv/win32/delv.vcxproj.user

@@ -1,3 +0,0 @@
-<?xml version="1.0" encoding="utf-8"?>
-<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
-</Project>

bin/dig/.gitignore

@@ -1,7 +0,0 @@
-/dig
-/host
-/nslookup
-.libs
-dig-symtbl.c
-host-symtbl.c
-nslookup-symtbl.c

bin/dig/Makefile.in

@@ -1,113 +0,0 @@
-# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-#
-# This Source Code Form is subject to the terms of the Mozilla Public
-# License, v. 2.0. If a copy of the MPL was not distributed with this
-# file, You can obtain one at http://mozilla.org/MPL/2.0/.
-#
-# See the COPYRIGHT file distributed with this work for additional
-# information regarding copyright ownership.
-
-srcdir =	@srcdir@
-VPATH =		@srcdir@
-top_srcdir =	@top_srcdir@
-
-VERSION=@BIND9_VERSION@
-
-@BIND9_MAKE_INCLUDES@
-
-READLINE_LIB = @READLINE_LIB@
-
-CINCLUDES =	-I${srcdir}/include ${DNS_INCLUDES} \
-		${BIND9_INCLUDES} ${ISC_INCLUDES} \
-		${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @OPENSSL_INCLUDES@
-
-CDEFINES =	-DVERSION=\"${VERSION}\"
-CWARNINGS =
-
-ISCCFGLIBS =	../../lib/isccfg/libisccfg.@A@
-DNSLIBS =	../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
-BIND9LIBS =	../../lib/bind9/libbind9.@A@
-ISCLIBS =	../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
-ISCNOSYMLIBS =	../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
-IRSLIBS =	../../lib/irs/libirs.@A@
-
-ISCCFGDEPLIBS =	../../lib/isccfg/libisccfg.@A@
-DNSDEPLIBS =	../../lib/dns/libdns.@A@
-BIND9DEPLIBS =	../../lib/bind9/libbind9.@A@
-ISCDEPLIBS =	../../lib/isc/libisc.@A@
-IRSDEPLIBS =	../../lib/irs/libirs.@A@
-
-DEPLIBS =	${DNSDEPLIBS} ${IRSDEPLIBS} ${BIND9DEPLIBS} \
-		${ISCDEPLIBS} ${ISCCFGDEPLIBS}
-
-LIBS =		${DNSLIBS} ${IRSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
-		${ISCLIBS} @LIBIDN2_LIBS@ @LIBS@
-
-NOSYMLIBS =	${DNSLIBS} ${IRSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
-		${ISCNOSYMLIBS} @LIBIDN2_LIBS@ @LIBS@
-
-SUBDIRS =
-
-TARGETS =	dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@
-
-OBJS =		dig.@O@ dighost.@O@ host.@O@ nslookup.@O@
-
-UOBJS =
-
-SRCS =		dig.c dighost.c host.c nslookup.c
-
-MANPAGES =	dig.1 host.1 nslookup.1
-
-HTMLPAGES =	dig.html host.html nslookup.html
-
-MANOBJS =	${MANPAGES} ${HTMLPAGES}
-
-@BIND9_MAKE_RULES@
-
-LDFLAGS =	@LDFLAGS@ @LIBIDN2_LDFLAGS@
-
-dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \
-	export LIBS0="${DNSLIBS} ${IRSLIBS}"; \
-	${FINALBUILDCMD}
-
-host@EXEEXT@: host.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	export BASEOBJS="host.@O@ dighost.@O@ ${UOBJS}"; \
-	export LIBS0="${DNSLIBS} ${IRSLIBS}"; \
-	${FINALBUILDCMD}
-
-nslookup@EXEEXT@: nslookup.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
-	export BASEOBJS="nslookup.@O@ dighost.@O@ ${READLINE_LIB} ${UOBJS}"; \
-	export LIBS0="${DNSLIBS} ${IRSLIBS}"; \
-	${FINALBUILDCMD}
-
-doc man:: ${MANOBJS}
-
-docclean manclean maintainer-clean::
-	rm -f ${MANOBJS}
-
-clean distclean maintainer-clean::
-	rm -f ${TARGETS}
-
-installdirs:
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${bindir}
-	$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man1
-
-install:: dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@ installdirs
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
-		dig@EXEEXT@ ${DESTDIR}${bindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
-		host@EXEEXT@ ${DESTDIR}${bindir}
-	${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
-		nslookup@EXEEXT@ ${DESTDIR}${bindir}
-	for m in ${MANPAGES}; do \
-		${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1 || exit 1; \
-	done
-
-uninstall::
-	for m in ${MANPAGES}; do \
-		rm -f ${DESTDIR}${mandir}/man1/$$m || exit 1; \
-	done
-	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/nslookup@EXEEXT@
-	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/host@EXEEXT@
-	${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/dig@EXEEXT@

bin/dig/dig.1

@@ -1,828 +0,0 @@
-.\" Copyright (C) 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
-.\"
-.hy 0
-.ad l
-'\" t
-.\"     Title: dig
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 2014-02-19
-.\"    Manual: BIND9
-.\"    Source: ISC
-.\"  Language: English
-.\"
-.TH "DIG" "1" "2014\-02\-19" "ISC" "BIND9"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-dig \- DNS lookup utility
-.SH "SYNOPSIS"
-.HP \w'\fBdig\fR\ 'u
-\fBdig\fR [@server] [\fB\-b\ \fR\fB\fIaddress\fR\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-f\ \fR\fB\fIfilename\fR\fR] [\fB\-k\ \fR\fB\fIfilename\fR\fR] [\fB\-m\fR] [\fB\-p\ \fR\fB\fIport#\fR\fR] [\fB\-q\ \fR\fB\fIname\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-v\fR] [\fB\-x\ \fR\fB\fIaddr\fR\fR] [\fB\-y\ \fR\fB\fI[hmac:]\fR\fIname:key\fR\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [name] [type] [class] [queryopt...]
-.HP \w'\fBdig\fR\ 'u
-\fBdig\fR [\fB\-h\fR]
-.HP \w'\fBdig\fR\ 'u
-\fBdig\fR [global\-queryopt...] [query...]
-.SH "DESCRIPTION"
-.PP
-\fBdig\fR
-is a flexible tool for interrogating DNS name servers\&. It performs DNS lookups and displays the answers that are returned from the name server(s) that were queried\&. Most DNS administrators use
-\fBdig\fR
-to troubleshoot DNS problems because of its flexibility, ease of use and clarity of output\&. Other lookup tools tend to have less functionality than
-\fBdig\fR\&.
-.PP
-Although
-\fBdig\fR
-is normally used with command\-line arguments, it also has a batch mode of operation for reading lookup requests from a file\&. A brief summary of its command\-line arguments and options is printed when the
-\fB\-h\fR
-option is given\&. Unlike earlier versions, the BIND 9 implementation of
-\fBdig\fR
-allows multiple lookups to be issued from the command line\&.
-.PP
-Unless it is told to query a specific name server,
-\fBdig\fR
-will try each of the servers listed in
-/etc/resolv\&.conf\&. If no usable server addresses are found,
-\fBdig\fR
-will send the query to the local host\&.
-.PP
-When no command line arguments or options are given,
-\fBdig\fR
-will perform an NS query for "\&." (the root)\&.
-.PP
-It is possible to set per\-user defaults for
-\fBdig\fR
-via
-${HOME}/\&.digrc\&. This file is read and any options in it are applied before the command line arguments\&. The
-\fB\-r\fR
-option disables this feature, for scripts that need predictable behaviour\&.
-.PP
-The IN and CH class names overlap with the IN and CH top level domain names\&. Either use the
-\fB\-t\fR
-and
-\fB\-c\fR
-options to specify the type and class, use the
-\fB\-q\fR
-the specify the domain name, or use "IN\&." and "CH\&." when looking up these top level domains\&.
-.SH "SIMPLE USAGE"
-.PP
-A typical invocation of
-\fBdig\fR
-looks like:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
- dig @server name type 
-.fi
-.if n \{\
-.RE
-.\}
-.sp
-where:
-.PP
-\fBserver\fR
-.RS 4
-is the name or IP address of the name server to query\&. This can be an IPv4 address in dotted\-decimal notation or an IPv6 address in colon\-delimited notation\&. When the supplied
-\fIserver\fR
-argument is a hostname,
-\fBdig\fR
-resolves that name before querying that name server\&.
-.sp
-If no
-\fIserver\fR
-argument is provided,
-\fBdig\fR
-consults
-/etc/resolv\&.conf; if an address is found there, it queries the name server at that address\&. If either of the
-\fB\-4\fR
-or
-\fB\-6\fR
-options are in use, then only addresses for the corresponding transport will be tried\&. If no usable addresses are found,
-\fBdig\fR
-will send the query to the local host\&. The reply from the name server that responds is displayed\&.
-.RE
-.PP
-\fBname\fR
-.RS 4
-is the name of the resource record that is to be looked up\&.
-.RE
-.PP
-\fBtype\fR
-.RS 4
-indicates what type of query is required \(em ANY, A, MX, SIG, etc\&.
-\fItype\fR
-can be any valid query type\&. If no
-\fItype\fR
-argument is supplied,
-\fBdig\fR
-will perform a lookup for an A record\&.
-.RE
-.SH "OPTIONS"
-.PP
-\-4
-.RS 4
-Use IPv4 only\&.
-.RE
-.PP
-\-6
-.RS 4
-Use IPv6 only\&.
-.RE
-.PP
-\-b \fIaddress\fR\fI[#port]\fR
-.RS 4
-Set the source IP address of the query\&. The
-\fIaddress\fR
-must be a valid address on one of the host\*(Aqs network interfaces, or "0\&.0\&.0\&.0" or "::"\&. An optional port may be specified by appending "#<port>"
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Set the query class\&. The default
-\fIclass\fR
-is IN; other classes are HS for Hesiod records or CH for Chaosnet records\&.
-.RE
-.PP
-\-f \fIfile\fR
-.RS 4
-Batch mode:
-\fBdig\fR
-reads a list of lookup requests to process from the given
-\fIfile\fR\&. Each line in the file should be organized in the same way they would be presented as queries to
-\fBdig\fR
-using the command\-line interface\&.
-.RE
-.PP
-\-k \fIkeyfile\fR
-.RS 4
-Sign queries using TSIG using a key read from the given file\&. Key files can be generated using
-\fBtsig-keygen\fR(8)\&. When using TSIG authentication with
-\fBdig\fR, the name server that is queried needs to know the key and algorithm that is being used\&. In BIND, this is done by providing appropriate
-\fBkey\fR
-and
-\fBserver\fR
-statements in
-named\&.conf\&.
-.RE
-.PP
-\-m
-.RS 4
-Enable memory usage debugging\&.
-.RE
-.PP
-\-p \fIport\fR
-.RS 4
-Send the query to a non\-standard port on the server, instead of the default port 53\&. This option would be used to test a name server that has been configured to listen for queries on a non\-standard port number\&.
-.RE
-.PP
-\-q \fIname\fR
-.RS 4
-The domain name to query\&. This is useful to distinguish the
-\fIname\fR
-from other arguments\&.
-.RE
-.PP
-\-r
-.RS 4
-Do not read options from
-${HOME}/\&.digrc\&. This is useful for scripts that need predictable behaviour\&.
-.RE
-.PP
-\-t \fItype\fR
-.RS 4
-The resource record type to query\&. It can be any valid query type\&. If it is a resource record type supported in BIND 9, it can be given by the type mnemonic (such as "NS" or "AAAA")\&. The default query type is "A", unless the
-\fB\-x\fR
-option is supplied to indicate a reverse lookup\&. A zone transfer can be requested by specifying a type of AXFR\&. When an incremental zone transfer (IXFR) is required, set the
-\fItype\fR
-to
-ixfr=N\&. The incremental zone transfer will contain the changes made to the zone since the serial number in the zone\*(Aqs SOA record was
-\fIN\fR\&.
-.sp
-All resource record types can be expressed as "TYPEnn", where "nn" is the number of the type\&. If the resource record type is not supported in BIND 9, the result will be displayed as described in RFC 3597\&.
-.RE
-.PP
-\-u
-.RS 4
-Print query times in microseconds instead of milliseconds\&.
-.RE
-.PP
-\-v
-.RS 4
-Print the version number and exit\&.
-.RE
-.PP
-\-x \fIaddr\fR
-.RS 4
-Simplified reverse lookups, for mapping addresses to names\&. The
-\fIaddr\fR
-is an IPv4 address in dotted\-decimal notation, or a colon\-delimited IPv6 address\&. When the
-\fB\-x\fR
-is used, there is no need to provide the
-\fIname\fR,
-\fIclass\fR
-and
-\fItype\fR
-arguments\&.
-\fBdig\fR
-automatically performs a lookup for a name like
-94\&.2\&.0\&.192\&.in\-addr\&.arpa
-and sets the query type and class to PTR and IN respectively\&. IPv6 addresses are looked up using nibble format under the IP6\&.ARPA domain\&.
-.RE
-.PP
-\-y \fI[hmac:]\fR\fIkeyname:secret\fR
-.RS 4
-Sign queries using TSIG with the given authentication key\&.
-\fIkeyname\fR
-is the name of the key, and
-\fIsecret\fR
-is the base64 encoded shared secret\&.
-\fIhmac\fR
-is the name of the key algorithm; valid choices are
-hmac\-md5,
-hmac\-sha1,
-hmac\-sha224,
-hmac\-sha256,
-hmac\-sha384, or
-hmac\-sha512\&. If
-\fIhmac\fR
-is not specified, the default is
-hmac\-md5
-or if MD5 was disabled
-hmac\-sha256\&.
-.sp
-NOTE: You should use the
-\fB\-k\fR
-option and avoid the
-\fB\-y\fR
-option, because with
-\fB\-y\fR
-the shared secret is supplied as a command line argument in clear text\&. This may be visible in the output from
-\fBps\fR(1)
-or in a history file maintained by the user\*(Aqs shell\&.
-.RE
-.SH "QUERY OPTIONS"
-.PP
-\fBdig\fR
-provides a number of query options which affect the way in which lookups are made and the results displayed\&. Some of these set or reset flag bits in the query header, some determine which sections of the answer get printed, and others determine the timeout and retry strategies\&.
-.PP
-Each query option is identified by a keyword preceded by a plus sign (+)\&. Some keywords set or reset an option\&. These may be preceded by the string
-no
-to negate the meaning of that keyword\&. Other keywords assign values to options like the timeout interval\&. They have the form
-\fB+keyword=value\fR\&. Keywords may be abbreviated, provided the abbreviation is unambiguous; for example,
-+cd
-is equivalent to
-+cdflag\&. The query options are:
-.PP
-\fB+[no]aaflag\fR
-.RS 4
-A synonym for
-\fI+[no]aaonly\fR\&.
-.RE
-.PP
-\fB+[no]aaonly\fR
-.RS 4
-Sets the "aa" flag in the query\&.
-.RE
-.PP
-\fB+[no]additional\fR
-.RS 4
-Display [do not display] the additional section of a reply\&. The default is to display it\&.
-.RE
-.PP
-\fB+[no]adflag\fR
-.RS 4
-Set [do not set] the AD (authentic data) bit in the query\&. This requests the server to return whether all of the answer and authority sections have all been validated as secure according to the security policy of the server\&. AD=1 indicates that all records have been validated as secure and the answer is not from a OPT\-OUT range\&. AD=0 indicate that some part of the answer was insecure or not validated\&. This bit is set by default\&.
-.RE
-.PP
-\fB+[no]all\fR
-.RS 4
-Set or clear all display flags\&.
-.RE
-.PP
-\fB+[no]answer\fR
-.RS 4
-Display [do not display] the answer section of a reply\&. The default is to display it\&.
-.RE
-.PP
-\fB+[no]authority\fR
-.RS 4
-Display [do not display] the authority section of a reply\&. The default is to display it\&.
-.RE
-.PP
-\fB+[no]badcookie\fR
-.RS 4
-Retry lookup with the new server cookie if a BADCOOKIE response is received\&.
-.RE
-.PP
-\fB+[no]besteffort\fR
-.RS 4
-Attempt to display the contents of messages which are malformed\&. The default is to not display malformed answers\&.
-.RE
-.PP
-\fB+bufsize=B\fR
-.RS 4
-Set the UDP message buffer size advertised using EDNS0 to
-\fIB\fR
-bytes\&. The maximum and minimum sizes of this buffer are 65535 and 0 respectively\&. Values outside this range are rounded up or down appropriately\&. Values other than zero will cause a EDNS query to be sent\&.
-.RE
-.PP
-\fB+[no]cdflag\fR
-.RS 4
-Set [do not set] the CD (checking disabled) bit in the query\&. This requests the server to not perform DNSSEC validation of responses\&.
-.RE
-.PP
-\fB+[no]class\fR
-.RS 4
-Display [do not display] the CLASS when printing the record\&.
-.RE
-.PP
-\fB+[no]cmd\fR
-.RS 4
-Toggles the printing of the initial comment in the output identifying the version of
-\fBdig\fR
-and the query options that have been applied\&. This comment is printed by default\&.
-.RE
-.PP
-\fB+[no]comments\fR
-.RS 4
-Toggle the display of comment lines in the output\&. The default is to print comments\&.
-.RE
-.PP
-\fB+[no]cookie\fR\fB[=####]\fR
-.RS 4
-Send a COOKIE EDNS option, with optional value\&. Replaying a COOKIE from a previous response will allow the server to identify a previous client\&. The default is
-\fB+cookie\fR\&.
-.sp
-\fB+cookie\fR
-is also set when +trace is set to better emulate the default queries from a nameserver\&.
-.RE
-.PP
-\fB+[no]crypto\fR
-.RS 4
-Toggle the display of cryptographic fields in DNSSEC records\&. The contents of these field are unnecessary to debug most DNSSEC validation failures and removing them makes it easier to see the common failures\&. The default is to display the fields\&. When omitted they are replaced by the string "[omitted]" or in the DNSKEY case the key id is displayed as the replacement, e\&.g\&. "[ key id = value ]"\&.
-.RE
-.PP
-\fB+[no]defname\fR
-.RS 4
-Deprecated, treated as a synonym for
-\fI+[no]search\fR
-.RE
-.PP
-\fB+[no]dnssec\fR
-.RS 4
-Requests DNSSEC records be sent by setting the DNSSEC OK bit (DO) in the OPT record in the additional section of the query\&.
-.RE
-.PP
-\fB+domain=somename\fR
-.RS 4
-Set the search list to contain the single domain
-\fIsomename\fR, as if specified in a
-\fBdomain\fR
-directive in
-/etc/resolv\&.conf, and enable search list processing as if the
-\fI+search\fR
-option were given\&.
-.RE
-.PP
-\fB+dscp=value\fR
-.RS 4
-Set the DSCP code point to be used when sending the query\&. Valid DSCP code points are in the range [0\&.\&.63]\&. By default no code point is explicitly set\&.
-.RE
-.PP
-\fB+[no]edns[=#]\fR
-.RS 4
-Specify the EDNS version to query with\&. Valid values are 0 to 255\&. Setting the EDNS version will cause a EDNS query to be sent\&.
-\fB+noedns\fR
-clears the remembered EDNS version\&. EDNS is set to 0 by default\&.
-.RE
-.PP
-\fB+[no]ednsflags[=#]\fR
-.RS 4
-Set the must\-be\-zero EDNS flags bits (Z bits) to the specified value\&. Decimal, hex and octal encodings are accepted\&. Setting a named flag (e\&.g\&. DO) will silently be ignored\&. By default, no Z bits are set\&.
-.RE
-.PP
-\fB+[no]ednsnegotiation\fR
-.RS 4
-Enable / disable EDNS version negotiation\&. By default EDNS version negotiation is enabled\&.
-.RE
-.PP
-\fB+[no]ednsopt[=code[:value]]\fR
-.RS 4
-Specify EDNS option with code point
-\fBcode\fR
-and optionally payload of
-\fBvalue\fR
-as a hexadecimal string\&.
-\fBcode\fR
-can be either an EDNS option name (for example,
-NSID
-or
-ECS), or an arbitrary numeric value\&.
-\fB+noednsopt\fR
-clears the EDNS options to be sent\&.
-.RE
-.PP
-\fB+[no]expire\fR
-.RS 4
-Send an EDNS Expire option\&.
-.RE
-.PP
-\fB+[no]fail\fR
-.RS 4
-Do not try the next server if you receive a SERVFAIL\&. The default is to not try the next server which is the reverse of normal stub resolver behavior\&.
-.RE
-.PP
-\fB+[no]header\-only\fR
-.RS 4
-Send a query with a DNS header without a question section\&. The default is to add a question section\&. The query type and query name are ignored when this is set\&.
-.RE
-.PP
-\fB+[no]identify\fR
-.RS 4
-Show [or do not show] the IP address and port number that supplied the answer when the
-\fI+short\fR
-option is enabled\&. If short form answers are requested, the default is not to show the source address and port number of the server that provided the answer\&.
-.RE
-.PP
-\fB+[no]idnin\fR
-.RS 4
-Process [do not process] IDN domain names on input\&. This requires IDN SUPPORT to have been enabled at compile time\&.
-.sp
-The default is to process IDN input when standard output is a tty\&. The IDN processing on input is disabled when dig output is redirected to files, pipes, and other non\-tty file descriptors\&.
-.RE
-.PP
-\fB+[no]idnout\fR
-.RS 4
-Convert [do not convert] puny code on output\&. This requires IDN SUPPORT to have been enabled at compile time\&.
-.sp
-The default is to process puny code on output when standard output is a tty\&. The puny code processing on output is disabled when dig output is redirected to files, pipes, and other non\-tty file descriptors\&.
-.RE
-.PP
-\fB+[no]ignore\fR
-.RS 4
-Ignore truncation in UDP responses instead of retrying with TCP\&. By default, TCP retries are performed\&.
-.RE
-.PP
-\fB+[no]keepalive\fR
-.RS 4
-Send [or do not send] an EDNS Keepalive option\&.
-.RE
-.PP
-\fB+[no]keepopen\fR
-.RS 4
-Keep the TCP socket open between queries and reuse it rather than creating a new TCP socket for each lookup\&. The default is
-\fB+nokeepopen\fR\&.
-.RE
-.PP
-\fB+[no]mapped\fR
-.RS 4
-Allow mapped IPv4 over IPv6 addresses to be used\&. The default is
-\fB+mapped\fR\&.
-.RE
-.PP
-\fB+[no]multiline\fR
-.RS 4
-Print records like the SOA records in a verbose multi\-line format with human\-readable comments\&. The default is to print each record on a single line, to facilitate machine parsing of the
-\fBdig\fR
-output\&.
-.RE
-.PP
-\fB+ndots=D\fR
-.RS 4
-Set the number of dots that have to appear in
-\fIname\fR
-to
-\fID\fR
-for it to be considered absolute\&. The default value is that defined using the ndots statement in
-/etc/resolv\&.conf, or 1 if no ndots statement is present\&. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
-\fBsearch\fR
-or
-\fBdomain\fR
-directive in
-/etc/resolv\&.conf
-if
-\fB+search\fR
-is set\&.
-.RE
-.PP
-\fB+[no]nsid\fR
-.RS 4
-Include an EDNS name server ID request when sending a query\&.
-.RE
-.PP
-\fB+[no]nssearch\fR
-.RS 4
-When this option is set,
-\fBdig\fR
-attempts to find the authoritative name servers for the zone containing the name being looked up and display the SOA record that each name server has for the zone\&. Addresses of servers that that did not respond are also printed\&.
-.RE
-.PP
-\fB+[no]onesoa\fR
-.RS 4
-Print only one (starting) SOA record when performing an AXFR\&. The default is to print both the starting and ending SOA records\&.
-.RE
-.PP
-\fB+[no]opcode=value\fR
-.RS 4
-Set [restore] the DNS message opcode to the specified value\&. The default value is QUERY (0)\&.
-.RE
-.PP
-\fB+padding=value\fR
-.RS 4
-Pad the size of the query packet using the EDNS Padding option to blocks of
-\fIvalue\fR
-bytes\&. For example,
-\fB+padding=32\fR
-would cause a 48\-byte query to be padded to 64 bytes\&. The default block size is 0, which disables padding\&. The maximum is 512\&. Values are ordinarily expected to be powers of two, such as 128; however, this is not mandatory\&. Responses to padded queries may also be padded, but only if the query uses TCP or DNS COOKIE\&.
-.RE
-.PP
-\fB+[no]qr\fR
-.RS 4
-Print [do not print] the query as it is sent\&. By default, the query is not printed\&.
-.RE
-.PP
-\fB+[no]question\fR
-.RS 4
-Print [do not print] the question section of a query when an answer is returned\&. The default is to print the question section as a comment\&.
-.RE
-.PP
-\fB+[no]raflag\fR
-.RS 4
-Set [do not set] the RA (Recursion Available) bit in the query\&. The default is +noraflag\&. This bit should be ignored by the server for QUERY\&.
-.RE
-.PP
-\fB+[no]rdflag\fR
-.RS 4
-A synonym for
-\fI+[no]recurse\fR\&.
-.RE
-.PP
-\fB+[no]recurse\fR
-.RS 4
-Toggle the setting of the RD (recursion desired) bit in the query\&. This bit is set by default, which means
-\fBdig\fR
-normally sends recursive queries\&. Recursion is automatically disabled when the
-\fI+nssearch\fR
-or
-\fI+trace\fR
-query options are used\&.
-.RE
-.PP
-\fB+retry=T\fR
-.RS 4
-Sets the number of times to retry UDP queries to server to
-\fIT\fR
-instead of the default, 2\&. Unlike
-\fI+tries\fR, this does not include the initial query\&.
-.RE
-.PP
-\fB+[no]rrcomments\fR
-.RS 4
-Toggle the display of per\-record comments in the output (for example, human\-readable key information about DNSKEY records)\&. The default is not to print record comments unless multiline mode is active\&.
-.RE
-.PP
-\fB+[no]search\fR
-.RS 4
-Use [do not use] the search list defined by the searchlist or domain directive in
-resolv\&.conf
-(if any)\&. The search list is not used by default\&.
-.sp
-\*(Aqndots\*(Aq from
-resolv\&.conf
-(default 1) which may be overridden by
-\fI+ndots\fR
-determines if the name will be treated as relative or not and hence whether a search is eventually performed or not\&.
-.RE
-.PP
-\fB+[no]short\fR
-.RS 4
-Provide a terse answer\&. The default is to print the answer in a verbose form\&.
-.RE
-.PP
-\fB+[no]showsearch\fR
-.RS 4
-Perform [do not perform] a search showing intermediate results\&.
-.RE
-.PP
-\fB+[no]sigchase\fR
-.RS 4
-This feature is now obsolete and has been removed; use
-\fBdelv\fR
-instead\&.
-.RE
-.PP
-\fB+split=W\fR
-.RS 4
-Split long hex\- or base64\-formatted fields in resource records into chunks of
-\fIW\fR
-characters (where
-\fIW\fR
-is rounded up to the nearest multiple of 4)\&.
-\fI+nosplit\fR
-or
-\fI+split=0\fR
-causes fields not to be split at all\&. The default is 56 characters, or 44 characters when multiline mode is active\&.
-.RE
-.PP
-\fB+[no]stats\fR
-.RS 4
-This query option toggles the printing of statistics: when the query was made, the size of the reply and so on\&. The default behavior is to print the query statistics\&.
-.RE
-.PP
-\fB+[no]subnet=addr[/prefix\-length]\fR
-.RS 4
-Send (don\*(Aqt send) an EDNS Client Subnet option with the specified IP address or network prefix\&.
-.sp
-\fBdig +subnet=0\&.0\&.0\&.0/0\fR, or simply
-\fBdig +subnet=0\fR
-for short, sends an EDNS CLIENT\-SUBNET option with an empty address and a source prefix\-length of zero, which signals a resolver that the client\*(Aqs address information must
-\fInot\fR
-be used when resolving this query\&.
-.RE
-.PP
-\fB+[no]tcflag\fR
-.RS 4
-Set [do not set] the TC (TrunCation) bit in the query\&. The default is +notcflag\&. This bit should be ignored by the server for QUERY\&.
-.RE
-.PP
-\fB+[no]tcp\fR
-.RS 4
-Use [do not use] TCP when querying name servers\&. The default behavior is to use UDP unless a type
-any
-or
-ixfr=N
-query is requested, in which case the default is TCP\&. AXFR queries always use TCP\&.
-.RE
-.PP
-\fB+timeout=T\fR
-.RS 4
-Sets the timeout for a query to
-\fIT\fR
-seconds\&. The default timeout is 5 seconds\&. An attempt to set
-\fIT\fR
-to less than 1 will result in a query timeout of 1 second being applied\&.
-.RE
-.PP
-\fB+[no]topdown\fR
-.RS 4
-This feature is related to
-\fBdig +sigchase\fR, which is obsolete and has been removed\&. Use
-\fBdelv\fR
-instead\&.
-.RE
-.PP
-\fB+[no]trace\fR
-.RS 4
-Toggle tracing of the delegation path from the root name servers for the name being looked up\&. Tracing is disabled by default\&. When tracing is enabled,
-\fBdig\fR
-makes iterative queries to resolve the name being looked up\&. It will follow referrals from the root servers, showing the answer from each server that was used to resolve the lookup\&.
-.sp
-If @server is also specified, it affects only the initial query for the root zone name servers\&.
-.sp
-\fB+dnssec\fR
-is also set when +trace is set to better emulate the default queries from a nameserver\&.
-.RE
-.PP
-\fB+tries=T\fR
-.RS 4
-Sets the number of times to try UDP queries to server to
-\fIT\fR
-instead of the default, 3\&. If
-\fIT\fR
-is less than or equal to zero, the number of tries is silently rounded up to 1\&.
-.RE
-.PP
-\fB+trusted\-key=####\fR
-.RS 4
-Formerly specified trusted keys for use with
-\fBdig +sigchase\fR\&. This feature is now obsolete and has been removed; use
-\fBdelv\fR
-instead\&.
-.RE
-.PP
-\fB+[no]ttlid\fR
-.RS 4
-Display [do not display] the TTL when printing the record\&.
-.RE
-.PP
-\fB+[no]ttlunits\fR
-.RS 4
-Display [do not display] the TTL in friendly human\-readable time units of "s", "m", "h", "d", and "w", representing seconds, minutes, hours, days and weeks\&. Implies +ttlid\&.
-.RE
-.PP
-\fB+[no]unknownformat\fR
-.RS 4
-Print all RDATA in unknown RR type presentation format (RFC 3597)\&. The default is to print RDATA for known types in the type\*(Aqs presentation format\&.
-.RE
-.PP
-\fB+[no]vc\fR
-.RS 4
-Use [do not use] TCP when querying name servers\&. This alternate syntax to
-\fI+[no]tcp\fR
-is provided for backwards compatibility\&. The "vc" stands for "virtual circuit"\&.
-.RE
-.PP
-\fB+[no]zflag\fR
-.RS 4
-Set [do not set] the last unassigned DNS header flag in a DNS query\&. This flag is off by default\&.
-.RE
-.SH "MULTIPLE QUERIES"
-.PP
-The BIND 9 implementation of
-\fBdig \fR
-supports specifying multiple queries on the command line (in addition to supporting the
-\fB\-f\fR
-batch file option)\&. Each of those queries can be supplied with its own set of flags, options and query options\&.
-.PP
-In this case, each
-\fIquery\fR
-argument represent an individual query in the command\-line syntax described above\&. Each consists of any of the standard options and flags, the name to be looked up, an optional query type and class and any query options that should be applied to that query\&.
-.PP
-A global set of query options, which should be applied to all queries, can also be supplied\&. These global query options must precede the first tuple of name, class, type, options, flags, and query options supplied on the command line\&. Any global query options (except
-\fB+[no]cmd\fR
-and
-\fB+[no]short\fR
-options) can be overridden by a query\-specific set of query options\&. For example:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-dig +qr www\&.isc\&.org any \-x 127\&.0\&.0\&.1 isc\&.org ns +noqr
-.fi
-.if n \{\
-.RE
-.\}
-.sp
-shows how
-\fBdig\fR
-could be used from the command line to make three lookups: an ANY query for
-www\&.isc\&.org, a reverse lookup of 127\&.0\&.0\&.1 and a query for the NS records of
-isc\&.org\&. A global query option of
-\fI+qr\fR
-is applied, so that
-\fBdig\fR
-shows the initial query it made for each lookup\&. The final query has a local query option of
-\fI+noqr\fR
-which means that
-\fBdig\fR
-will not print the initial query when it looks up the NS records for
-isc\&.org\&.
-.SH "IDN SUPPORT"
-.PP
-If
-\fBdig\fR
-has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
-\fBdig\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, use parameters
-\fI+noidnin\fR
-and
-\fI+noidnout\fR
-or define the
-\fBIDN_DISABLE\fR
-environment variable\&.
-.SH "FILES"
-.PP
-/etc/resolv\&.conf
-.PP
-${HOME}/\&.digrc
-.SH "SEE ALSO"
-.PP
-\fBdelv\fR(1),
-\fBhost\fR(1),
-\fBnamed\fR(8),
-\fBdnssec-keygen\fR(8),
-RFC 1035\&.
-.SH "BUGS"
-.PP
-There are probably too many query options\&.
-.SH "AUTHOR"
-.PP
-\fBInternet Systems Consortium, Inc\&.\fR
-.SH "COPYRIGHT"
-.br
-Copyright \(co 2000-2011, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dig/host.1

@@ -1,273 +0,0 @@
-.\" Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
-.\"
-.hy 0
-.ad l
-'\" t
-.\"     Title: host
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 2009-01-20
-.\"    Manual: BIND9
-.\"    Source: ISC
-.\"  Language: English
-.\"
-.TH "HOST" "1" "2009\-01\-20" "ISC" "BIND9"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-host \- DNS lookup utility
-.SH "SYNOPSIS"
-.HP \w'\fBhost\fR\ 'u
-\fBhost\fR [\fB\-aACdlnrsTUwv\fR] [\fB\-c\ \fR\fB\fIclass\fR\fR] [\fB\-N\ \fR\fB\fIndots\fR\fR] [\fB\-R\ \fR\fB\fInumber\fR\fR] [\fB\-t\ \fR\fB\fItype\fR\fR] [\fB\-W\ \fR\fB\fIwait\fR\fR] [\fB\-m\ \fR\fB\fIflag\fR\fR] [[\fB\-4\fR] | [\fB\-6\fR]] [\fB\-v\fR] [\fB\-V\fR] {name} [server]
-.SH "DESCRIPTION"
-.PP
-\fBhost\fR
-is a simple utility for performing DNS lookups\&. It is normally used to convert names to IP addresses and vice versa\&. When no arguments or options are given,
-\fBhost\fR
-prints a short summary of its command line arguments and options\&.
-.PP
-\fIname\fR
-is the domain name that is to be looked up\&. It can also be a dotted\-decimal IPv4 address or a colon\-delimited IPv6 address, in which case
-\fBhost\fR
-will by default perform a reverse lookup for that address\&.
-\fIserver\fR
-is an optional argument which is either the name or IP address of the name server that
-\fBhost\fR
-should query instead of the server or servers listed in
-/etc/resolv\&.conf\&.
-.SH "OPTIONS"
-.PP
-\-4
-.RS 4
-Use IPv4 only for query transport\&. See also the
-\fB\-6\fR
-option\&.
-.RE
-.PP
-\-6
-.RS 4
-Use IPv6 only for query transport\&. See also the
-\fB\-4\fR
-option\&.
-.RE
-.PP
-\-a
-.RS 4
-"All"\&. The
-\fB\-a\fR
-option is normally equivalent to
-\fB\-v \-t \fR\fBANY\fR\&. It also affects the behaviour of the
-\fB\-l\fR
-list zone option\&.
-.RE
-.PP
-\-A
-.RS 4
-"Almost all"\&. The
-\fB\-A\fR
-option is equivalent to
-\fB\-a\fR
-except RRSIG, NSEC, and NSEC3 records are omitted from the output\&.
-.RE
-.PP
-\-c \fIclass\fR
-.RS 4
-Query class: This can be used to lookup HS (Hesiod) or CH (Chaosnet) class resource records\&. The default class is IN (Internet)\&.
-.RE
-.PP
-\-C
-.RS 4
-Check consistency:
-\fBhost\fR
-will query the SOA records for zone
-\fIname\fR
-from all the listed authoritative name servers for that zone\&. The list of name servers is defined by the NS records that are found for the zone\&.
-.RE
-.PP
-\-d
-.RS 4
-Print debugging traces\&. Equivalent to the
-\fB\-v\fR
-verbose option\&.
-.RE
-.PP
-\-l
-.RS 4
-List zone: The
-\fBhost\fR
-command performs a zone transfer of zone
-\fIname\fR
-and prints out the NS, PTR and address records (A/AAAA)\&.
-.sp
-Together, the
-\fB\-l \-a\fR
-options print all records in the zone\&.
-.RE
-.PP
-\-N \fIndots\fR
-.RS 4
-The number of dots that have to be in
-\fIname\fR
-for it to be considered absolute\&. The default value is that defined using the ndots statement in
-/etc/resolv\&.conf, or 1 if no ndots statement is present\&. Names with fewer dots are interpreted as relative names and will be searched for in the domains listed in the
-\fBsearch\fR
-or
-\fBdomain\fR
-directive in
-/etc/resolv\&.conf\&.
-.RE
-.PP
-\-r
-.RS 4
-Non\-recursive query: Setting this option clears the RD (recursion desired) bit in the query\&. This should mean that the name server receiving the query will not attempt to resolve
-\fIname\fR\&. The
-\fB\-r\fR
-option enables
-\fBhost\fR
-to mimic the behavior of a name server by making non\-recursive queries and expecting to receive answers to those queries that can be referrals to other name servers\&.
-.RE
-.PP
-\-R \fInumber\fR
-.RS 4
-Number of retries for UDP queries: If
-\fInumber\fR
-is negative or zero, the number of retries will default to 1\&. The default value is 1, or the value of the
-\fIattempts\fR
-option in
-/etc/resolv\&.conf, if set\&.
-.RE
-.PP
-\-s
-.RS 4
-Do
-\fInot\fR
-send the query to the next nameserver if any server responds with a SERVFAIL response, which is the reverse of normal stub resolver behavior\&.
-.RE
-.PP
-\-t \fItype\fR
-.RS 4
-Query type: The
-\fItype\fR
-argument can be any recognized query type: CNAME, NS, SOA, TXT, DNSKEY, AXFR, etc\&.
-.sp
-When no query type is specified,
-\fBhost\fR
-automatically selects an appropriate query type\&. By default, it looks for A, AAAA, and MX records\&. If the
-\fB\-C\fR
-option is given, queries will be made for SOA records\&. If
-\fIname\fR
-is a dotted\-decimal IPv4 address or colon\-delimited IPv6 address,
-\fBhost\fR
-will query for PTR records\&.
-.sp
-If a query type of IXFR is chosen the starting serial number can be specified by appending an equal followed by the starting serial number (like
-\fB\-t \fR\fBIXFR=12345678\fR)\&.
-.RE
-.PP
-\-T, \-U
-.RS 4
-TCP/UDP: By default,
-\fBhost\fR
-uses UDP when making queries\&. The
-\fB\-T\fR
-option makes it use a TCP connection when querying the name server\&. TCP will be automatically selected for queries that require it, such as zone transfer (AXFR) requests\&. Type ANY queries default to TCP but can be forced to UDP initially using
-\fB\-U\fR\&.
-.RE
-.PP
-\-m \fIflag\fR
-.RS 4
-Memory usage debugging: the flag can be
-\fIrecord\fR,
-\fIusage\fR, or
-\fItrace\fR\&. You can specify the
-\fB\-m\fR
-option more than once to set multiple flags\&.
-.RE
-.PP
-\-v
-.RS 4
-Verbose output\&. Equivalent to the
-\fB\-d\fR
-debug option\&. Verbose output can also be enabled by setting the
-\fIdebug\fR
-option in
-/etc/resolv\&.conf\&.
-.RE
-.PP
-\-V
-.RS 4
-Print the version number and exit\&.
-.RE
-.PP
-\-w
-.RS 4
-Wait forever: The query timeout is set to the maximum possible\&. See also the
-\fB\-W\fR
-option\&.
-.RE
-.PP
-\-W \fIwait\fR
-.RS 4
-Timeout: Wait for up to
-\fIwait\fR
-seconds for a reply\&. If
-\fIwait\fR
-is less than one, the wait interval is set to one second\&.
-.sp
-By default,
-\fBhost\fR
-will wait for 5 seconds for UDP responses and 10 seconds for TCP connections\&. These defaults can be overridden by the
-\fItimeout\fR
-option in
-/etc/resolv\&.conf\&.
-.sp
-See also the
-\fB\-w\fR
-option\&.
-.RE
-.SH "IDN SUPPORT"
-.PP
-If
-\fBhost\fR
-has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
-\fBhost\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, define the
-\fBIDN_DISABLE\fR
-environment variable\&. The IDN support is disabled if the variable is set when
-\fBhost\fR
-runs\&.
-.SH "FILES"
-.PP
-/etc/resolv\&.conf
-.SH "SEE ALSO"
-.PP
-\fBdig\fR(1),
-\fBnamed\fR(8)\&.
-.SH "AUTHOR"
-.PP
-\fBInternet Systems Consortium, Inc\&.\fR
-.SH "COPYRIGHT"
-.br
-Copyright \(co 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
-.br

bin/dig/host.c

@@ -1,894 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-/*! \file */
-
-#include <config.h>
-
-#include <inttypes.h>
-#include <stdbool.h>
-#include <stdlib.h>
-#include <limits.h>
-
-#ifdef HAVE_LOCALE_H
-#include <locale.h>
-#endif
-
-#include <isc/app.h>
-#include <isc/commandline.h>
-#include <isc/netaddr.h>
-#include <isc/print.h>
-#include <isc/string.h>
-#include <isc/util.h>
-#include <isc/task.h>
-
-#include <dns/byaddr.h>
-#include <dns/fixedname.h>
-#include <dns/message.h>
-#include <dns/name.h>
-#include <dns/rdata.h>
-#include <dns/rdataclass.h>
-#include <dns/rdataset.h>
-#include <dns/rdatatype.h>
-#include <dns/rdatastruct.h>
-
-#include <dig/dig.h>
-
-static bool short_form = true, listed_server = false;
-static bool default_lookups = true;
-static int seen_error = -1;
-static bool list_addresses = true;
-static bool list_almost_all = false;
-static dns_rdatatype_t list_type = dns_rdatatype_a;
-static bool printed_server = false;
-static bool ipv4only = false, ipv6only = false;
-
-static const char *opcodetext[] = {
-	"QUERY",
-	"IQUERY",
-	"STATUS",
-	"RESERVED3",
-	"NOTIFY",
-	"UPDATE",
-	"RESERVED6",
-	"RESERVED7",
-	"RESERVED8",
-	"RESERVED9",
-	"RESERVED10",
-	"RESERVED11",
-	"RESERVED12",
-	"RESERVED13",
-	"RESERVED14",
-	"RESERVED15"
-};
-
-static const char *rcodetext[] = {
-	"NOERROR",
-	"FORMERR",
-	"SERVFAIL",
-	"NXDOMAIN",
-	"NOTIMP",
-	"REFUSED",
-	"YXDOMAIN",
-	"YXRRSET",
-	"NXRRSET",
-	"NOTAUTH",
-	"NOTZONE",
-	"RESERVED11",
-	"RESERVED12",
-	"RESERVED13",
-	"RESERVED14",
-	"RESERVED15",
-	"BADVERS"
-};
-
-struct rtype {
-	unsigned int type;
-	const char *text;
-};
-
-struct rtype rtypes[] = {
-	{ 1, 	"has address" },
-	{ 2, 	"name server" },
-	{ 5, 	"is an alias for" },
-	{ 11,	"has well known services" },
-	{ 12,	"domain name pointer" },
-	{ 13,	"host information" },
-	{ 15,	"mail is handled by" },
-	{ 16,	"descriptive text" },
-	{ 19,	"x25 address" },
-	{ 20,	"ISDN address" },
-	{ 24,	"has signature" },
-	{ 25,	"has key" },
-	{ 28,	"has IPv6 address" },
-	{ 29,	"location" },
-	{ 0, NULL }
-};
-
-static char *
-rcode_totext(dns_rcode_t rcode)
-{
-	static char buf[sizeof("?65535")];
-	union {
-		const char *consttext;
-		char *deconsttext;
-	} totext;
-
-	if (rcode >= (sizeof(rcodetext)/sizeof(rcodetext[0]))) {
-		snprintf(buf, sizeof(buf), "?%u", rcode);
-		totext.deconsttext = buf;
-	} else
-		totext.consttext = rcodetext[rcode];
-	return totext.deconsttext;
-}
-
-ISC_PLATFORM_NORETURN_PRE static void
-show_usage(void) ISC_PLATFORM_NORETURN_POST;
-
-static void
-show_usage(void) {
-	fputs(
-"Usage: host [-aCdilrTvVw] [-c class] [-N ndots] [-t type] [-W time]\n"
-"            [-R number] [-m flag] hostname [server]\n"
-"       -a is equivalent to -v -t ANY\n"
-"       -A is like -a but omits RRSIG, NSEC, NSEC3\n"
-"       -c specifies query class for non-IN data\n"
-"       -C compares SOA records on authoritative nameservers\n"
-"       -d is equivalent to -v\n"
-"       -l lists all hosts in a domain, using AXFR\n"
-"       -m set memory debugging flag (trace|record|usage)\n"
-"       -N changes the number of dots allowed before root lookup is done\n"
-"       -r disables recursive processing\n"
-"       -R specifies number of retries for UDP packets\n"
-"       -s a SERVFAIL response should stop query\n"
-"       -t specifies the query type\n"
-"       -T enables TCP/IP mode\n"
-"       -v enables verbose output\n"
-"       -V print version number and exit\n"
-"       -w specifies to wait forever for a reply\n"
-"       -W specifies how long to wait for a reply\n"
-"       -4 use IPv4 query transport only\n"
-"       -6 use IPv6 query transport only\n", stderr);
-	exit(1);
-}
-
-static void
-host_shutdown(void) {
-	(void) isc_app_shutdown();
-}
-
-static void
-received(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query) {
-	isc_time_t now;
-	int diff;
-
-	if (!short_form) {
-		char fromtext[ISC_SOCKADDR_FORMATSIZE];
-		isc_sockaddr_format(from, fromtext, sizeof(fromtext));
-		TIME_NOW(&now);
-		diff = (int) isc_time_microdiff(&now, &query->time_sent);
-		printf("Received %u bytes from %s in %d ms\n",
-		       bytes, fromtext, diff/1000);
-	}
-}
-
-static void
-trying(char *frm, dig_lookup_t *lookup) {
-	UNUSED(lookup);
-
-	if (!short_form)
-		printf("Trying \"%s\"\n", frm);
-}
-
-static void
-say_message(dns_name_t *name, const char *msg, dns_rdata_t *rdata,
-	    dig_query_t *query)
-{
-	isc_buffer_t *b = NULL;
-	char namestr[DNS_NAME_FORMATSIZE];
-	isc_region_t r;
-	isc_result_t result;
-	unsigned int bufsize = BUFSIZ;
-
-	dns_name_format(name, namestr, sizeof(namestr));
- retry:
-	result = isc_buffer_allocate(mctx, &b, bufsize);
-	check_result(result, "isc_buffer_allocate");
-	result = dns_rdata_totext(rdata, NULL, b);
-	if (result == ISC_R_NOSPACE) {
-		isc_buffer_free(&b);
-		bufsize *= 2;
-		goto retry;
-	}
-	check_result(result, "dns_rdata_totext");
-	isc_buffer_usedregion(b, &r);
-	if (query->lookup->identify_previous_line) {
-		printf("Nameserver %s:\n\t",
-			query->servname);
-	}
-	printf("%s %s %.*s", namestr,
-	       msg, (int)r.length, (char *)r.base);
-	if (query->lookup->identify) {
-		printf(" on server %s", query->servname);
-	}
-	printf("\n");
-	isc_buffer_free(&b);
-}
-
-static isc_result_t
-printsection(dns_message_t *msg, dns_section_t sectionid,
-	     const char *section_name, bool headers,
-	     dig_query_t *query)
-{
-	dns_name_t *name, *print_name;
-	dns_rdataset_t *rdataset;
-	dns_rdata_t rdata = DNS_RDATA_INIT;
-	isc_buffer_t target;
-	isc_result_t result, loopresult;
-	isc_region_t r;
-	dns_name_t empty_name;
-	char tbuf[4096];
-	bool first;
-	bool no_rdata;
-
-	if (sectionid == DNS_SECTION_QUESTION)
-		no_rdata = true;
-	else
-		no_rdata = false;
-
-	if (headers)
-		printf(";; %s SECTION:\n", section_name);
-
-	dns_name_init(&empty_name, NULL);
-
-	result = dns_message_firstname(msg, sectionid);
-	if (result == ISC_R_NOMORE)
-		return (ISC_R_SUCCESS);
-	else if (result != ISC_R_SUCCESS)
-		return (result);
-
-	for (;;) {
-		name = NULL;
-		dns_message_currentname(msg, sectionid, &name);
-
-		isc_buffer_init(&target, tbuf, sizeof(tbuf));
-		first = true;
-		print_name = name;
-
-		for (rdataset = ISC_LIST_HEAD(name->list);
-		     rdataset != NULL;
-		     rdataset = ISC_LIST_NEXT(rdataset, link)) {
-			if (query->lookup->rdtype == dns_rdatatype_axfr &&
-			    !((!list_addresses &&
-			       (list_type == dns_rdatatype_any ||
-				rdataset->type == list_type)) ||
-			      (list_addresses &&
-			       (rdataset->type == dns_rdatatype_a ||
-				rdataset->type == dns_rdatatype_aaaa ||
-				rdataset->type == dns_rdatatype_ns ||
-				rdataset->type == dns_rdatatype_ptr))))
-				continue;
-			if (list_almost_all &&
-			       (rdataset->type == dns_rdatatype_rrsig ||
-				rdataset->type == dns_rdatatype_nsec ||
-				rdataset->type == dns_rdatatype_nsec3))
-				continue;
-			if (!short_form) {
-				result = dns_rdataset_totext(rdataset,
-							     print_name,
-							     false,
-							     no_rdata,
-							     &target);
-				if (result != ISC_R_SUCCESS)
-					return (result);
-#ifdef USEINITALWS
-				if (first) {
-					print_name = &empty_name;
-					first = false;
-				}
-#else
-				UNUSED(first); /* Shut up compiler. */
-#endif
-			} else {
-				loopresult = dns_rdataset_first(rdataset);
-				while (loopresult == ISC_R_SUCCESS) {
-					struct rtype *t;
-					const char *rtt;
-					char typebuf[DNS_RDATATYPE_FORMATSIZE];
-					char typebuf2[DNS_RDATATYPE_FORMATSIZE
-						     + 20];
-					dns_rdataset_current(rdataset, &rdata);
-
-					for (t = rtypes; t->text != NULL; t++) {
-						if (t->type == rdata.type) {
-							rtt = t->text;
-							goto found;
-						}
-					}
-
-					dns_rdatatype_format(rdata.type,
-							     typebuf,
-							     sizeof(typebuf));
-					snprintf(typebuf2, sizeof(typebuf2),
-						 "has %s record", typebuf);
-					rtt = typebuf2;
-				found:
-					say_message(print_name, rtt,
-						    &rdata, query);
-					dns_rdata_reset(&rdata);
-					loopresult =
-						dns_rdataset_next(rdataset);
-				}
-			}
-		}
-		if (!short_form) {
-			isc_buffer_usedregion(&target, &r);
-			if (no_rdata)
-				printf(";%.*s", (int)r.length,
-				       (char *)r.base);
-			else
-				printf("%.*s", (int)r.length, (char *)r.base);
-		}
-
-		result = dns_message_nextname(msg, sectionid);
-		if (result == ISC_R_NOMORE)
-			break;
-		else if (result != ISC_R_SUCCESS)
-			return (result);
-	}
-
-	return (ISC_R_SUCCESS);
-}
-
-static isc_result_t
-printrdata(dns_message_t *msg, dns_rdataset_t *rdataset,
-	   const dns_name_t *owner, const char *set_name,
-	   bool headers)
-{
-	isc_buffer_t target;
-	isc_result_t result;
-	isc_region_t r;
-	char tbuf[4096];
-
-	UNUSED(msg);
-	if (headers)
-		printf(";; %s SECTION:\n", set_name);
-
-	isc_buffer_init(&target, tbuf, sizeof(tbuf));
-
-	result = dns_rdataset_totext(rdataset, owner, false, false,
-				     &target);
-	if (result != ISC_R_SUCCESS)
-		return (result);
-	isc_buffer_usedregion(&target, &r);
-	printf("%.*s", (int)r.length, (char *)r.base);
-
-	return (ISC_R_SUCCESS);
-}
-
-static void
-chase_cnamechain(dns_message_t *msg, dns_name_t *qname) {
-	isc_result_t result;
-	dns_rdataset_t *rdataset;
-	dns_rdata_cname_t cname;
-	dns_rdata_t rdata = DNS_RDATA_INIT;
-	unsigned int i = msg->counts[DNS_SECTION_ANSWER];
-
-	while (i-- > 0) {
-		rdataset = NULL;
-		result = dns_message_findname(msg, DNS_SECTION_ANSWER, qname,
-					      dns_rdatatype_cname, 0, NULL,
-					      &rdataset);
-		if (result != ISC_R_SUCCESS)
-			return;
-		result = dns_rdataset_first(rdataset);
-		check_result(result, "dns_rdataset_first");
-		dns_rdata_reset(&rdata);
-		dns_rdataset_current(rdataset, &rdata);
-		result = dns_rdata_tostruct(&rdata, &cname, NULL);
-		check_result(result, "dns_rdata_tostruct");
-		dns_name_copy(&cname.cname, qname, NULL);
-		dns_rdata_freestruct(&cname);
-	}
-}
-
-static isc_result_t
-printmessage(dig_query_t *query, dns_message_t *msg, bool headers) {
-	bool did_flag = false;
-	dns_rdataset_t *opt, *tsig = NULL;
-	const dns_name_t *tsigname;
-	isc_result_t result = ISC_R_SUCCESS;
-	int force_error;
-
-	UNUSED(headers);
-
-	/*
-	 * We get called multiple times.
-	 * Preserve any existing error status.
-	 */
-	force_error = (seen_error == 1) ? 1 : 0;
-	seen_error = 1;
-	if (listed_server && !printed_server) {
-		char sockstr[ISC_SOCKADDR_FORMATSIZE];
-
-		printf("Using domain server:\n");
-		printf("Name: %s\n", query->userarg);
-		isc_sockaddr_format(&query->sockaddr, sockstr,
-				    sizeof(sockstr));
-		printf("Address: %s\n", sockstr);
-		printf("Aliases: \n\n");
-		printed_server = true;
-	}
-
-	if (msg->rcode != 0) {
-		char namestr[DNS_NAME_FORMATSIZE];
-		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
-
-		if (query->lookup->identify_previous_line)
-			printf("Nameserver %s:\n\t%s not found: %d(%s)\n",
-			       query->servname,
-			       (msg->rcode != dns_rcode_nxdomain) ? namestr :
-			       query->lookup->textname, msg->rcode,
-			       rcode_totext(msg->rcode));
-		else
-			printf("Host %s not found: %d(%s)\n",
-			       (msg->rcode != dns_rcode_nxdomain) ? namestr :
-			       query->lookup->textname, msg->rcode,
-			       rcode_totext(msg->rcode));
-		return (ISC_R_SUCCESS);
-	}
-
-	if (default_lookups && query->lookup->rdtype == dns_rdatatype_a) {
-		char namestr[DNS_NAME_FORMATSIZE];
-		dig_lookup_t *lookup;
-		dns_fixedname_t fixed;
-		dns_name_t *name;
-
-		/* Add AAAA and MX lookups. */
-		name = dns_fixedname_initname(&fixed);
-		dns_name_copy(query->lookup->name, name, NULL);
-		chase_cnamechain(msg, name);
-		dns_name_format(name, namestr, sizeof(namestr));
-		lookup = clone_lookup(query->lookup, false);
-		if (lookup != NULL) {
-			strlcpy(lookup->textname, namestr,
-				sizeof(lookup->textname));
-			lookup->rdtype = dns_rdatatype_aaaa;
-			lookup->rdtypeset = true;
-			lookup->origin = NULL;
-			lookup->retries = tries;
-			ISC_LIST_APPEND(lookup_list, lookup, link);
-		}
-		lookup = clone_lookup(query->lookup, false);
-		if (lookup != NULL) {
-			strlcpy(lookup->textname, namestr,
-				sizeof(lookup->textname));
-			lookup->rdtype = dns_rdatatype_mx;
-			lookup->rdtypeset = true;
-			lookup->origin = NULL;
-			lookup->retries = tries;
-			ISC_LIST_APPEND(lookup_list, lookup, link);
-		}
-	}
-
-	if (!short_form) {
-		printf(";; ->>HEADER<<- opcode: %s, status: %s, id: %u\n",
-		       opcodetext[msg->opcode], rcode_totext(msg->rcode),
-		       msg->id);
-		printf(";; flags: ");
-		if ((msg->flags & DNS_MESSAGEFLAG_QR) != 0) {
-			printf("qr");
-			did_flag = true;
-		}
-		if ((msg->flags & DNS_MESSAGEFLAG_AA) != 0) {
-			printf("%saa", did_flag ? " " : "");
-			did_flag = true;
-		}
-		if ((msg->flags & DNS_MESSAGEFLAG_TC) != 0) {
-			printf("%stc", did_flag ? " " : "");
-			did_flag = true;
-		}
-		if ((msg->flags & DNS_MESSAGEFLAG_RD) != 0) {
-			printf("%srd", did_flag ? " " : "");
-			did_flag = true;
-		}
-		if ((msg->flags & DNS_MESSAGEFLAG_RA) != 0) {
-			printf("%sra", did_flag ? " " : "");
-			did_flag = true;
-		}
-		if ((msg->flags & DNS_MESSAGEFLAG_AD) != 0) {
-			printf("%sad", did_flag ? " " : "");
-			did_flag = true;
-		}
-		if ((msg->flags & DNS_MESSAGEFLAG_CD) != 0) {
-			printf("%scd", did_flag ? " " : "");
-			did_flag = true;
-			POST(did_flag);
-		}
-		printf("; QUERY: %u, ANSWER: %u, "
-		       "AUTHORITY: %u, ADDITIONAL: %u\n",
-		       msg->counts[DNS_SECTION_QUESTION],
-		       msg->counts[DNS_SECTION_ANSWER],
-		       msg->counts[DNS_SECTION_AUTHORITY],
-		       msg->counts[DNS_SECTION_ADDITIONAL]);
-		opt = dns_message_getopt(msg);
-		if (opt != NULL)
-			printf(";; EDNS: version: %u, udp=%u\n",
-			       (unsigned int)((opt->ttl & 0x00ff0000) >> 16),
-			       (unsigned int)opt->rdclass);
-		tsigname = NULL;
-		tsig = dns_message_gettsig(msg, &tsigname);
-		if (tsig != NULL)
-			printf(";; PSEUDOSECTIONS: TSIG\n");
-	}
-	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_QUESTION]) &&
-	    !short_form) {
-		printf("\n");
-		result = printsection(msg, DNS_SECTION_QUESTION, "QUESTION",
-				      true, query);
-		if (result != ISC_R_SUCCESS)
-			return (result);
-	}
-	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
-		if (!short_form)
-			printf("\n");
-		result = printsection(msg, DNS_SECTION_ANSWER, "ANSWER",
-				      !short_form, query);
-		if (result != ISC_R_SUCCESS)
-			return (result);
-	}
-
-	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_AUTHORITY]) &&
-	    !short_form) {
-		printf("\n");
-		result = printsection(msg, DNS_SECTION_AUTHORITY, "AUTHORITY",
-				      true, query);
-		if (result != ISC_R_SUCCESS)
-			return (result);
-	}
-	if (! ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ADDITIONAL]) &&
-	    !short_form) {
-		printf("\n");
-		result = printsection(msg, DNS_SECTION_ADDITIONAL,
-				      "ADDITIONAL", true, query);
-		if (result != ISC_R_SUCCESS)
-			return (result);
-	}
-	if ((tsig != NULL) && !short_form) {
-		printf("\n");
-		result = printrdata(msg, tsig, tsigname,
-				    "PSEUDOSECTION TSIG", true);
-		if (result != ISC_R_SUCCESS)
-			return (result);
-	}
-	if (!short_form)
-		printf("\n");
-
-	if (short_form && !default_lookups &&
-	    ISC_LIST_EMPTY(msg->sections[DNS_SECTION_ANSWER])) {
-		char namestr[DNS_NAME_FORMATSIZE];
-		char typestr[DNS_RDATATYPE_FORMATSIZE];
-		dns_name_format(query->lookup->name, namestr, sizeof(namestr));
-		dns_rdatatype_format(query->lookup->rdtype, typestr,
-				     sizeof(typestr));
-		printf("%s has no %s record\n", namestr, typestr);
-	}
-	seen_error = force_error;
-	return (result);
-}
-
-static const char * optstring = "46aAc:dilnm:rst:vVwCDN:R:TUW:";
-
-/*% version */
-static void
-version(void) {
-	fputs("host " VERSION "\n", stderr);
-}
-
-static void
-pre_parse_args(int argc, char **argv) {
-	int c;
-
-	while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
-		switch (c) {
-		case 'm':
-			memdebugging = true;
-			if (strcasecmp("trace", isc_commandline_argument) == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
-			else if (strcasecmp("record",
-					    isc_commandline_argument) == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
-			else if (strcasecmp("usage",
-					    isc_commandline_argument) == 0)
-				isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
-			break;
-
-		case '4':
-			if (ipv6only)
-				fatal("only one of -4 and -6 allowed");
-			ipv4only = true;
-			break;
-		case '6':
-			if (ipv4only)
-				fatal("only one of -4 and -6 allowed");
-			ipv6only = true;
-			break;
-		case 'a': break;
-		case 'A': break;
-		case 'c': break;
-		case 'd': break;
-		case 'i': break;
-		case 'l': break;
-		case 'n': break;
-		case 'r': break;
-		case 's': break;
-		case 't': break;
-		case 'v': break;
-		case 'V':
-			  version();
-			  exit(0);
-			  break;
-		case 'w': break;
-		case 'C': break;
-		case 'D':
-			if (debugging)
-				debugtiming = true;
-			debugging = true;
-			break;
-		case 'N': break;
-		case 'R': break;
-		case 'T': break;
-		case 'W': break;
-		default:
-			show_usage();
-		}
-	}
-	isc_commandline_reset = true;
-	isc_commandline_index = 1;
-}
-
-static void
-parse_args(bool is_batchfile, int argc, char **argv) {
-	char hostname[MXNAME];
-	dig_lookup_t *lookup;
-	int c;
-	char store[MXNAME];
-	isc_textregion_t tr;
-	isc_result_t result = ISC_R_SUCCESS;
-	dns_rdatatype_t rdtype;
-	dns_rdataclass_t rdclass;
-	uint32_t serial = 0;
-
-	UNUSED(is_batchfile);
-
-	lookup = make_empty_lookup();
-
-	lookup->servfail_stops = false;
-	lookup->comments = false;
-	short_form = !verbose;
-
-	while ((c = isc_commandline_parse(argc, argv, optstring)) != -1) {
-		switch (c) {
-		case 'l':
-			lookup->tcp_mode = true;
-			lookup->rdtype = dns_rdatatype_axfr;
-			lookup->rdtypeset = true;
-			fatalexit = 3;
-			break;
-		case 'v':
-		case 'd':
-			short_form = false;
-			break;
-		case 'r':
-			lookup->recurse = false;
-			break;
-		case 't':
-			if (strncasecmp(isc_commandline_argument,
-					"ixfr=", 5) == 0) {
-				rdtype = dns_rdatatype_ixfr;
-				/* XXXMPA add error checking */
-				serial = strtoul(isc_commandline_argument + 5,
-						 NULL, 10);
-				result = ISC_R_SUCCESS;
-			} else {
-				tr.base = isc_commandline_argument;
-				tr.length = strlen(isc_commandline_argument);
-				result = dns_rdatatype_fromtext(&rdtype,
-						   (isc_textregion_t *)&tr);
-			}
-
-			if (result != ISC_R_SUCCESS) {
-				fatalexit = 2;
-				fatal("invalid type: %s\n",
-				      isc_commandline_argument);
-			}
-			if (!lookup->rdtypeset ||
-			    lookup->rdtype != dns_rdatatype_axfr)
-				lookup->rdtype = rdtype;
-			lookup->rdtypeset = true;
-			if (rdtype == dns_rdatatype_axfr) {
-				/* -l -t any -v */
-				list_type = dns_rdatatype_any;
-				short_form = false;
-				lookup->tcp_mode = true;
-			} else if (rdtype == dns_rdatatype_ixfr) {
-				lookup->ixfr_serial = serial;
-				lookup->tcp_mode = true;
-				list_type = rdtype;
-			} else if (rdtype == dns_rdatatype_any) {
-				if (!lookup->tcp_mode_set)
-					lookup->tcp_mode = true;
-			} else
-				list_type = rdtype;
-			list_addresses = false;
-			default_lookups = false;
-			break;
-		case 'c':
-			tr.base = isc_commandline_argument;
-			tr.length = strlen(isc_commandline_argument);
-			result = dns_rdataclass_fromtext(&rdclass,
-						   (isc_textregion_t *)&tr);
-
-			if (result != ISC_R_SUCCESS) {
-				fatalexit = 2;
-				fatal("invalid class: %s\n",
-				      isc_commandline_argument);
-			} else {
-				lookup->rdclass = rdclass;
-				lookup->rdclassset = true;
-			}
-			default_lookups = false;
-			break;
-		case 'A':
-			list_almost_all = true;
-			/* FALL THROUGH */
-		case 'a':
-			if (!lookup->rdtypeset ||
-			    lookup->rdtype != dns_rdatatype_axfr)
-				lookup->rdtype = dns_rdatatype_any;
-			list_type = dns_rdatatype_any;
-			list_addresses = false;
-			lookup->rdtypeset = true;
-			short_form = false;
-			default_lookups = false;
-			break;
-		case 'i':
-			/* deprecated */
-			break;
-		case 'n':
-			/* deprecated */
-			break;
-		case 'm':
-			/* Handled by pre_parse_args(). */
-			break;
-		case 'w':
-			/*
-			 * The timer routines are coded such that
-			 * timeout==MAXINT doesn't enable the timer
-			 */
-			timeout = INT_MAX;
-			break;
-		case 'W':
-			timeout = atoi(isc_commandline_argument);
-			if (timeout < 1)
-				timeout = 1;
-			break;
-		case 'R':
-			tries = atoi(isc_commandline_argument) + 1;
-			if (tries < 2)
-				tries = 2;
-			break;
-		case 'T':
-			lookup->tcp_mode = true;
-			lookup->tcp_mode_set = true;
-			break;
-		case 'U':
-			lookup->tcp_mode = false;
-			lookup->tcp_mode_set = true;
-			break;
-		case 'C':
-			debug("showing all SOAs");
-			lookup->rdtype = dns_rdatatype_ns;
-			lookup->rdtypeset = true;
-			lookup->rdclass = dns_rdataclass_in;
-			lookup->rdclassset = true;
-			lookup->ns_search_only = true;
-			lookup->trace_root = true;
-			lookup->identify_previous_line = true;
-			default_lookups = false;
-			break;
-		case 'N':
-			debug("setting NDOTS to %s",
-			      isc_commandline_argument);
-			ndots = atoi(isc_commandline_argument);
-			break;
-		case 'D':
-			/* Handled by pre_parse_args(). */
-			break;
-		case '4':
-			/* Handled by pre_parse_args(). */
-			break;
-		case '6':
-			/* Handled by pre_parse_args(). */
-			break;
-		case 's':
-			lookup->servfail_stops = true;
-			break;
-		}
-	}
-
-	lookup->retries = tries;
-
-	if (isc_commandline_index >= argc)
-		show_usage();
-
-	strlcpy(hostname, argv[isc_commandline_index], sizeof(hostname));
-
-	if (argc > isc_commandline_index + 1) {
-		set_nameserver(argv[isc_commandline_index+1]);
-		debug("server is %s", argv[isc_commandline_index+1]);
-		listed_server = true;
-	} else
-		check_ra = true;
-
-	lookup->pending = false;
-	if (get_reverse(store, sizeof(store), hostname, true)
-	    == ISC_R_SUCCESS) {
-		strlcpy(lookup->textname, store, sizeof(lookup->textname));
-		lookup->rdtype = dns_rdatatype_ptr;
-		lookup->rdtypeset = true;
-		default_lookups = false;
-	} else {
-		strlcpy(lookup->textname, hostname, sizeof(lookup->textname));
-		usesearch = true;
-	}
-	lookup->new_search = true;
-	ISC_LIST_APPEND(lookup_list, lookup, link);
-}
-
-int
-main(int argc, char **argv) {
-	isc_result_t result;
-
-	tries = 2;
-
-	ISC_LIST_INIT(lookup_list);
-	ISC_LIST_INIT(server_list);
-	ISC_LIST_INIT(search_list);
-
-	fatalexit = 1;
-
-	/* setup dighost callbacks */
-	dighost_printmessage = printmessage;
-	dighost_received = received;
-	dighost_trying = trying;
-	dighost_shutdown = host_shutdown;
-
-	debug("main()");
-	progname = argv[0];
-	pre_parse_args(argc, argv);
-	result = isc_app_start();
-	check_result(result, "isc_app_start");
-	setup_libs();
-	setup_system(ipv4only, ipv6only);
-	parse_args(false, argc, argv);
-	if (keyfile[0] != 0)
-		setup_file_key();
-	else if (keysecret[0] != 0)
-		setup_text_key();
-	result = isc_app_onrun(mctx, global_task, onrun_callback, NULL);
-	check_result(result, "isc_app_onrun");
-	isc_app_run();
-	cancel_all();
-	destroy_libs();
-	isc_app_finish();
-	return ((seen_error == 0) ? 0 : 1);
-}

bin/dig/host.docbook

@@ -1,404 +0,0 @@
-<!DOCTYPE book [
-<!ENTITY mdash "&#8212;">]>
-<!--
- - Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- -
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
- -
- - See the COPYRIGHT file distributed with this work for additional
- - information regarding copyright ownership.
--->
-
-<!-- Converted by db4-upgrade version 1.0 -->
-<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.host">
-  <info>
-    <date>2009-01-20</date>
-  </info>
-  <refentryinfo>
-    <corpname>ISC</corpname>
-    <corpauthor>Internet Systems Consortium, Inc.</corpauthor>
-  </refentryinfo>
-
-  <refmeta>
-    <refentrytitle>host</refentrytitle>
-    <manvolnum>1</manvolnum>
-    <refmiscinfo>BIND9</refmiscinfo>
-  </refmeta>
-
-  <refnamediv>
-    <refname>host</refname>
-    <refpurpose>DNS lookup utility</refpurpose>
-  </refnamediv>
-
-  <docinfo>
-    <copyright>
-      <year>2000</year>
-      <year>2001</year>
-      <year>2002</year>
-      <year>2004</year>
-      <year>2005</year>
-      <year>2007</year>
-      <year>2008</year>
-      <year>2009</year>
-      <year>2014</year>
-      <year>2015</year>
-      <year>2016</year>
-      <year>2017</year>
-      <year>2018</year>
-      <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-    </copyright>
-  </docinfo>
-
-  <refsynopsisdiv>
-    <cmdsynopsis sepchar=" ">
-      <command>host</command>
-      <arg choice="opt" rep="norepeat"><option>-aACdlnrsTUwv</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-N <replaceable class="parameter">ndots</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">number</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-W <replaceable class="parameter">wait</replaceable></option></arg>
-      <arg choice="opt" rep="norepeat"><option>-m <replaceable class="parameter">flag</replaceable></option></arg>
-      <group choice="opt" rep="norepeat">
-	<arg choice="opt" rep="norepeat"><option>-4</option></arg>
-	<arg choice="opt" rep="norepeat"><option>-6</option></arg>
-      </group>
-      <arg choice="opt" rep="norepeat"><option>-v</option></arg>
-      <arg choice="opt" rep="norepeat"><option>-V</option></arg>
-      <arg choice="req" rep="norepeat">name</arg>
-      <arg choice="opt" rep="norepeat">server</arg>
-    </cmdsynopsis>
-  </refsynopsisdiv>
-
-  <refsection><info><title>DESCRIPTION</title></info>
-
-
-    <para><command>host</command>
-      is a simple utility for performing DNS lookups.
-      It is normally used to convert names to IP addresses and vice versa.
-      When no arguments or options are given,
-      <command>host</command>
-      prints a short summary of its command line arguments and options.
-    </para>
-
-    <para><parameter>name</parameter> is the domain name that is to be
-      looked
-      up.  It can also be a dotted-decimal IPv4 address or a colon-delimited
-      IPv6 address, in which case <command>host</command> will by
-      default
-      perform a reverse lookup for that address.
-      <parameter>server</parameter> is an optional argument which
-      is either
-      the name or IP address of the name server that <command>host</command>
-      should query instead of the server or servers listed in
-      <filename>/etc/resolv.conf</filename>.
-    </para>
-
-  </refsection>
-
-  <refsection><info><title>OPTIONS</title></info>
-
-    <variablelist>
-
-      <varlistentry>
-	<term>-4</term>
-	<listitem>
-	  <para>
-	    Use IPv4 only for query transport.
-	    See also the <option>-6</option> option.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-6</term>
-	<listitem>
-	  <para>
-	    Use IPv6 only for query transport.
-	    See also the <option>-4</option> option.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-a</term>
-	<listitem>
-	  <para>
-	    "All". The <option>-a</option> option is normally equivalent
-	    to <option>-v -t <literal>ANY</literal></option>.
-	    It also affects the behaviour of the <option>-l</option>
-	    list zone option.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-A</term>
-	<listitem>
-	  <para>
-	    "Almost all". The <option>-A</option> option is equivalent
-	    to <option>-a</option> except RRSIG, NSEC, and NSEC3
-	    records are omitted from the output.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-c <replaceable class="parameter">class</replaceable></term>
-	<listitem>
-	  <para>
-	    Query class: This can be used to lookup HS (Hesiod) or CH
-	    (Chaosnet) class resource records. The default class is IN
-	    (Internet).
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-C</term>
-	<listitem>
-	  <para>
-	    Check consistency: <command>host</command> will query the
-	    SOA records for zone <parameter>name</parameter> from all
-	    the listed authoritative name servers for that zone. The
-	    list of name servers is defined by the NS records that are
-	    found for the zone.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-d</term>
-	<listitem>
-	  <para>
-	    Print debugging traces.
-	    Equivalent to the <option>-v</option> verbose option.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-l</term>
-	<listitem>
-	  <para>
-	    List zone:
-	    The <command>host</command> command performs a zone transfer of
-	    zone <parameter>name</parameter> and prints out the NS,
-	    PTR and address records (A/AAAA).
-	  </para>
-	  <para>
-	    Together, the <option>-l -a</option>
-	    options print all records in the zone.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-N <replaceable class="parameter">ndots</replaceable></term>
-	<listitem>
-	  <para>
-	    The number of dots that have to be
-	    in <parameter>name</parameter> for it to be considered
-	    absolute. The default value is that defined using the
-	    ndots statement in <filename>/etc/resolv.conf</filename>,
-	    or 1 if no ndots statement is present. Names with fewer
-	    dots are interpreted as relative names and will be
-	    searched for in the domains listed in
-	    the <type>search</type> or <type>domain</type> directive
-	    in <filename>/etc/resolv.conf</filename>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-r</term>
-	<listitem>
-	  <para>
-	    Non-recursive query:
-	    Setting this option clears the RD (recursion desired) bit
-	    in the query. This should mean that the name server
-	    receiving the query will not attempt to
-	    resolve <parameter>name</parameter>.
-	    The <option>-r</option> option
-	    enables <command>host</command> to mimic the behavior of a
-	    name server by making non-recursive queries and expecting
-	    to receive answers to those queries that can be
-	    referrals to other name servers.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-R <replaceable class="parameter">number</replaceable></term>
-	<listitem>
-	  <para>
-	    Number of retries for UDP queries:
-	    If <parameter>number</parameter> is negative or zero, the
-	    number of retries will default to 1. The default value is
-	    1, or the value of the <parameter>attempts</parameter>
-	    option in <filename>/etc/resolv.conf</filename>, if set.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-s</term>
-	<listitem>
-	  <para>
-	    Do <emphasis>not</emphasis> send the query to the next
-	    nameserver if any server responds with a SERVFAIL
-	    response, which is the reverse of normal stub resolver
-	    behavior.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-t <replaceable class="parameter">type</replaceable></term>
-	<listitem>
-	  <para>
-	    Query type:
-	    The <parameter>type</parameter> argument can be any
-	    recognized query type: CNAME, NS, SOA, TXT, DNSKEY, AXFR, etc.
-	  </para>
-	  <para>
-	    When no query type is specified, <command>host</command>
-	    automatically selects an appropriate query type. By default, it
-	    looks for A, AAAA, and MX records.
-	    If the <option>-C</option> option is given, queries will
-	    be made for SOA records.
-	    If <parameter>name</parameter> is a dotted-decimal IPv4
-	    address or colon-delimited IPv6
-	    address, <command>host</command> will query for PTR
-	    records.
-	  </para>
-	  <para>
-	    If a query type of IXFR is chosen the starting serial
-	    number can be specified by appending an equal followed by
-	    the starting serial number
-	    (like <option>-t <literal>IXFR=12345678</literal></option>).
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-T</term>
-	<term>-U</term>
-	<listitem>
-	  <para>
-	    TCP/UDP:
-	    By default, <command>host</command> uses UDP when making
-	    queries. The <option>-T</option> option makes it use a TCP
-	    connection when querying the name server. TCP will be
-	    automatically selected for queries that require it, such
-	    as zone transfer (AXFR) requests.  Type ANY queries default
-	    to TCP but can be forced to UDP initially using <option>-U</option>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-m <replaceable class="parameter">flag</replaceable></term>
-	<listitem>
-	  <para>
-	    Memory usage debugging: the flag can
-	    be <parameter>record</parameter>, <parameter>usage</parameter>,
-	    or <parameter>trace</parameter>. You can specify
-	    the <option>-m</option> option more than once to set
-	    multiple flags.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-v</term>
-	<listitem>
-	  <para>
-	    Verbose output.
-	    Equivalent to the <option>-d</option> debug option.
-	    Verbose output can also be enabled by setting
-	    the <parameter>debug</parameter> option
-	    in <filename>/etc/resolv.conf</filename>.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-V</term>
-	<listitem>
-	  <para>
-	    Print the version number and exit.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-w</term>
-	<listitem>
-	  <para>
-	    Wait forever: The query timeout is set to the maximum possible.
-	    See also the <option>-W</option> option.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-      <varlistentry>
-	<term>-W <replaceable class="parameter">wait</replaceable></term>
-	<listitem>
-	  <para>
-	    Timeout: Wait for up to <parameter>wait</parameter>
-	    seconds for a reply. If <parameter>wait</parameter> is
-	    less than one, the wait interval is set to one second.
-	  </para>
-	  <para>
-	    By default, <command>host</command> will wait for 5
-	    seconds for UDP responses and 10 seconds for TCP
-	    connections. These defaults can be overridden by
-	    the <parameter>timeout</parameter> option
-	    in <filename>/etc/resolv.conf</filename>.
-	  </para>
-	  <para>
-	    See also the <option>-w</option> option.
-	  </para>
-	</listitem>
-      </varlistentry>
-
-    </variablelist>
-
-  </refsection>
-
-  <refsection><info><title>IDN SUPPORT</title></info>
-
-    <para>
-      If <command>host</command> has been built with IDN (internationalized
-      domain name) support, it can accept and display non-ASCII domain names.
-      <command>host</command> appropriately converts character encoding of
-      domain name before sending a request to DNS server or displaying a
-      reply from the server.
-      If you'd like to turn off the IDN support for some reason, define
-      the <envar>IDN_DISABLE</envar> environment variable.
-      The IDN support is disabled if the variable is set when
-      <command>host</command> runs.
-    </para>
-  </refsection>
-
-  <refsection><info><title>FILES</title></info>
-
-    <para><filename>/etc/resolv.conf</filename>
-    </para>
-  </refsection>
-
-  <refsection><info><title>SEE ALSO</title></info>
-
-    <para><citerefentry>
-        <refentrytitle>dig</refentrytitle><manvolnum>1</manvolnum>
-      </citerefentry>,
-      <citerefentry>
-        <refentrytitle>named</refentrytitle><manvolnum>8</manvolnum>
-      </citerefentry>.
-    </para>
-  </refsection>
-
-</refentry>

bin/dig/host.html

@@ -1,332 +0,0 @@
-<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
-<!--
- - Copyright (C) 2000-2002, 2004, 2005, 2007-2009, 2014-2018 Internet Systems Consortium, Inc. ("ISC")
- - 
- - This Source Code Form is subject to the terms of the Mozilla Public
- - License, v. 2.0. If a copy of the MPL was not distributed with this
- - file, You can obtain one at http://mozilla.org/MPL/2.0/.
--->
-<html lang="en">
-<head>
-<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
-<title>host</title>
-<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
-</head>
-<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
-<a name="man.host"></a><div class="titlepage"></div>
-  
-  
-
-  
-
-  <div class="refnamediv">
-<h2>Name</h2>
-<p>
-    host
-     &#8212; DNS lookup utility
-  </p>
-</div>
-
-  
-
-  <div class="refsynopsisdiv">
-<h2>Synopsis</h2>
-    <div class="cmdsynopsis"><p>
-      <code class="command">host</code> 
-       [<code class="option">-aACdlnrsTUwv</code>]
-       [<code class="option">-c <em class="replaceable"><code>class</code></em></code>]
-       [<code class="option">-N <em class="replaceable"><code>ndots</code></em></code>]
-       [<code class="option">-R <em class="replaceable"><code>number</code></em></code>]
-       [<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
-       [<code class="option">-W <em class="replaceable"><code>wait</code></em></code>]
-       [<code class="option">-m <em class="replaceable"><code>flag</code></em></code>]
-       [
-	[<code class="option">-4</code>]
-	 |  [<code class="option">-6</code>]
-      ]
-       [<code class="option">-v</code>]
-       [<code class="option">-V</code>]
-       {name}
-       [server]
-    </p></div>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.7"></a><h2>DESCRIPTION</h2>
-
-
-    <p><span class="command"><strong>host</strong></span>
-      is a simple utility for performing DNS lookups.
-      It is normally used to convert names to IP addresses and vice versa.
-      When no arguments or options are given,
-      <span class="command"><strong>host</strong></span>
-      prints a short summary of its command line arguments and options.
-    </p>
-
-    <p><em class="parameter"><code>name</code></em> is the domain name that is to be
-      looked
-      up.  It can also be a dotted-decimal IPv4 address or a colon-delimited
-      IPv6 address, in which case <span class="command"><strong>host</strong></span> will by
-      default
-      perform a reverse lookup for that address.
-      <em class="parameter"><code>server</code></em> is an optional argument which
-      is either
-      the name or IP address of the name server that <span class="command"><strong>host</strong></span>
-      should query instead of the server or servers listed in
-      <code class="filename">/etc/resolv.conf</code>.
-    </p>
-
-  </div>
-
-  <div class="refsection">
-<a name="id-1.8"></a><h2>OPTIONS</h2>
-
-    <div class="variablelist"><dl class="variablelist">
-<dt><span class="term">-4</span></dt>
-<dd>
-	  <p>
-	    Use IPv4 only for query transport.
-	    See also the <code class="option">-6</code> option.
-	  </p>
-	</dd>
-<dt><span class="term">-6</span></dt>
-<dd>
-	  <p>
-	    Use IPv6 only for query transport.
-	    See also the <code class="option">-4</code> option.
-	  </p>
-	</dd>
-<dt><span class="term">-a</span></dt>
-<dd>
-	  <p>
-	    "All". The <code class="option">-a</code> option is normally equivalent
-	    to <code class="option">-v -t <code class="literal">ANY</code></code>.
-	    It also affects the behaviour of the <code class="option">-l</code>
-	    list zone option.
-	  </p>
-	</dd>
-<dt><span class="term">-A</span></dt>
-<dd>
-	  <p>
-	    "Almost all". The <code class="option">-A</code> option is equivalent
-	    to <code class="option">-a</code> except RRSIG, NSEC, and NSEC3
-	    records are omitted from the output.
-	  </p>
-	</dd>
-<dt><span class="term">-c <em class="replaceable"><code>class</code></em></span></dt>
-<dd>
-	  <p>
-	    Query class: This can be used to lookup HS (Hesiod) or CH
-	    (Chaosnet) class resource records. The default class is IN
-	    (Internet).
-	  </p>
-	</dd>
-<dt><span class="term">-C</span></dt>
-<dd>
-	  <p>
-	    Check consistency: <span class="command"><strong>host</strong></span> will query the
-	    SOA records for zone <em class="parameter"><code>name</code></em> from all
-	    the listed authoritative name servers for that zone. The
-	    list of name servers is defined by the NS records that are
-	    found for the zone.
-	  </p>
-	</dd>
-<dt><span class="term">-d</span></dt>
-<dd>
-	  <p>
-	    Print debugging traces.
-	    Equivalent to the <code class="option">-v</code> verbose option.
-	  </p>
-	</dd>
-<dt><span class="term">-l</span></dt>
-<dd>
-	  <p>
-	    List zone:
-	    The <span class="command"><strong>host</strong></span> command performs a zone transfer of
-	    zone <em class="parameter"><code>name</code></em> and prints out the NS,
-	    PTR and address records (A/AAAA).
-	  </p>
-	  <p>
-	    Together, the <code class="option">-l -a</code>
-	    options print all records in the zone.
-	  </p>
-	</dd>
-<dt><span class="term">-N <em class="replaceable"><code>ndots</code></em></span></dt>
-<dd>
-	  <p>
-	    The number of dots that have to be
-	    in <em class="parameter"><code>name</code></em> for it to be considered
-	    absolute. The default value is that defined using the
-	    ndots statement in <code class="filename">/etc/resolv.conf</code>,
-	    or 1 if no ndots statement is present. Names with fewer
-	    dots are interpreted as relative names and will be
-	    searched for in the domains listed in
-	    the <span class="type">search</span> or <span class="type">domain</span> directive
-	    in <code class="filename">/etc/resolv.conf</code>.
-	  </p>
-	</dd>
-<dt><span class="term">-r</span></dt>
-<dd>
-	  <p>
-	    Non-recursive query:
-	    Setting this option clears the RD (recursion desired) bit
-	    in the query. This should mean that the name server
-	    receiving the query will not attempt to
-	    resolve <em class="parameter"><code>name</code></em>.
-	    The <code class="option">-r</code> option
-	    enables <span class="command"><strong>host</strong></span> to mimic the behavior of a
-	    name server by making non-recursive queries and expecting
-	    to receive answers to those queries that can be
-	    referrals to other name servers.
-	  </p>
-	</dd>
-<dt><span class="term">-R <em class="replaceable"><code>number</code></em></span></dt>
-<dd>
-	  <p>
-	    Number of retries for UDP queries:
-	    If <em class="parameter"><code>number</code></em> is negative or zero, the
-	    number of retries will default to 1. The default value is
-	    1, or the value of the <em class="parameter"><code>attempts</code></em>
-	    option in <code class="filename">/etc/resolv.conf</code>, if set.
-	  </p>
-	</dd>
-<dt><span class="term">-s</span></dt>
-<dd>
-	  <p>
-	    Do <span class="emphasis"><em>not</em></span> send the query to the next
-	    nameserver if any server responds with a SERVFAIL
-	    response, which is the reverse of normal stub resolver
-	    behavior.
-	  </p>
-	</dd>
-<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
-<dd>
-	  <p>
-	    Query type:
-	    The <em class="parameter"><code>type</code></em> argument can be any
-	    recognized query type: CNAME, NS, SOA, TXT, DNSKEY, AXFR, etc.
-	  </p>
-	  <p>
-	    When no query type is specified, <span class="command"><strong>host</strong></span>
-	    automatically selects an appropriate query type. By default, it
-	    looks for A, AAAA, and MX records.
-	    If the <code class="option">-C</code> option is given, queries will
-	    be made for SOA records.
-	    If <em class="parameter"><code>name</code></em> is a dotted-decimal IPv4
-	    address or colon-delimited IPv6
-	    address, <span class="command"><strong>host</strong></span> will query for PTR
-	    records.
-	  </p>
-	  <p>
-	    If a query type of IXFR is chosen the starting serial
-	    number can be specified by appending an equal followed by
-	    the starting serial number
-	    (like <code class="option">-t <code class="literal">IXFR=12345678</code></code>).
-	  </p>
-	</dd>
-<dt>
-<span class="term">-T, </span><span class="term">-U</span>
-</dt>
-<dd>
-	  <p>
-	    TCP/UDP:
-	    By default, <span class="command"><strong>host</strong></span> uses UDP when making
-	    queries. The <code class="option">-T</code> option makes it use a TCP
-	    connection when querying the name server. TCP will be
-	    automatically selected for queries that require it, such
-	    as zone transfer (AXFR) requests.  Type ANY queries default
-	    to TCP but can be forced to UDP initially using <code class="option">-U</code>.
-	  </p>
-	</dd>
-<dt><span class="term">-m <em class="replaceable"><code>flag</code></em></span></dt>
-<dd>
-	  <p>
-	    Memory usage debugging: the flag can
-	    be <em class="parameter"><code>record</code></em>, <em class="parameter"><code>usage</code></em>,
-	    or <em class="parameter"><code>trace</code></em>. You can specify
-	    the <code class="option">-m</code> option more than once to set
-	    multiple flags.
-	  </p>
-	</dd>
-<dt><span class="term">-v</span></dt>
-<dd>
-	  <p>
-	    Verbose output.
-	    Equivalent to the <code class="option">-d</code> debug option.
-	    Verbose output can also be enabled by setting
-	    the <em class="parameter"><code>debug</code></em> option
-	    in <code class="filename">/etc/resolv.conf</code>.
-	  </p>
-	</dd>
-<dt><span class="term">-V</span></dt>
-<dd>
-	  <p>
-	    Print the version number and exit.
-	  </p>
-	</dd>
-<dt><span class="term">-w</span></dt>
-<dd>
-	  <p>
-	    Wait forever: The query timeout is set to the maximum possible.
-	    See also the <code class="option">-W</code> option.
-	  </p>
-	</dd>
-<dt><span class="term">-W <em class="replaceable"><code>wait</code></em></span></dt>
-<dd>
-	  <p>
-	    Timeout: Wait for up to <em class="parameter"><code>wait</code></em>
-	    seconds for a reply. If <em class="parameter"><code>wait</code></em> is
-	    less than one, the wait interval is set to one second.
-	  </p>
-	  <p>
-	    By default, <span class="command"><strong>host</strong></span> will wait for 5
-	    seconds for UDP responses and 10 seconds for TCP
-	    connections. These defaults can be overridden by
-	    the <em class="parameter"><code>timeout</code></em> option
-	    in <code class="filename">/etc/resolv.conf</code>.
-	  </p>
-	  <p>
-	    See also the <code class="option">-w</code> option.
-	  </p>
-	</dd>
-</dl></div>
-
-  </div>
-
-  <div class="refsection">
-<a name="id-1.9"></a><h2>IDN SUPPORT</h2>
-
-    <p>
-      If <span class="command"><strong>host</strong></span> has been built with IDN (internationalized
-      domain name) support, it can accept and display non-ASCII domain names.
-      <span class="command"><strong>host</strong></span> appropriately converts character encoding of
-      domain name before sending a request to DNS server or displaying a
-      reply from the server.
-      If you'd like to turn off the IDN support for some reason, define
-      the <code class="envar">IDN_DISABLE</code> environment variable.
-      The IDN support is disabled if the variable is set when
-      <span class="command"><strong>host</strong></span> runs.
-    </p>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.10"></a><h2>FILES</h2>
-
-    <p><code class="filename">/etc/resolv.conf</code>
-    </p>
-  </div>
-
-  <div class="refsection">
-<a name="id-1.11"></a><h2>SEE ALSO</h2>
-
-    <p><span class="citerefentry">
-        <span class="refentrytitle">dig</span>(1)
-      </span>,
-      <span class="citerefentry">
-        <span class="refentrytitle">named</span>(8)
-      </span>.
-    </p>
-  </div>
-
-</div></body>
-</html>

bin/dig/include/dig/dig.h

@@ -1,446 +0,0 @@
-/*
- * Copyright (C) Internet Systems Consortium, Inc. ("ISC")
- *
- * This Source Code Form is subject to the terms of the Mozilla Public
- * License, v. 2.0. If a copy of the MPL was not distributed with this
- * file, You can obtain one at http://mozilla.org/MPL/2.0/.
- *
- * See the COPYRIGHT file distributed with this work for additional
- * information regarding copyright ownership.
- */
-
-#ifndef DIG_H
-#define DIG_H
-
-/*! \file */
-
-#include <inttypes.h>
-#include <stdbool.h>
-
-#include <dns/rdatalist.h>
-
-#include <dst/dst.h>
-
-#include <isc/buffer.h>
-#include <isc/bufferlist.h>
-#include <isc/formatcheck.h>
-#include <isc/lang.h>
-#include <isc/list.h>
-#include <isc/magic.h>
-#include <isc/mem.h>
-#include <isc/print.h>
-#include <isc/sockaddr.h>
-#include <isc/socket.h>
-
-#ifdef __APPLE__
-#include <TargetConditionals.h>
-#endif
-
-#define MXSERV 20
-#define MXNAME (DNS_NAME_MAXTEXT+1)
-#define MXRD 32
-/*% Buffer Size */
-#define BUFSIZE 512
-#define COMMSIZE 0xffff
-#ifndef RESOLV_CONF
-/*% location of resolve.conf */
-#define RESOLV_CONF "/etc/resolv.conf"
-#endif
-/*% output buffer */
-#define OUTPUTBUF 32767
-/*% Max RR Limit */
-#define MAXRRLIMIT 0xffffffff
-#define MAXTIMEOUT 0xffff
-/*% Max number of tries */
-#define MAXTRIES 0xffffffff
-/*% Max number of dots */
-#define MAXNDOTS 0xffff
-/*% Max number of ports */
-#define MAXPORT 0xffff
-/*% Max serial number */
-#define MAXSERIAL 0xffffffff
-
-/*% Default TCP Timeout */
-#define TCP_TIMEOUT 10
-/*% Default UDP Timeout */
-#define UDP_TIMEOUT 5
-
-#define SERVER_TIMEOUT 1
-
-#define LOOKUP_LIMIT 64
-/*%
- * Lookup_limit is just a limiter, keeping too many lookups from being
- * created.  It's job is mainly to prevent the program from running away
- * in a tight loop of constant lookups.  It's value is arbitrary.
- */
-
-ISC_LANG_BEGINDECLS
-
-typedef struct dig_lookup dig_lookup_t;
-typedef struct dig_query dig_query_t;
-typedef struct dig_server dig_server_t;
-typedef ISC_LIST(dig_server_t) dig_serverlist_t;
-typedef struct dig_searchlist dig_searchlist_t;
-
-#define DIG_QUERY_MAGIC		ISC_MAGIC('D','i','g','q')
-
-#define DIG_VALID_QUERY(x)	ISC_MAGIC_VALID((x), DIG_QUERY_MAGIC)
-
-
-/*% The dig_lookup structure */
-struct dig_lookup {
-	bool
-		pending, /*%< Pending a successful answer */
-		waiting_connect,
-		doing_xfr,
-		ns_search_only, /*%< dig +nssearch, host -C */
-		identify, /*%< Append an "on server <foo>" message */
-		identify_previous_line, /*% Prepend a "Nameserver <foo>:"
-					   message, with newline and tab */
-		ignore,
-		recurse,
-		aaonly,
-		adflag,
-		cdflag,
-		raflag,
-		tcflag,
-		zflag,
-		trace, /*% dig +trace */
-		trace_root, /*% initial query for either +trace or +nssearch */
-		tcp_mode,
-		tcp_mode_set,
-		comments,
-		stats,
-		section_question,
-		section_answer,
-		section_authority,
-		section_additional,
-		servfail_stops,
-		new_search,
-		need_search,
-		done_as_is,
-		besteffort,
-		dnssec,
-		expire,
-		sendcookie,
-		seenbadcookie,
-		badcookie,
-		nsid,   /*% Name Server ID (RFC 5001) */
-		tcp_keepalive,
-		header_only,
-		ednsneg,
-		mapped,
-		print_unknown_format,
-		multiline,
-		nottl,
-		noclass,
-		onesoa,
-		use_usec,
-		nocrypto,
-		ttlunits,
-		idnin,
-		idnout,
-		qr;
-	char textname[MXNAME]; /*% Name we're going to be looking up */
-	char cmdline[MXNAME];
-	dns_rdatatype_t rdtype;
-	dns_rdatatype_t qrdtype;
-	dns_rdataclass_t rdclass;
-	bool rdtypeset;
-	bool rdclassset;
-	char name_space[BUFSIZE];
-	char oname_space[BUFSIZE];
-	isc_buffer_t namebuf;
-	isc_buffer_t onamebuf;
-	isc_buffer_t renderbuf;
-	char *sendspace;
-	dns_name_t *name;
-	isc_interval_t interval;
-	dns_message_t *sendmsg;
-	dns_name_t *oname;
-	ISC_LINK(dig_lookup_t) link;
-	ISC_LIST(dig_query_t) q;
-	ISC_LIST(dig_query_t) connecting;
-	dig_query_t *current_query;
-	dig_serverlist_t my_server_list;
-	dig_searchlist_t *origin;
-	dig_query_t *xfr_q;
-	uint32_t retries;
-	int nsfound;
-	uint16_t udpsize;
-	int16_t edns;
-	int16_t padding;
-	uint32_t ixfr_serial;
-	isc_buffer_t rdatabuf;
-	char rdatastore[MXNAME];
-	dst_context_t *tsigctx;
-	isc_buffer_t *querysig;
-	uint32_t msgcounter;
-	dns_fixedname_t fdomain;
-	isc_sockaddr_t *ecs_addr;
-	char *cookie;
-	dns_ednsopt_t *ednsopts;
-	unsigned int ednsoptscnt;
-	isc_dscp_t dscp;
-	unsigned int ednsflags;
-	dns_opcode_t opcode;
-	int rrcomments;
-	unsigned int eoferr;
-};
-
-/*% The dig_query structure */
-struct dig_query {
-	unsigned int magic;
-	dig_lookup_t *lookup;
-	bool waiting_connect,
-		pending_free,
-		waiting_senddone,
-		first_pass,
-		first_soa_rcvd,
-		second_rr_rcvd,
-		first_repeat_rcvd,
-		recv_made,
-		warn_id,
-		timedout;
-	uint32_t first_rr_serial;
-	uint32_t second_rr_serial;
-	uint32_t msg_count;
-	uint32_t rr_count;
-	bool ixfr_axfr;
-	char *servname;
-	char *userarg;
-	isc_buffer_t recvbuf,
-		lengthbuf,
-		tmpsendbuf,
-		sendbuf;
-	char *recvspace, *tmpsendspace,
-		lengthspace[4];
-	isc_socket_t *sock;
-	ISC_LINK(dig_query_t) link;
-	ISC_LINK(dig_query_t) clink;
-	isc_sockaddr_t sockaddr;
-	isc_time_t time_sent;
-	isc_time_t time_recv;
-	uint64_t byte_count;
-	isc_timer_t *timer;
-};
-
-struct dig_server {
-	char servername[MXNAME];
-	char userarg[MXNAME];
-	ISC_LINK(dig_server_t) link;
-};
-
-struct dig_searchlist {
-	char origin[MXNAME];
-	ISC_LINK(dig_searchlist_t) link;
-};
-
-typedef ISC_LIST(dig_searchlist_t) dig_searchlistlist_t;
-typedef ISC_LIST(dig_lookup_t) dig_lookuplist_t;
-
-/*
- * Externals from dighost.c
- */
-
-extern dig_lookuplist_t lookup_list;
-extern dig_serverlist_t server_list;
-extern dig_searchlistlist_t search_list;
-extern unsigned int extrabytes;
-
-extern bool check_ra, have_ipv4, have_ipv6, specified_source,
-	usesearch, showsearch;
-extern in_port_t port;
-extern unsigned int timeout;
-extern isc_mem_t *mctx;
-extern int sendcount;
-extern int ndots;
-extern int lookup_counter;
-extern int exitcode;
-extern isc_sockaddr_t bind_address;
-extern char keynametext[MXNAME];
-extern char keyfile[MXNAME];
-extern char keysecret[MXNAME];
-extern const dns_name_t *hmacname;
-extern unsigned int digestbits;
-extern dns_tsigkey_t *tsigkey;
-extern bool validated;
-extern isc_taskmgr_t *taskmgr;
-extern isc_task_t *global_task;
-extern bool free_now;
-extern bool debugging, debugtiming, memdebugging;
-extern bool keep_open;
-
-extern char *progname;
-extern int tries;
-extern int fatalexit;
-extern bool verbose;
-
-/*
- * Routines in dighost.c.
- */
-isc_result_t
-get_address(char *host, in_port_t myport, isc_sockaddr_t *sockaddr);
-
-int
-getaddresses(dig_lookup_t *lookup, const char *host, isc_result_t *resultp);
-
-isc_result_t
-get_reverse(char *reverse, size_t len, char *value, bool strict);
-
-ISC_PLATFORM_NORETURN_PRE void
-fatal(const char *format, ...)
-ISC_FORMAT_PRINTF(1, 2) ISC_PLATFORM_NORETURN_POST;
-
-void
-warn(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
-
-ISC_PLATFORM_NORETURN_PRE void
-digexit(void)
-ISC_PLATFORM_NORETURN_POST;
-
-void
-debug(const char *format, ...) ISC_FORMAT_PRINTF(1, 2);
-
-void
-check_result(isc_result_t result, const char *msg);
-
-bool
-setup_lookup(dig_lookup_t *lookup);
-
-void
-destroy_lookup(dig_lookup_t *lookup);
-
-void
-do_lookup(dig_lookup_t *lookup);
-
-void
-start_lookup(void);
-
-void
-onrun_callback(isc_task_t *task, isc_event_t *event);
-
-int
-dhmain(int argc, char **argv);
-
-void
-setup_libs(void);
-
-void
-setup_system(bool ipv4only, bool ipv6only);
-
-isc_result_t
-parse_uint(uint32_t *uip, const char *value, uint32_t max,
-	   const char *desc);
-
-isc_result_t
-parse_xint(uint32_t *uip, const char *value, uint32_t max,
-	   const char *desc);
-
-isc_result_t
-parse_netprefix(isc_sockaddr_t **sap, const char *value);
-
-void
-parse_hmac(const char *hmacstr);
-
-dig_lookup_t *
-requeue_lookup(dig_lookup_t *lookold, bool servers);
-
-dig_lookup_t *
-make_empty_lookup(void);
-
-dig_lookup_t *
-clone_lookup(dig_lookup_t *lookold, bool servers);
-
-dig_server_t *
-make_server(const char *servname, const char *userarg);
-
-void
-flush_server_list(void);
-
-void
-set_nameserver(char *opt);
-
-void
-clone_server_list(dig_serverlist_t src,
-		  dig_serverlist_t *dest);
-
-void
-cancel_all(void);
-
-void
-destroy_libs(void);
-
-void
-set_search_domain(char *domain);
-
-/*
- * Routines to be defined in dig.c, host.c, and nslookup.c. and
- * then assigned to the appropriate function pointer
- */
-extern isc_result_t
-(*dighost_printmessage)(dig_query_t *query, dns_message_t *msg, bool headers);
-/*%<
- * Print the final result of the lookup.
- */
-
-extern void
-(*dighost_received)(unsigned int bytes, isc_sockaddr_t *from, dig_query_t *query);
-/*%<
- * Print a message about where and when the response
- * was received from, like the final comment in the
- * output of "dig".
- */
-
-extern void
-(*dighost_trying)(char *frm, dig_lookup_t *lookup);
-
-extern void
-(*dighost_shutdown)(void);
-
-extern void
-(*dighost_pre_exit_hook)(void);
-
-void save_opt(dig_lookup_t *lookup, char *code, char *value);
-
-void setup_file_key(void);
-void setup_text_key(void);
-
-/*
- * Routines exported from dig.c for use by dig for iOS
- */
-
-/*%<
- * Call once only to set up libraries, parse global
- * parameters and initial command line query parameters
- */
-void
-dig_setup(int argc, char **argv);
-
-/*%<
- * Call to supply new parameters for the next lookup
- */
-void
-dig_query_setup(bool, bool, int argc, char **argv);
-
-/*%<
- * set the main application event cycle running
- */
-void
-dig_startup(void);
-
-/*%<
- * Initiates the next lookup cycle
- */
-void
-dig_query_start(void);
-
-/*%<
- * Cleans up the application
- */
-void
-dig_shutdown(void);
-
-ISC_LANG_ENDDECLS
-
-#endif

bin/dig/nslookup.1

@@ -1,305 +0,0 @@
-.\" Copyright (C) 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
-.\" 
-.\" This Source Code Form is subject to the terms of the Mozilla Public
-.\" License, v. 2.0. If a copy of the MPL was not distributed with this
-.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
-.\"
-.hy 0
-.ad l
-'\" t
-.\"     Title: nslookup
-.\"    Author: 
-.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
-.\"      Date: 2014-01-24
-.\"    Manual: BIND9
-.\"    Source: ISC
-.\"  Language: English
-.\"
-.TH "NSLOOKUP" "1" "2014\-01\-24" "ISC" "BIND9"
-.\" -----------------------------------------------------------------
-.\" * Define some portability stuff
-.\" -----------------------------------------------------------------
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.\" http://bugs.debian.org/507673
-.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
-.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
-.ie \n(.g .ds Aq \(aq
-.el       .ds Aq '
-.\" -----------------------------------------------------------------
-.\" * set default formatting
-.\" -----------------------------------------------------------------
-.\" disable hyphenation
-.nh
-.\" disable justification (adjust text to left margin only)
-.ad l
-.\" -----------------------------------------------------------------
-.\" * MAIN CONTENT STARTS HERE *
-.\" -----------------------------------------------------------------
-.SH "NAME"
-nslookup \- query Internet name servers interactively
-.SH "SYNOPSIS"
-.HP \w'\fBnslookup\fR\ 'u
-\fBnslookup\fR [\fB\-option\fR] [name\ |\ \-] [server]
-.SH "DESCRIPTION"
-.PP
-\fBNslookup\fR
-is a program to query Internet domain name servers\&.
-\fBNslookup\fR
-has two modes: interactive and non\-interactive\&. Interactive mode allows the user to query name servers for information about various hosts and domains or to print a list of hosts in a domain\&. Non\-interactive mode is used to print just the name and requested information for a host or domain\&.
-.SH "ARGUMENTS"
-.PP
-Interactive mode is entered in the following cases:
-.sp
-.RS 4
-.ie n \{\
-\h'-04' 1.\h'+01'\c
-.\}
-.el \{\
-.sp -1
-.IP "  1." 4.2
-.\}
-when no arguments are given (the default name server will be used)
-.RE
-.sp
-.RS 4
-.ie n \{\
-\h'-04' 2.\h'+01'\c
-.\}
-.el \{\
-.sp -1
-.IP "  2." 4.2
-.\}
-when the first argument is a hyphen (\-) and the second argument is the host name or Internet address of a name server\&.
-.RE
-.PP
-Non\-interactive mode is used when the name or Internet address of the host to be looked up is given as the first argument\&. The optional second argument specifies the host name or address of a name server\&.
-.PP
-Options can also be specified on the command line if they precede the arguments and are prefixed with a hyphen\&. For example, to change the default query type to host information, and the initial timeout to 10 seconds, type:
-.sp
-.if n \{\
-.RS 4
-.\}
-.nf
-nslookup \-query=hinfo  \-timeout=10
-.fi
-.if n \{\
-.RE
-.\}
-.PP
-The
-\fB\-version\fR
-option causes
-\fBnslookup\fR
-to print the version number and immediately exits\&.
-.SH "INTERACTIVE COMMANDS"
-.PP
-\fBhost\fR [server]
-.RS 4
-Look up information for host using the current default server or using server, if specified\&. If host is an Internet address and the query type is A or PTR, the name of the host is returned\&. If host is a name and does not have a trailing period, the search list is used to qualify the name\&.
-.sp
-To look up a host not in the current domain, append a period to the name\&.
-.RE
-.PP
-\fBserver\fR \fIdomain\fR
-.RS 4
-.RE
-.PP
-\fBlserver\fR \fIdomain\fR
-.RS 4
-Change the default server to
-\fIdomain\fR;
-\fBlserver\fR
-uses the initial server to look up information about
-\fIdomain\fR, while
-\fBserver\fR
-uses the current default server\&. If an authoritative answer can\*(Aqt be found, the names of servers that might have the answer are returned\&.
-.RE
-.PP
-\fBroot\fR
-.RS 4
-not implemented
-.RE
-.PP
-\fBfinger\fR
-.RS 4
-not implemented
-.RE
-.PP
-\fBls\fR
-.RS 4
-not implemented
-.RE
-.PP
-\fBview\fR
-.RS 4
-not implemented
-.RE
-.PP
-\fBhelp\fR
-.RS 4
-not implemented
-.RE
-.PP
-\fB?\fR
-.RS 4
-not implemented
-.RE
-.PP
-\fBexit\fR
-.RS 4
-Exits the program\&.
-.RE
-.PP
-\fBset\fR \fIkeyword\fR\fI[=value]\fR
-.RS 4
-This command is used to change state information that affects the lookups\&. Valid keywords are:
-.PP
-\fBall\fR
-.RS 4
-Prints the current values of the frequently used options to
-\fBset\fR\&. Information about the current default server and host is also printed\&.
-.RE
-.PP
-\fBclass=\fR\fIvalue\fR
-.RS 4
-Change the query class to one of:
-.PP
-\fBIN\fR
-.RS 4
-the Internet class
-.RE
-.PP
-\fBCH\fR
-.RS 4
-the Chaos class
-.RE
-.PP
-\fBHS\fR
-.RS 4
-the Hesiod class
-.RE
-.PP
-\fBANY\fR
-.RS 4
-wildcard
-.RE
-.sp
-The class specifies the protocol group of the information\&.
-.sp
-(Default = IN; abbreviation = cl)
-.RE
-.PP
-\fB\fI[no]\fR\fR\fBdebug\fR
-.RS 4
-Turn on or off the display of the full response packet and any intermediate response packets when searching\&.
-.sp
-(Default = nodebug; abbreviation =
-[no]deb)
-.RE
-.PP
-\fB\fI[no]\fR\fR\fBd2\fR
-.RS 4
-Turn debugging mode on or off\&. This displays more about what nslookup is doing\&.
-.sp
-(Default = nod2)
-.RE
-.PP
-\fBdomain=\fR\fIname\fR
-.RS 4
-Sets the search list to
-\fIname\fR\&.
-.RE
-.PP
-\fB\fI[no]\fR\fR\fBsearch\fR
-.RS 4
-If the lookup request contains at least one period but doesn\*(Aqt end with a trailing period, append the domain names in the domain search list to the request until an answer is received\&.
-.sp
-(Default = search)
-.RE
-.PP
-\fBport=\fR\fIvalue\fR
-.RS 4
-Change the default TCP/UDP name server port to
-\fIvalue\fR\&.
-.sp
-(Default = 53; abbreviation = po)
-.RE
-.PP
-\fBquerytype=\fR\fIvalue\fR
-.RS 4
-.RE
-.PP
-\fBtype=\fR\fIvalue\fR
-.RS 4
-Change the type of the information query\&.
-.sp
-(Default = A; abbreviations = q, ty)
-.RE
-.PP
-\fB\fI[no]\fR\fR\fBrecurse\fR
-.RS 4
-Tell the name server to query other servers if it does not have the information\&.
-.sp
-(Default = recurse; abbreviation = [no]rec)
-.RE
-.PP
-\fBndots=\fR\fInumber\fR
-.RS 4
-Set the number of dots (label separators) in a domain that will disable searching\&. Absolute names always stop searching\&.
-.RE
-.PP
-\fBretry=\fR\fInumber\fR
-.RS 4
-Set the number of retries to number\&.
-.RE
-.PP
-\fBtimeout=\fR\fInumber\fR
-.RS 4
-Change the initial timeout interval for waiting for a reply to number seconds\&.
-.RE
-.PP
-\fB\fI[no]\fR\fR\fBvc\fR
-.RS 4
-Always use a virtual circuit when sending requests to the server\&.
-.sp
-(Default = novc)
-.RE
-.PP
-\fB\fI[no]\fR\fR\fBfail\fR
-.RS 4
-Try the next nameserver if a nameserver responds with SERVFAIL or a referral (nofail) or terminate query (fail) on such a response\&.
-.sp
-(Default = nofail)
-.RE
-.sp
-.RE
-.SH "RETURN VALUES"
-.PP
-\fBnslookup\fR
-returns with an exit status of 1 if any query failed, and 0 otherwise\&.
-.SH "IDN SUPPORT"
-.PP
-If
-\fBnslookup\fR
-has been built with IDN (internationalized domain name) support, it can accept and display non\-ASCII domain names\&.
-\fBnslookup\fR
-appropriately converts character encoding of domain name before sending a request to DNS server or displaying a reply from the server\&. If you\*(Aqd like to turn off the IDN support for some reason, define the
-\fBIDN_DISABLE\fR
-environment variable\&. The IDN support is disabled if the variable is set when
-\fBnslookup\fR
-runs or when the standard output is not a tty\&.
-.SH "FILES"
-.PP
-/etc/resolv\&.conf
-.SH "SEE ALSO"
-.PP
-\fBdig\fR(1),
-\fBhost\fR(1),
-\fBnamed\fR(8)\&.
-.SH "AUTHOR"
-.PP
-\fBInternet Systems Consortium, Inc\&.\fR
-.SH "COPYRIGHT"
-.br
-Copyright \(co 2004-2007, 2010, 2013-2018 Internet Systems Consortium, Inc. ("ISC")
-.br