+++ /dev/null
- 2687. [bug] Fixed dnssec-signzone -S handling of revoked keys.
- Also, added warnings when revoking a ZSK, as this is
- not defined by protocol (but is legal). [RT #19943]
-
- 2686. [bug] dnssec-signzone should clean the old NSEC chain when
- signing with NSEC3 and vice versa. [RT #20301]
-
- 2685. [contrib] Update contrib/zkt to version 0.99c. [RT #20054]
-
- 2684. [cleanup] dig: formalize +ad and +cd as synonyms for
- +adflag and +cdflag. [RT #19305]
-
- 2683. [bug] dnssec-signzone should clean out old NSEC3 chains when
- the NSEC3 parameters used to sign the zone change.
- [RT #20246]
-
- 2682. [bug] "configure --enable-symtable=all" failed to
- build. [RT #20282]
-
--2681. [bug] IPSECKEY RR of gateway type 3 was not correctly
-- decoded. [RT #20269]
--
- 2680. [func] Move contrib/pkcs11-keygen to bin/pkcs11. [RT #20067]
-2680. [func] Move some contrib/pkcs11-keygen to bin/pkcs11.
- [RT #20067]
--
--2679. [func] dig -k can now accept TSIG keys in named.conf
-- format. [RT #20031]
--
--2678. [func] Treat DS queries as if "minimal-response yes;"
-- was set. [RT #20258]
--
--2677. [func] Changes to key metadata behavior:
-- - Keys without "publish" or "active" dates set will
-- no longer be used for smart signing. However,
-- those dates will be set to "now" by default when
-- a key is created; to generate a key but not use
-- it yet, use dnssec-keygen -G.
-- - New "inactive" date (dnssec-keygen/settime -I)
-- sets the time when a key is no longer used for
-- signing but is still published.
-- - The "unpublished" date (-U) is deprecated in
-- favor of "deleted" (-D).
-- [RT #20247]
--
--2676. [bug] --with-export-installdir should have been
-- --with-export-includedir. [RT #20252]
--
--2675. [bug] dnssec-signzone could crash if the key directory
-- did not exist. [RT #20232]
--
-- --- 9.7.0a3 released ---
--
--2674. [bug] "dnssec-lookaside auto;" crashed if named was built
-- without openssl. [RT #20231]
--
--2673. [bug] The managed-keys.bind zone file could fail to
-- load due to a spurious result from sync_keyzone()
-- [RT #20045]
--
--2672. [bug] Don't enable searching in 'host' when doing reverse
-- lookups. [RT #20218]
--
--2671. [bug] Add support for PKCS#11 providers not returning
-- the public exponent in RSA private keys
-- (OpenCryptoki for instance) in
-- dnssec-keyfromlabel. [RT #19294]
--
--2670. [bug] Unexpected connect failures failed to log enough
-- information to be useful. [RT #20205]
--
--2669. [func] Update PKCS#11 support to support Keyper HSM.
-- Update PKCS#11 patch to be against openssl-0.9.8i.
--
--2668. [func] Several improvements to dnssec-* tools, including:
-- - dnssec-keygen and dnssec-settime can now set key
-- metadata fields 0 (to unset a value, use "none")
-- - dnssec-revoke sets the revocation date in
-- addition to the revoke bit
-- - dnssec-settime can now print individual metadata
-- fields instead of always printing all of them,
-- and can print them in unix epoch time format for
-- use by scripts
-- [RT #19942]
--
--2667. [func] Add support for logging stack backtrace on assertion
-- failure (not available for all platforms). [RT #19780]
--
--2666. [func] Added an 'options' argument to dns_name_fromstring()
-- (API change from 9.7.0a2). [RT #20196]
--
--2665. [func] Clarify syntax for managed-keys {} statement, add
-- ARM documentation about RFC 5011 support. [RT #19874]
--
--2664. [bug] create_keydata() and minimal_update() in zone.c
-- didn't properly check return values for some
-- functions. [RT #19956]
--
--2663. [func] win32: allow named to run as a service using
-- "NT AUTHORITY\LocalService" as the account. [RT #19977]
--
--2662. [bug] lwres_getipnodebyname() and lwres_getipnodebyaddr()
-- returned a misleading error code when lwresd was
-- down. [RT #20028]
--
--2661. [bug] Check whether socket fd exceeds FD_SETSIZE when
-- creating lwres context. [RT #20029]
--
--2660. [func] Add a new set of DNS libraries for non-BIND9
-- applications. See README.libdns. [RT #19369]
--
--2659. [doc] Clarify dnssec-keygen doc: key name must match zone
-- name for DNSSEC keys. [RT #19938]
--
--2658. [bug] dnssec-settime and dnssec-revoke didn't process
-- key file paths correctly. [RT #20078]
--
--2657. [cleanup] Lower "journal file <path> does not exist, creating it"
-- log level to debug 1. [RT #20058]
--
--2656. [func] win32: add a "tools only" check box to the installer
-- which causes it to only install dig, host, nslookup,
-- nsupdate and relevant DLLs. [RT #19998]
--
--2655. [doc] Document that key-directory does not affect
-- bind.keys, rndc.key or session.key. [RT #20155]
--
--2654. [bug] Improve error reporting on duplicated names for
-- deny-answer-xxx. [RT #20164]
--
--2653. [bug] Treat ENGINE_load_private_key() failures as key
-- not found rather than out of memory. [RT #18033]
--
--2652. [func] Provide more detail about what record is being
-- deleted. [RT #20061]
--
--2651. [bug] Dates could print incorrectly in K*.key files on
-- 64-bit systems. [RT #20076]
--
--2650. [bug] Assertion failure in dnssec-signzone when trying
-- to read keyset-* files. [RT #20075]
--
--2649. [bug] Set the domain for forward only zones. [RT #19944]
--
--2648. [port] win32: isc_time_seconds() was broken. [RT #19900]
--
--2647. [bug] Remove unnecessary SOA updates when a new KSK is
-- added. [RT #19913]
--
--2646. [bug] Incorrect cleanup on error in socket.c. [RT #19987]
--
--2645. [port] "gcc -m32" didn't work on amd64 and x86_64 platforms
-- which default to 64 bits. [RT #19927]
--
-- --- 9.7.0a2 released ---
--
--2644. [bug] Change #2628 caused a regression on some systems;
-- named was unable to write the PID file and would
-- fail on startup. [RT #20001]
--
--2643. [bug] Stub zones interacted badly with NSEC3 support.
-- [RT #19777]
--
--2642. [bug] nsupdate could dump core on solaris when reading
-- improperly formatted key files. [RT #20015]
--
--2641. [bug] Fixed an error in parsing update-policy syntax,
-- added a regression test to check it. [RT #20007]
--
--2640. [security] A specially crafted update packet will cause named
-- to exit. [RT #20000]
--
--2639. [bug] Silence compiler warnings in gssapi code. [RT #19954]
--
--2638. [bug] Install arpaname. [RT #19957]
--
--2637. [func] Rationalize dnssec-signzone's signwithkey() calling.
-- [RT #19959]
--
--2636. [func] Simplify zone signing and key maintenance with the
-- dnssec-* tools. Major changes:
-- - all dnssec-* tools now take a -K option to
-- specify a directory in which key files will be
-- stored
-- - DNSSEC can now store metadata indicating when
-- they are scheduled to be published, activated,
-- revoked or removed; these values can be set by
-- dnssec-keygen or overwritten by the new
-- dnssec-settime command
-- - dnssec-signzone -S (for "smart") option reads key
-- metadata and uses it to determine automatically
-- which keys to publish to the zone, use for
-- signing, revoke, or remove from the zone
-- [RT #19816]
--
--2635. [bug] isc_inet_ntop() incorrectly handled 0.0/16 addresses.
-- [RT #19716]
--
--2634. [port] win32: Add support for libxml2, enable
-- statschannel. [RT #19773]
--
--2633. [bug] Handle 15 bit rand() functions. [RT #19783]
--
--2632. [func] util/kit.sh: warn if documentation appears to be out of
-- date. [RT #19922]
--
--2631. [bug] Handle "//", "/./" and "/../" in mkdirpath().
-- [RT #19926 ]
--
--2630. [func] Improved syntax for DDNS autoconfiguration: use
-- "update-policy local;" to switch on local DDNS in a
-- zone. (The "ddns-autoconf" option has been removed.)
-- [RT #19875]
--
--2629. [port] Check for seteuid()/setegid(), use setresuid()/
-- setresgid() if not present. [RT #19932]
--
--2628. [port] linux: Allow /var/run/named/named.pid to be opened
-- at startup with reduced capabilities in operation.
-- [RT #19884]
--
--2627. [bug] Named aborted if the same key was included in
-- trusted-keys more than once. [RT #19918]
--
--2626. [bug] Multiple trusted-keys could trigger an assertion
-- failure. [RT #19914]
--
--2625. [bug] Missing UNLOCK in rbtdb.c. [RT #19865]
--
--2624. [func] 'named-checkconf -p' will print out the parsed
-- configuration. [RT #18871]
--
--2623. [bug] Named started seaches for DS non-optimally. [RT #19915]
--
--2622. [bug] Printing of named.conf grammar was broken. [RT #19919]
--
--2621. [doc] Made copyright boilterplate consistent. [RT #19833]
--
--2620. [bug] Delay thawing the zone until the reload of it has
-- completed successfully. [RT #19750]
--
--2619. [func] Add support for RFC 5011, automatic trust anchor
-- maintenance. The new "managed-keys" statement can
-- be used in place of "trusted-keys" for zones which
-- support this protocol. (Note: this syntax is
-- expected to change prior to 9.7.0 final.) [RT #19248]
--
--2618. [bug] The sdb and sdlz db_interator_seek() methods could
-- loop infinitely. [RT #19847]
--
--2617. [bug] ifconfig.sh failed to emit an error message when
-- run from the wrong location. [RT #19375]
--
--2616. [bug] 'host' used the nameservers from resolv.conf even
-- when a explicit nameserver was specified. [RT #19852]
--
--2615. [bug] "__attribute__((unused))" was in the wrong place
-- for ia64 gcc builds. [RT #19854]
--
--2614. [port] win32: 'named -v' should automatically be executed
-- in the foreground. [RT #19844]
--
--2613. [placeholder]
--
-- --- 9.7.0a1 released ---
--
--2612. [func] Add default values for the arguments to
-- dnssec-keygen. Without arguments, it will now
-- generate a 1024-bit RSASHA1 zone-signing key,
-- or with the -f KSK option, a 2048-bit RSASHA1
-- key-signing key. [RT #19300]
--
--2611. [func] Add -l option to dnssec-dsfromkey to generate
-- DLV records instead of DS records. [RT #19300]
--
--2610. [port] sunos: Change #2363 was not complete. [RT #19796]
--
--2609. [func] Simplify the configuration of dynamic zones:
-- - add ddns-confgen command to generate
-- configuration text for named.conf
-- - add zone option "ddns-autoconf yes;", which
-- causes named to generate a TSIG session key
-- and allow updates to the zone using that key
-- - add '-l' (localhost) option to nsupdate, which
-- causes nsupdate to connect to a locally-running
-- named process using the session key generated
-- by named
-- [RT #19284]
--
--2608. [func] Perform post signing verification checks in
-- dnssec-signzone. These can be disabled with -P.
--
-- The post sign verification test ensures that for each
-- algorithm in use there is at least one non revoked
-- self signed KSK key. That all revoked KSK keys are
-- self signed. That all records in the zone are signed
-- by the algorithm. [RT #19653]
--
--2607. [bug] named could incorrectly delete NSEC3 records for
-- empty nodes when processing a update request.
-- [RT #19749]
--
--2606. [bug] "delegation-only" was not being accepted in
-- delegation-only type zones. [RT #19717]
--
--2605. [bug] Accept DS responses from delegation only zones.
-- [RT # 19296]
--
--2604. [func] Add support for DNS rebinding attack prevention through
-- new options, deny-answer-addresses and
-- deny-answer-aliases. Based on contributed code from
-- JD Nurmi, Google. [RT #18192]
--
--2603. [port] win32: handle .exe extension of named-checkzone and
-- named-comilezone argv[0] names under windows.
-- [RT #19767]
--
--2602. [port] win32: fix debugging command line build of libisccfg.
-- [RT #19767]
--
--2601. [doc] Mention file creation mode mask in the
-- named manual page.
--
--2600. [doc] ARM: miscellaneous reformatting for different
-- page widths. [RT #19574]
--
--2599. [bug] Address rapid memory growth when validation fails.
-- [RT #19654]
--
--2598. [func] Reserve the -F flag. [RT #19657]
--
--2597. [bug] Handle a validation failure with a insecure delegation
-- from a NSEC3 signed master/slave zone. [RT #19464]
--
--2596. [bug] Stale tree nodes of cache/dynamic rbtdb could stay
-- long, leading to inefficient memory usage or rejecting
-- newer cache entries in the worst case. [RT #19563]
--
--2595. [bug] Fix unknown extended rcodes in dig. [RT #19625]
--
--2594. [func] Have rndc warn if using its default configuration
-- file when the key file also exists. [RT #19424]
--
--2593. [bug] Improve a corner source of SERVFAILs [RT #19632]
--
--2592. [bug] Treat "any" as a type in nsupdate. [RT #19455]
--
--2591. [bug] named could die when processing a update in
-- removed_orphaned_ds(). [RT #19507]
--
--2590. [func] Report zone/class of "update with no effect".
-- [RT #19542]
--
--2589. [bug] dns_db_unregister() failed to clear '*dbimp'.
-- [RT #19626]
--
--2588. [bug] SO_REUSEADDR could be set unconditionally after failure
-- of bind(2) call. This should be rare and mostly
-- harmless, but may cause interference with other
-- processes that happen to use the same port. [RT #19642]
--
--2587. [func] Improve logging by reporting serial numbers for
-- when zone serial has gone backwards or unchanged.
-- [RT #19506]
--
--2586. [bug] Missing cleanup of SIG rdataset in searching a DLZ DB
-- or SDB. [RT #19577]
--
--2585. [bug] Uninitialized socket name could be referenced via a
-- statistics channel, triggering an assertion failure in
-- XML rendering. [RT #19427]
--
--2584. [bug] alpha: gcc optimization could break atomic operations.
-- [RT #19227]
--
--2583. [port] netbsd: provide a control to not add the compile
-- date to the version string, -DNO_VERSION_DATE.
--
--2582. [bug] Don't emit warning log message when we attempt to
-- remove non-existant journal. [RT #19516]
--
--2581. [contrib] dlz/mysql set MYSQL_OPT_RECONNECT option on connection.
-- Requires MySQL 5.0.19 or later. [RT #19084]
--
--2580. [bug] UpdateRej statistics counter could be incremented twice
-- for one rejection. [RT #19476]
--
--2579. [bug] DNSSEC lookaside validation failed to handle unknown
-- algorithms. [RT #19479]
--
--2578. [bug] Changed default sig-signing-type to 65534, because
-- 65535 turns out to be reserved. [RT #19477]
--
--2577. [doc] Clarified some statistics counters. [RT #19454]
--
--2576. [bug] NSEC record were not being correctly signed when
-- a zone transitions from insecure to secure.
-- Handle such incorrectly signed zones. [RT #19114]
--
--2575. [func] New functions dns_name_fromstring() and
-- dns_name_tostring(), to simplify conversion
-- of a string to a dns_name structure and vice
-- versa. [RT #19451]
--
--2574. [doc] Document nsupdate -g and -o. [RT #19351]
--
--2573. [bug] Replacing a non-CNAME record with a CNAME record in a
-- single transaction in a signed zone failed. [RT #19397]
--
--2572. [func] Simplify DLV configuration, with a new option
-- "dnssec-lookaside auto;" This is the equivalent
-- of "dnssec-lookaside . trust-anchor dlv.isc.org;"
-- plus setting a trusted-key for dlv.isc.org.
--
-- Note: The trusted key is hard-coded into named,
-- but is also stored in (and can be overridden
-- by) $sysconfdir/bind.keys. As the ISC DLV key
-- rolls over it can be kept up to date by replacing
-- the bind.keys file with a key downloaded from
-- https://www.isc.org/solutions/dlv. [RT #18685]
--
--2571. [func] Add a new tool "arpaname" which translates IP addresses
-- to the corresponding IN-ADDR.ARPA or IP6.ARPA name.
-- [RT #18976]
--
--2570. [func] Log the destination address the query was sent to.
-- [RT #19209]
--
--2569. [func] Move journalprint, nsec3hash, and genrandom
-- commands from bin/tests into bin/tools;
-- "make install" will put them in $sbindir. [RT #19301]
--
--2568. [bug] Report when the write to indicate a otherwise
-- successful start fails. [RT #19360]
--
--2567. [bug] dst__privstruct_writefile() could miss write errors.
-- write_public_key() could miss write errors.
-- dnssec-dsfromkey could miss write errors.
-- [RT #19360]
--
--2566. [cleanup] Clarify logged message when an insecure DNSSEC
-- response arrives from a zone thought to be secure:
-- "insecurity proof failed" instead of "not
-- insecure". [RT #19400]
--
--2565. [func] Add support for HIP record. Includes new functions
-- dns_rdata_hip_first(), dns_rdata_hip_next()
-- and dns_rdata_hip_current(). [RT #19384]
--
--2564. [bug] Only take EDNS fallback steps when processing timeouts.
-- [RT #19405]
--
--2563. [bug] Dig could leak a socket causing it to wait forever
-- to exit. [RT #19359]
--
--2562. [doc] ARM: miscellaneous improvements, reorganization,
-- and some new content.
--
--2561. [doc] Add isc-config.sh(1) man page. [RT #16378]
--
--2560. [bug] Add #include <config.h> to iptable.c. [RT #18258]
--
--2559. [bug] dnssec-dsfromkey could compute bad DS records when
-- reading from a K* files. [RT #19357]
--
--2558. [func] Set the ownership of missing directories created
-- for pid-file if -u has been specified on the command
-- line. [RT #19328]
--
--2557. [cleanup] PCI compliance:
-- * new libisc log module file
-- * isc_dir_chroot() now also changes the working
-- directory to "/".
-- * additional INSISTs
-- * additional logging when files can't be removed.
--
--2556. [port] Solaris: mkdir(2) on tmpfs filesystems does not do the
-- error checks in the correct order resulting in the
-- wrong error code sometimes being returned. [RT #19249]
--
--2555. [func] dig: when emitting a hex dump also display the
-- corresponding characters. [RT #19258]
--
--2554. [bug] Validation of uppercase queries from NSEC3 zones could
-- fail. [RT #19297]
--
--2553. [bug] Reference leak on DNSSEC validation errors. [RT #19291]
--
--2552. [bug] zero-no-soa-ttl-cache was not being honoured.
-- [RT #19340]
--
--2551. [bug] Potential Reference leak on return. [RT #19341]
--
--2550. [bug] Check --with-openssl=<path> finds <openssl/opensslv.h>.
-- [RT #19343]
--
--2549. [port] linux: define NR_OPEN if not currently defined.
-- [RT #19344]
--
--2548. [bug] Install iterated_hash.h. [RT #19335]
--
--2547. [bug] openssl_link.c:mem_realloc() could reference an
-- out-of-range area of the source buffer. New public
-- function isc_mem_reallocate() was introduced to address
-- this bug. [RT #19313]
--
--2546. [func] Add --enable-openssl-hash configure flag to use
-- OpenSSL (in place of internal routine) for hash
-- functions (MD5, SHA[12] and HMAC). [RT #18815]
--
--2545. [doc] ARM: Legal hostname checking (check-names) is
-- for SRV RDATA too. [RT #19304]
--
--2544. [cleanup] Removed unused structure members in adb.c. [RT #19225]
--
--2543. [contrib] Update contrib/zkt to version 0.98. [RT #19113]
--
--2542. [doc] Update the description of dig +adflag. [RT #19290]
--
--2541. [bug] Conditionally update dispatch manager statistics.
-- [RT #19247]
--
--2540. [func] Add a nibble mode to $GENERATE. [RT #18872]
--
--2539. [security] Update the interaction between recursion, allow-query,
-- allow-query-cache and allow-recursion. [RT #19198]
--
--2538. [bug] cache/ADB memory could grow over max-cache-size,
-- especially with threads and smaller max-cache-size
-- values. [RT #19240]
--
--2537. [func] Added more statistics counters including those on socket
-- I/O events and query RTT histograms. [RT #18802]
--
--2536. [cleanup] Silence some warnings when -Werror=format-security is
-- specified. [RT #19083]
--
--2535. [bug] dig +showsearch and +trace interacted badly. [RT #19091]
--
--2534. [func] Check NAPTR records regular expressions and
-- replacement strings to ensure they are syntactically
-- valid and consistant. [RT #18168]
--
--2533. [doc] ARM: document @ (at-sign). [RT #17144]
--
--2532. [bug] dig: check the question section of the response to
-- see if it matches the asked question. [RT #18495]
--
--2531. [bug] Change #2207 was incomplete. [RT #19098]
--
--2530. [bug] named failed to reject insecure to secure transitions
-- via UPDATE. [RT #19101]
--
--2529. [cleanup] Upgrade libtool to silence complaints from recent
-- version of autoconf. [RT #18657]
--
--2528. [cleanup] Silence spurious configure warning about
-- --datarootdir [RT #19096]
--
--2527. [placeholder]
--
--2526. [func] New named option "attach-cache" that allows multiple
-- views to share a single cache to save memory and
-- improve lookup efficiency. Based on contributed code
-- from Barclay Osborn, Google. [RT #18905]
--
--2525. [func] New logging category "query-errors" to provide detailed
-- internal information about query failures, especially
-- about server failures. [RT #19027]
--
--2524. [port] sunos: dnssec-signzone needs strtoul(). [RT #19129]
--
--2523. [bug] Random type rdata freed by dns_nsec_typepresent().
-- [RT #19112]
--
--2522. [security] Handle -1 from DSA_do_verify() and EVP_VerifyFinal().
--
--2521. [bug] Improve epoll cross compilation support. [RT #19047]
--
--2520. [bug] Update xml statistics version number to 2.0 as change
-- #2388 made the schema incompatible to the previous
-- version. [RT #19080]
--
--2519. [bug] dig/host with -4 or -6 didn't work if more than two
-- nameserver addresses of the excluded address family
-- preceded in resolv.conf. [RT #19081]
--
--2518. [func] Add support for the new CERT types from RFC 4398.
-- [RT #19077]
--
--2517. [bug] dig +trace with -4 or -6 failed when it chose a
-- nameserver address of the excluded address type.
-- [RT #18843]
--
--2516. [bug] glue sort for responses was performed even when not
-- needed. [RT #19039]
--
--2515. [port] win32: build dnssec-dsfromkey and dnssec-keyfromlabel.
-- [RT #19063]
--
--2514. [bug] dig/host failed with -4 or -6 when resolv.conf contains
-- a nameserver of the excluded address family.
-- [RT #18848]
--
--2513. [bug] Fix windows cli build. [RT #19062]
--
--2512. [func] Print a summary of the cached records which make up
-- the negative response. [RT #18885]
--
--2511. [cleanup] dns_rdata_tofmttext() add const to linebreak.
-- [RT #18885]
--
--2510. [bug] "dig +sigchase" could trigger REQUIRE failures.
-- [RT #19033]
--
--2509. [bug] Specifying a fixed query source port was broken.
-- [RT #19051]
--
--2508. [placeholder]
--
--2507. [func] Log the recursion quota values when killing the
-- oldest query or refusing to recurse due to quota.
-- [RT #19022]
--
--2506. [port] solaris: Check at configure time if
-- hack_shutup_pthreadonceinit is needed. [RT #19037]
--
--2505. [port] Treat amd64 similarly to x86_64 when determining
-- atomic operation support. [RT #19031]
--
--2504. [bug] Address race condition in the socket code. [RT #18899]
--
--2503. [port] linux: improve compatibility with Linux Standard
-- Base. [RT #18793]
--
--2502. [cleanup] isc_radix: Improve compliance with coding style,
-- document function in <isc/radix.h>. [RT #18534]
--
--2501. [func] $GENERATE now supports all rdata types. Multi-field
-- rdata types need to be quoted. See the ARM for
-- details. [RT #18368]
--
--2500. [contrib] contrib/sdb/pgsql/zonetodb.c called non-existent
-- function. [RT #18582]
--
--2499. [port] solaris: lib/lwres/getaddrinfo.c namespace clash.
-- [RT #18837]
--
-- --- 9.6.0rc1 released ---
--
--2498. [bug] Removed a bogus function argument used with
-- ISC_SOCKET_USE_POLLWATCH: it could cause compiler
-- warning or crash named with the debug 1 level
-- of logging. [RT #18917]
--
--2497. [bug] Don't add RRSIG bit to NSEC3 bit map for insecure
-- delegation.
--
--2496. [bug] Add sanity length checks to NSID option. [RT #18813]
--
--2495. [bug] Tighten RRSIG checks. [RT #18795]
--
--2494. [bug] isc/radix.h, dns/sdlz.h and dns/dlz.h were not being
-- installed. [RT #18826]
--
--2493. [bug] The linux capabilities code was not correctly cleaning
-- up after itself. [RT #18767]
--
--2492. [func] Rndc status now reports the number of cpus discovered
-- and the number of worker threads when running
-- multi-threaded. [RT #18273]
--
--2491. [func] Attempt to re-use a local port if we are already using
-- the port. [RT #18548]
--
--2490. [port] aix: work around a kernel bug where IPV6_RECVPKTINFO
-- is cleared when IPV6_V6ONLY is set. [RT #18785]
--
--2489. [port] solaris: Workaround Solaris's kernel bug about
-- /dev/poll:
-- http://bugs.opensolaris.org/view_bug.do?bug_id=6724237
-- Define ISC_SOCKET_USE_POLLWATCH at build time to enable
-- this workaround. [RT #18870]
--
--2488. [func] Added a tool, dnssec-dsfromkey, to generate DS records
-- from keyset and .key files. [RT #18694]
--
--2487. [bug] Give TCP connections longer to complete. [RT #18675]
--
--2486. [func] The default locations for named.pid and lwresd.pid
-- are now /var/run/named/named.pid and
-- /var/run/lwresd/lwresd.pid respectively.
--
-- This allows the owner of the containing directory
-- to be set, for "named -u" support, and allows there
-- to be a permanent symbolic link in the path, for
-- "named -t" support. [RT #18306]
--
--2485. [bug] Change update's the handling of obscured RRSIG
-- records. Not all orphaned DS records were being
-- removed. [RT #18828]
--
--2484. [bug] It was possible to trigger a REQUIRE failure when
-- adding NSEC3 proofs to the response in
-- query_addwildcardproof(). [RT #18828]
--
--2483. [port] win32: chroot() is not supported. [RT #18805]
--
--2482. [port] libxml2: support versions 2.7.* in addition
-- to 2.6.*. [RT #18806]
--
-- --- 9.6.0b1 released ---
--
--2481. [bug] rbtdb.c:matchparams() failed to handle NSEC3 chain
-- collisions. [RT #18812]
--
--2480. [bug] named could fail to emit all the required NSEC3
-- records. [RT #18812]
--
--2479. [bug] xfrout:covers was not properly initialized. [RT #18801]
--
--2478. [bug] 'addresses' could be used uninitialized in
-- configure_forward(). [RT #18800]
--
--2477. [bug] dig: the global option to print the command line is
-- +cmd not print_cmd. Update the output to reflect
-- this. [RT #17008]
--
--2476. [doc] ARM: improve documentation for max-journal-size and
-- ixfr-from-differences. [RT #15909] [RT #18541]
--
--2475. [bug] LRU cache cleanup under overmem condition could purge
-- particular entries more aggressively. [RT #17628]
--
--2474. [bug] ACL structures could be allocated with insufficient
-- space, causing an array overrun. [RT #18765]
--
--2473. [port] linux: raise the limit on open files to the possible
-- maximum value before spawning threads; 'files'
-- specified in named.conf doesn't seem to work with
-- threads as expected. [RT #18784]
--
--2472. [port] linux: check the number of available cpu's before
-- calling chroot as it depends on "/proc". [RT #16923]
--
--2471. [bug] named-checkzone was not reporting missing mandatory
-- glue when sibling checks were disabled. [RT #18768]
--
--2470. [bug] Elements of the isc_radix_node_t could be incorrectly
-- overwritten. [RT# 18719]
--
--2469. [port] solaris: Work around Solaris's select() limitations.
-- [RT #18769]
--
--2468. [bug] Resolver could try unreachable servers multiple times.
-- [RT #18739]
--
--2467. [bug] Failure of fcntl(F_DUPFD) wasn't logged. [RT #18740]
--
--2466. [doc] ARM: explain max-cache-ttl 0 SERVFAIL issue.
-- [RT #18302]
--
--2465. [bug] Adb's handling of lame addresses was different
-- for IPv4 and IPv6. [RT #18738]
--
--2464. [port] linux: check that a capability is present before
-- trying to set it. [RT #18135]
--
--2463. [port] linux: POSIX doesn't include the IPv6 Advanced Socket
-- API and glibc hides parts of the IPv6 Advanced Socket
-- API as a result. This is stupid as it breaks how the
-- two halves (Basic and Advanced) of the IPv6 Socket API
-- were designed to be used but we have to live with it.
-- Define _GNU_SOURCE to pull in the IPv6 Advanced Socket
-- API. [RT #18388]
--
--2462. [doc] Document -m (enable memory usage debugging)
-- option for dig. [RT #18757]
--
--2461. [port] sunos: Change #2363 was not complete. [RT #17513]
--
-- --- 9.6.0a1 released ---
--
--2460. [bug] Don't call dns_db_getnsec3parameters() on the cache.
-- [RT #18697]
--
--2459. [contrib] Import dnssec-zkt to contrib/zkt. [RT #18448]
--
--2458. [doc] ARM: update and correction for max-cache-size.
-- [RT #18294]
--
--2457. [tuning] max-cache-size is reverted to 0, the previous
-- default. It should be safe because expired cache
-- entries are also purged. [RT #18684]
--
--2456. [bug] In ACLs, ::/0 and 0.0.0.0/0 would both match any
-- address, regardless of family. They now correctly
-- distinguish IPv4 from IPv6. [RT #18559]
--
--2455. [bug] Stop metadata being transferred via axfr/ixfr.
-- [RT #18639]
--
--2454. [func] nsupdate: you can now set a default ttl. [RT #18317]
--
--2453. [bug] Remove NULL pointer dereference in dns_journal_print().
-- [RT #18316]
--
--2452. [func] Improve bin/test/journalprint. [RT #18316]
--
--2451. [port] solaris: handle runtime linking better. [RT #18356]
--
--2450. [doc] Fix lwresd docbook problem for manual page.
-- [RT #18672]
--
--2449. [placeholder]
--
--2448. [func] Add NSEC3 support. [RT #15452]
--
--2447. [cleanup] libbind has been split out as a separate product.
--
--2446. [func] Add a new log message about build options on startup.
-- A new command-line option '-V' for named is also
-- provided to show this information. [RT# 18645]
--
--2445. [doc] ARM out-of-date on empty reverse zones (list includes
-- RFC1918 address, but these are not yet compiled in).
-- [RT #18578]
--
--2444. [port] Linux, FreeBSD, AIX: Turn off path mtu discovery
-- (clear DF) for UDP responses and requests.
--
--2443. [bug] win32: UDP connect() would not generate an event,
-- and so connected UDP sockets would never clean up.
-- Fix this by doing an immediate WSAConnect() rather
-- than an io completion port type for UDP.
--
--2442. [bug] A lock could be destroyed twice. [RT# 18626]
--
--2441. [bug] isc_radix_insert() could copy radix tree nodes
-- incompletely. [RT #18573]
--
--2440. [bug] named-checkconf used an incorrect test to determine
-- if an ACL was set to none.
--
--2439. [bug] Potential NULL dereference in dns_acl_isanyornone().
-- [RT #18559]
--
--2438. [bug] Timeouts could be logged incorrectly under win32.
--
--2437. [bug] Sockets could be closed too early, leading to
-- inconsistent states in the socket module. [RT #18298]
--
--2436. [security] win32: UDP client handler can be shutdown. [RT #18576]
--
--2435. [bug] Fixed an ACL memory leak affecting win32.
--
--2434. [bug] Fixed a minor error-reporting bug in
-- lib/isc/win32/socket.c.
--
--2433. [tuning] Set initial timeout to 800ms.
--
--2432. [bug] More Windows socket handling improvements. Stop
-- using I/O events and use IO Completion Ports
-- throughout. Rewrite the receive path logic to make
-- it easier to support multiple simultaneous
-- requesters in the future. Add stricter consistency
-- checking as a compile-time option (define
-- ISC_SOCKET_CONSISTENCY_CHECKS; defaults to off).
--
--2431. [bug] Acl processing could leak memory. [RT #18323]
--
--2430. [bug] win32: isc_interval_set() could round down to
-- zero if the input was less than NS_INTERVAL
-- nanoseconds. Round up instead. [RT #18549]
--
--2429. [doc] nsupdate should be in section 1 of the man pages.
-- [RT #18283]
--
--2428. [bug] dns_iptable_merge() mishandled merges of negative
-- tables. [RT #18409]
--
--2427. [func] Treat DNSKEY queries as if "minimal-response yes;"
-- was set. [RT #18528]
--
--2426. [bug] libbind: inet_net_pton() can sometimes return the
-- wrong value if excessively large net masks are
-- supplied. [RT #18512]
--
--2425. [bug] named didn't detect unavailable query source addresses
-- at load time. [RT #18536]
--
--2424. [port] configure now probes for a working epoll
-- implementation. Allow the use of kqueue,
-- epoll and /dev/poll to be selected at compile
-- time. [RT #18277]
--
--2423. [security] Randomize server selection on queries, so as to
-- make forgery a little more difficult. Instead of
-- always preferring the server with the lowest RTT,
-- pick a server with RTT within the same 128
-- millisecond band. [RT #18441]
--
--2422. [bug] Handle the special return value of a empty node as
-- if it was a NXRRSET in the validator. [RT #18447]
--
--2421. [func] Add new command line option '-S' for named to specify
-- the max number of sockets. [RT #18493]
-- Use caution: this option may not work for some
-- operating systems without rebuilding named.
--
--2420. [bug] Windows socket handling cleanup. Let the io
-- completion event send out canceled read/write
-- done events, which keeps us from writing to memory
-- we no longer have ownership of. Add debugging
-- socket_log() function. Rework TCP socket handling
-- to not leak sockets.
--
--2419. [cleanup] Document that isc_socket_create() and isc_socket_open()
-- should not be used for isc_sockettype_fdwatch sockets.
-- [RT #18521]
--
--2418. [bug] AXFR request on a DLZ could trigger a REQUIRE failure
-- [RT #18430]
--
--2417. [bug] Connecting UDP sockets for outgoing queries could
-- unexpectedly fail with an 'address already in use'
-- error. [RT #18411]
--
--2416. [func] Log file descriptors that cause exceeding the
-- internal maximum. [RT #18460]
--
--2415. [bug] 'rndc dumpdb' could trigger various assertion failures
-- in rbtdb.c. [RT #18455]
--
--2414. [bug] A masterdump context held the database lock too long,
-- causing various troubles such as dead lock and
-- recursive lock acquisition. [RT #18311, #18456]
--
--2413. [bug] Fixed an unreachable code path in socket.c. [RT #18442]
--
--2412. [bug] win32: address a resource leak. [RT #18374]
--
--2411. [bug] Allow using a larger number of sockets than FD_SETSIZE
-- for select(). To enable this, set ISC_SOCKET_MAXSOCKETS
-- at compilation time. [RT #18433]
--
-- Note: with changes #2469 and #2421 above, there is no
-- need to tweak ISC_SOCKET_MAXSOCKETS at compilation time
-- any more.
--
--2410. [bug] Correctly delete m_versionInfo. [RT #18432]
--
--2409. [bug] Only log that we disabled EDNS processing if we were
-- subsequently successful. [RT #18029]
--
--2408. [bug] A duplicate TCP dispatch event could be sent, which
-- could then trigger an assertion failure in
-- resquery_response(). [RT #18275]
--
--2407. [port] hpux: test for sys/dyntune.h. [RT #18421]
--
--2406. [placeholder]
--
--2405. [cleanup] The default value for dnssec-validation was changed to
-- "yes" in 9.5.0-P1 and all subsequent releases; this
-- was inadvertently omitted from CHANGES at the time.
--
--2404. [port] hpux: files unlimited support.
--
--2403. [bug] TSIG context leak. [RT #18341]
--
--2402. [port] Support Solaris 2.11 and over. [RT #18362]
--
--2401. [bug] Expect to get E[MN]FILE errno internal_accept()
-- (from accept() or fcntl() system calls). [RT #18358]
--
--2400. [bug] Log if kqueue()/epoll_create()/open(/dev/poll) fails.
-- [RT #18297]
--
--2399. [placeholder]
--
--2398. [bug] Improve file descriptor management. New,
-- temporary, named.conf option reserved-sockets,
-- default 512. [RT #18344]
--
--2397. [bug] gssapi_functions had too many elements. [RT #18355]
--
--2396. [bug] Don't set SO_REUSEADDR for randomized ports.
-- [RT #18336]
--
--2395. [port] Avoid warning and no effect from "files unlimited"
-- on Linux when running as root. [RT #18335]
--
--2394. [bug] Default configuration options set the limit for
-- open files to 'unlimited' as described in the
-- documentation. [RT #18331]
--
--2393. [bug] nested acls containing keys could trigger an
-- assertion in acl.c. [RT #18166]
--
--2392. [bug] remove 'grep -q' from acl test script, some platforms
-- don't support it. [RT #18253]
--
--2391. [port] hpux: cover additional recvmsg() error codes.
-- [RT #18301]
--
--2390. [bug] dispatch.c could make a false warning on 'odd socket'.
-- [RT #18301].
--
--2389. [bug] Move the "working directory writable" check to after
-- the ns_os_changeuser() call. [RT #18326]
--
--2388. [bug] Avoid using tables for layout purposes in
-- statistics XSL [RT #18159].
--
--2387. [bug] Silence compiler warnings in lib/isc/radix.c.
-- [RT #18147] [RT #18258]
--
--2386. [func] Add warning about too small 'open files' limit.
-- [RT #18269]
--
--2385. [bug] A condition variable in socket.c could leak in
-- rare error handling [RT #17968].
--
--2384. [security] Fully randomize UDP query ports to improve
-- forgery resilience. [RT #17949, #18098]
--
--2383. [bug] named could double queries when they resulted in
-- SERVFAIL due to overkilling EDNS0 failure detection.
-- [RT #18182]
--
--2382. [doc] Add descriptions of DHCID, IPSECKEY, SPF and SSHFP
-- to ARM.
--
--2381. [port] dlz/mysql: support multiple install layouts for
-- mysql. <prefix>/include/{,mysql/}mysql.h and
-- <prefix>/lib/{,mysql/}. [RT #18152]
--
--2380. [bug] dns_view_find() was not returning NXDOMAIN/NXRRSET
-- proofs which, in turn, caused validation failures
-- for insecure zones immediately below a secure zone
-- the server was authoritative for. [RT #18112]
--
--2379. [contrib] queryperf/gen-data-queryperf.py: removed redundant
-- TLDs and supported RRs with TTLs [RT #17972]
--
--2378. [bug] gssapi_functions{} had a redundant member in BIND 9.5.
-- [RT #18169]
--
--2377. [bug] Address race condition in dnssec-signzone. [RT #18142]
--
--2376. [bug] Change #2144 was not complete.
--
--2375. [placeholder]
--
--2374. [bug] "blackhole" ACLs could cause named to segfault due
-- to some uninitialized memory. [RT #18095]
--
--2373. [bug] Default values of zone ACLs were re-parsed each time a
-- new zone was configured, causing an overconsumption
-- of memory. [RT #18092]
--
--2372. [bug] Fixed incorrect TAG_HMACSHA256_BITS value [RT #18047]
--
--2371. [doc] Add +nsid option to dig man page. [RT #18039]
--
--2370. [bug] "rndc freeze" could trigger an assertion in named
-- when called on a nonexistent zone. [RT #18050]
--
--2369. [bug] libbind: Array bounds overrun on read in bitncmp().
-- [RT #18054]
--
--2368. [port] Linux: use libcap for capability management if
-- possible. [RT# 18026]
--
--2367. [bug] Improve counting of dns_resstatscounter_retry
-- [RT #18030]
--
--2366. [bug] Adb shutdown race. [RT #18021]
--
--2365. [bug] Fix a bug that caused dns_acl_isany() to return
-- spurious results. [RT #18000]
--
--2364. [bug] named could trigger a assertion when serving a
-- malformed signed zone. [RT #17828]
--
--2363. [port] sunos: pre-set "lt_cv_sys_max_cmd_len=4096;".
-- [RT #17513]
--
--2362. [cleanup] Make "rrset-order fixed" a compile-time option.
-- settable by "./configure --enable-fixed-rrset".
-- Disabled by default. [RT #17977]
--
--2361. [bug] "recursion" statistics counter could be counted
-- multiple times for a single query. [RT #17990]
--
--2360. [bug] Fix a condition where we release a database version
-- (which may acquire a lock) while holding the lock.
--
--2359. [bug] Fix NSID bug. [RT #17942]
--
--2358. [doc] Update host's default query description. [RT #17934]
--
--2357. [port] Don't use OpenSSL's engine support in versions before
-- OpenSSL 0.9.7f. [RT #17922]
--
--2356. [bug] Built in mutex profiler was not scalable enough.
-- [RT #17436]
--
--2355. [func] Extend the number statistics counters available.
-- [RT #17590]
--
--2354. [bug] Failed to initialize some rdatasetheader_t elements.
-- [RT #17927]
--
--2353. [func] Add support for Name Server ID (RFC 5001).
-- 'dig +nsid' requests NSID from server.
-- 'request-nsid yes;' causes recursive server to send
-- NSID requests to upstream servers. Server responds
-- to NSID requests with the string configured by
-- 'server-id' option. [RT #17091]
--
--2352. [bug] Various GSS_API fixups. [RT #17729]
--
--2351. [bug] convertxsl.pl generated very long lines. [RT #17906]
--
--2350. [port] win32: IPv6 support. [RT #17797]
--
--2349. [func] Provide incremental re-signing support for secure
-- dynamic zones. [RT #1091]
--
--2348. [func] Use the EVP interface to OpenSSL. Add PKCS#11 support.
-- Documentation is in the new README.pkcs11 file.
-- New tool, dnssec-keyfromlabel, which takes the
-- label of a key pair in a HSM and constructs a DNS
-- key pair for use by named and dnssec-signzone.
-- [RT #16844]
--
--2347. [bug] Delete now traverses the RB tree in the canonical
-- order. [RT #17451]
--
--2346. [func] Memory statistics now cover all active memory contexts
-- in increased detail. [RT #17580]
--
--2345. [bug] named-checkconf failed to detect when forwarders
-- were set at both the options/view level and in
-- a root zone. [RT #17671]
--
--2344. [bug] Improve "logging{ file ...; };" documentation.
-- [RT #17888]
--
--2343. [bug] (Seemingly) duplicate IPv6 entries could be
-- created in ADB. [RT #17837]
--
--2342. [func] Use getifaddrs() if available under Linux. [RT #17224]
--
--2341. [bug] libbind: add missing -I../include for off source
-- tree builds. [RT #17606]
--
--2340. [port] openbsd: interface configuration. [RT #17700]
--
--2339. [port] tru64: support for libbind. [RT #17589]
--
--2338. [bug] check_ds() could be called with a non DS rdataset.
-- [RT #17598]
--
--2337. [bug] BUILD_LDFLAGS was not being correctly set. [RT #17614]
--
--2336. [func] If "named -6" is specified then listen on all IPv6
-- interfaces if there are not listen-on-v6 clauses in
-- named.conf. [RT #17581]
--
--2335. [port] sunos: libbind and *printf() support for long long.
-- [RT #17513]
--
--2334. [bug] Bad REQUIRES in fromstruct_in_naptr(), off by one
-- bug in fromstruct_txt(). [RT #17609]
--
--2333. [bug] Fix off by one error in isc_time_nowplusinterval().
-- [RT #17608]
--
--2332. [contrib] query-loc-0.4.0. [RT #17602]
--
--2331. [bug] Failure to regenerate any signatures was not being
-- reported nor being past back to the UPDATE client.
-- [RT #17570]
--
--2330. [bug] Remove potential race condition when handling
-- over memory events. [RT #17572]
--
-- WARNING: API CHANGE: over memory callback
-- function now needs to call isc_mem_waterack().
-- See <isc/mem.h> for details.
--
--2329. [bug] Clearer help text for dig's '-x' and '-i' options.
--
--2328. [maint] Add AAAA addresses for A.ROOT-SERVERS.NET,
-- F.ROOT-SERVERS.NET, H.ROOT-SERVERS.NET,
-- J.ROOT-SERVERS.NET, K.ROOT-SERVERS.NET and
-- M.ROOT-SERVERS.NET.
--
--2327. [bug] It was possible to dereference a NULL pointer in
-- rbtdb.c. Implement dead node processing in zones as
-- we do for caches. [RT #17312]
--
--2326. [bug] It was possible to trigger a INSIST in the acache
-- processing.
--
--2325. [port] Linux: use capset() function if available. [RT #17557]
--
--2324. [bug] Fix IPv6 matching against "any;". [RT #17533]
--
--2323. [port] tru64: namespace clash. [RT #17547]
--
--2322. [port] MacOS: work around the limitation of setrlimit()
-- for RLIMIT_NOFILE. [RT #17526]
--
--2321. [placeholder]
--
--2320. [func] Make statistics counters thread-safe for platforms
-- that support certain atomic operations. [RT #17466]
--
--2319. [bug] Silence Coverity warnings in
-- lib/dns/rdata/in_1/apl_42.c. [RT #17469]
--
--2318. [port] sunos fixes for libbind. [RT #17514]
--
--2317. [bug] "make distclean" removed bind9.xsl.h. [RT #17518]
--
--2316. [port] Missing #include <isc/print.h> in lib/dns/gssapictx.c.
-- [RT #17513]
--
--2315. [bug] Used incorrect address family for mapped IPv4
-- addresses in acl.c. [RT #17519]
--
--2314. [bug] Uninitialized memory use on error path in
-- bin/named/lwdnoop.c. [RT #17476]
--
--2313. [cleanup] Silence Coverity warnings. Handle private stacks.
-- [RT #17447] [RT #17478]
--
--2312. [cleanup] Silence Coverity warning in lib/isc/unix/socket.c.
-- [RT #17458]
--
--2311. [bug] IPv6 addresses could match IPv4 ACL entries and
-- vice versa. [RT #17462]
--
--2310. [bug] dig, host, nslookup: flush stdout before emitting
-- debug/fatal messages. [RT #17501]
--
--2309. [cleanup] Fix Coverity warnings in lib/dns/acl.c and iptable.c.
-- [RT #17455]
--
--2308. [cleanup] Silence Coverity warning in bin/named/controlconf.c.
-- [RT #17495]
--
--2307. [bug] Remove infinite loop from lib/dns/sdb.c. [RT #17496]
--
--2306. [bug] Remove potential race from lib/dns/resolver.c.
-- [RT #17470]
--
--2305. [security] inet_network() buffer overflow. CVE-2008-0122.
--
--2304. [bug] Check returns from all dns_rdata_tostruct() calls.
-- [RT #17460]
--
--2303. [bug] Remove unnecessary code from bin/named/lwdgnba.c.
-- [RT #17471]
--
--2302. [bug] Fix memset() calls in lib/tests/t_api.c. [RT #17472]
--
--2301. [bug] Remove resource leak and fix error messages in
-- bin/tests/system/lwresd/lwtest.c. [RT #17474]
--
--2300. [bug] Fixed failure to close open file in
-- bin/tests/names/t_names.c. [RT #17473]
--
--2299. [bug] Remove unnecessary NULL check in
-- bin/nsupdate/nsupdate.c. [RT #17475]
--
--2298. [bug] isc_mutex_lock() failure not caught in
-- bin/tests/timers/t_timers.c. [RT #17468]
--
--2297. [bug] isc_entropy_createfilesource() failure not caught in
-- bin/tests/dst/t_dst.c. [RT #17467]
--
--2296. [port] Allow docbook stylesheet location to be specified to
-- configure. [RT #17457]
--
--2295. [bug] Silence static overrun error in bin/named/lwaddr.c.
-- [RT #17459]
--
--2294. [func] Allow the experimental statistics channels to have
-- multiple connections and ACL.
-- Note: the stats-server and stats-server-v6 options
-- available in the previous beta releases are replaced
-- with the generic statistics-channels statement.
--
--2293. [func] Add ACL regression test. [RT #17375]
--
--2292. [bug] Log if the working directory is not writable.
-- [RT #17312]
--
--2291. [bug] PR_SET_DUMPABLE may be set too late. Also report
-- failure to set PR_SET_DUMPABLE. [RT #17312]
--
--2290. [bug] Let AD in the query signal that the client wants AD
-- set in the response. [RT #17301]
--
--2289. [func] named-checkzone now reports the out-of-zone CNAME
-- found. [RT #17309]
--
--2288. [port] win32: mark service as running when we have finished
-- loading. [RT #17441]
--
--2287. [bug] Use 'volatile' if the compiler supports it. [RT #17413]
--
--2286. [func] Allow a TCP connection to be used as a weak
-- authentication method for reverse zones.
-- New update-policy methods tcp-self and 6to4-self.
-- [RT #17378]
--
--2285. [func] Test framework for client memory context management.
-- [RT #17377]
--
--2284. [bug] Memory leak in UPDATE prerequisite processing.
-- [RT #17377]
--
--2283. [bug] TSIG keys were not attaching to the memory
-- context. TSIG keys should use the rings
-- memory context rather than the clients memory
-- context. [RT #17377]
--
--2282. [bug] Acl code fixups. [RT #17346] [RT #17374]
--
--2281. [bug] Attempts to use undefined acls were not being logged.
-- [RT #17307]
--
--2280. [func] Allow the experimental http server to be reached
-- over IPv6 as well as IPv4. [RT #17332]
--
--2279. [bug] Use setsockopt(SO_NOSIGPIPE), when available,
-- to protect applications from receiving spurious
-- SIGPIPE signals when using the resolver.
--
--2278. [bug] win32: handle the case where Windows returns no
-- search list or DNS suffix. [RT #17354]
--
--2277. [bug] Empty zone names were not correctly being caught at
-- in the post parse checks. [RT #17357]
--
--2276. [bug] Install <dst/gssapi.h>. [RT# 17359]
--
--2275. [func] Add support to dig to perform IXFR queries over UDP.
-- [RT #17235]
--
--2274. [func] Log zone transfer statistics. [RT #17336]
--
--2273. [bug] Adjust log level to WARNING when saving inconsistent
-- stub/slave master and journal files. [RT# 17279]
--
--2272. [bug] Handle illegal dnssec-lookaside trust-anchor names.
-- [RT #17262]
--
--2271. [bug] Fix a memory leak in http server code [RT #17100]
--
--2270. [bug] dns_db_closeversion() version->writer could be reset
-- before it is tested. [RT #17290]
--
--2269. [contrib] dbus memory leaks and missing va_end calls. [RT #17232]
--
--2268. [bug] 0.IN-ADDR.ARPA was missing from the empty zones
-- list.
--
-- --- 9.5.0b1 released ---
--
--2267. [bug] Radix tree node_num value could be set incorrectly,
-- causing positive ACL matches to look like negative
-- ones. [RT #17311]
--
--2266. [bug] client.c:get_clientmctx() returned the same mctx
-- once the pool of mctx's was filled. [RT #17218]
--
--2265. [bug] Test that the memory context's basic_table is non NULL
-- before freeing. [RT #17265]
--
--2264. [bug] Server prefix length was being ignored. [RT #17308]
--
--2263. [bug] "named-checkconf -z" failed to set default value
-- for "check-integrity". [RT #17306]
--
--2262. [bug] Error status from all but the last view could be
-- lost. [RT #17292]
--
--2261. [bug] Fix memory leak with "any" and "none" ACLs [RT #17272]
--
--2260. [bug] Reported wrong clients-per-query when increasing the
-- value. [RT #17236]
--
--2259. [placeholder]
--
-- --- 9.5.0a7 released ---
--
--2258. [bug] Fallback from IXFR/TSIG to SOA/AXFR/TSIG broken.
-- [RT #17241]
--
--2257. [bug] win32: Use the full path to vcredist_x86.exe when
-- calling it. [RT #17222]
--
--2256. [bug] win32: Correctly register the installation location of
-- bindevt.dll. [RT #17159]
--
--2255. [maint] L.ROOT-SERVERS.NET is now 199.7.83.42.
--
--2254. [bug] timer.c:dispatch() failed to lock timer->lock
-- when reading timer->idle allowing it to see
-- intermediate values as timer->idle was reset by
-- isc_timer_touch(). [RT #17243]
--
--2253. [func] "max-cache-size" defaults to 32M.
-- "max-acache-size" defaults to 16M.
--
--2252. [bug] Fixed errors in sortlist code [RT #17216]
--
--2251. [placeholder]
--
--2250. [func] New flag 'memstatistics' to state whether the
-- memory statistics file should be written or not.
-- Additionally named's -m option will cause the
-- statistics file to be written. [RT #17113]
--
--2249. [bug] Only set Authentic Data bit if client requested
-- DNSSEC, per RFC 3655 [RT #17175]
--
--2248. [cleanup] Fix several errors reported by Coverity. [RT #17160]
--
--2247. [doc] Sort doc/misc/options. [RT #17067]
--
--2246. [bug] Make the startup of test servers (ans.pl) more
-- robust. [RT #17147]
--
--2245. [bug] Validating lack of DS records at trust anchors wasn't
-- working. [RT #17151]
--
--2244. [func] Allow the check of nameserver names against the
-- SOA MNAME field to be disabled by specifying
-- 'notify-to-soa yes;'. [RT #17073]
--
--2243. [func] Configuration files without a newline at the end now
-- parse without error. [RT #17120]
--
--2242. [bug] nsupdate: GSS-TSIG support using the Heimdal Kerberos
-- library could require a source of random data.
-- [RT #17127]
--
--2241. [func] nsupdate: add a interactive 'help' command. [RT #17099]
--
--2240. [bug] Cleanup nsupdates GSS-TSIG support. Convert
-- a number of INSIST()s into plain fatal() errors
-- which report the triggering result code.
-- The 'key' command wasn't disabling GSS-TSIG.
-- [RT #17099]
--
--2239. [func] Ship a pre built bin/named/bind9.xsl.h. [RT #17114]
--
--2238. [bug] It was possible to trigger a REQUIRE when a
-- validation was canceled. [RT #17106]
--
--2237. [bug] libbind: res_init() was not thread aware. [RT #17123]
--
--2236. [bug] dnssec-signzone failed to preserve the case of
-- of wildcard owner names. [RT #17085]
--
--2235. [bug] <isc/atomic.h> was not being installed. [RT #17135]
--
--2234. [port] Correct some compiler warnings on SCO OSr5 [RT #17134]
--
--2233. [func] Add support for O(1) ACL processing, based on
-- radix tree code originally written by Kevin
-- Brintnall. [RT #16288]
--
--2232. [bug] dns_adb_findaddrinfo() could fail and return
-- ISC_R_SUCCESS. [RT #17137]
--
--2231. [bug] Building dlzbdb (contrib/dlz/bin/dlzbdb) was broken.
-- [RT #17088]
--
--2230. [bug] We could INSIST reading a corrupted journal.
-- [RT #17132]
--
--2229. [bug] Null pointer dereference on query pool creation
-- failure. [RT #17133]
--
--2228. [contrib] contrib: Change 2188 was incomplete.
--
--2227. [cleanup] Tidied up the FAQ. [RT #17121]
--
--2226. [placeholder]
--
--2225. [bug] More support for systems with no IPv4 addresses.
-- [RT #17111]
--
--2224. [bug] Defer journal compaction if a xfrin is in progress.
-- [RT #17119]
--
--2223. [bug] Make a new journal when compacting. [RT #17119]
--
--2222. [func] named-checkconf now checks server key references.
-- [RT #17097]
--
--2221. [bug] Set the event result code to reflect the actual
-- record turned to caller when a cache update is
-- rejected due to a more credible answer existing.
-- [RT #17017]
--
--2220. [bug] win32: Address a race condition in final shutdown of
-- the Windows socket code. [RT #17028]
--
--2219. [bug] Apply zone consistency checks to additions, not
-- removals, when updating. [RT #17049]
--
--2218. [bug] Remove unnecessary REQUIRE from dns_validator_create().
-- [RT #16976]
--
--2217. [func] Adjust update log levels. [RT #17092]
--
--2216. [cleanup] Fix a number of errors reported by Coverity.
-- [RT #17094]
--
--2215. [bug] Bad REQUIRE check isc_hmacsha1_verify(). [RT #17094]
--
--2214. [bug] Deregister OpenSSL lock callback when cleaning
-- up. Reorder OpenSSL cleanup so that RAND_cleanup()
-- is called before the locks are destroyed. [RT #17098]
--
--2213. [bug] SIG0 diagnostic failure messages were looking at the
-- wrong status code. [RT #17101]
--
--2212. [func] 'host -m' now causes memory statistics and active
-- memory to be printed at exit. [RT 17028]
--
--2211. [func] Update "dynamic update temporarily disabled" message.
-- [RT #17065]
--
--2210. [bug] Deleting class specific records via UPDATE could
-- fail. [RT #17074]
--
--2209. [port] osx: linking against user supplied static OpenSSL
-- libraries failed as the system ones were still being
-- found. [RT #17078]
--
--2208. [port] win32: make sure both build methods produce the
-- same output. [RT #17058]
--
--2207. [port] Some implementations of getaddrinfo() fail to set
-- ai_canonname correctly. [RT #17061]
--
-- --- 9.5.0a6 released ---
--
--2206. [security] "allow-query-cache" and "allow-recursion" now
-- cross inherit from each other.
--
-- If allow-query-cache is not set in named.conf then
-- allow-recursion is used if set, otherwise allow-query
-- is used if set, otherwise the default (localnets;
-- localhost;) is used.
--
-- If allow-recursion is not set in named.conf then
-- allow-query-cache is used if set, otherwise allow-query
-- is used if set, otherwise the default (localnets;
-- localhost;) is used.
--
-- [RT #16987]
--
--2205. [bug] libbind: change #2119 broke thread support. [RT #16982]
--
--2204. [bug] "rndc flushanme name unknown-view" caused named
-- to crash. [RT #16984]
--
--2203. [security] Query id generation was cryptographically weak.
-- [RT # 16915]
--
--2202. [security] The default acls for allow-query-cache and
-- allow-recursion were not being applied. [RT #16960]
--
--2201. [bug] The build failed in a separate object directory.
-- [RT #16943]
--
--2200. [bug] The search for cached NSEC records was stopping to
-- early leading to excessive DLV queries. [RT #16930]
--
--2199. [bug] win32: don't call WSAStartup() while loading dlls.
-- [RT #16911]
--
--2198. [bug] win32: RegCloseKey() could be called when
-- RegOpenKeyEx() failed. [RT #16911]
--
--2197. [bug] Add INSIST to catch negative responses which are
-- not setting the event result code appropriately.
-- [RT #16909]
--
--2196. [port] win32: yield processor while waiting for once to
-- to complete. [RT #16958]
--
--2195. [func] dnssec-keygen now defaults to nametype "ZONE"
-- when generating DNSKEYs. [RT #16954]
--
--2194. [bug] Close journal before calling 'done' in xfrin.c.
--
-- --- 9.5.0a5 released ---
--
--2193. [port] win32: BINDInstall.exe is now linked statically.
-- [RT #16906]
--
--2192. [port] win32: use vcredist_x86.exe to install Visual
-- Studio's redistributable dlls if building with
-- Visual Stdio 2005 or later.
--
--2191. [func] named-checkzone now allows dumping to stdout (-).
-- named-checkconf now has -h for help.
-- named-checkzone now has -h for help.
-- rndc now has -h for help.
-- Better handling of '-?' for usage summaries.
-- [RT #16707]
--
--2190. [func] Make fallback to plain DNS from EDNS due to timeouts
-- more visible. New logging category "edns-disabled".
-- [RT #16871]
--
--2189. [bug] Handle socket() returning EINTR. [RT #15949]
--
--2188. [contrib] queryperf: autoconf changes to make the search for
-- libresolv or libbind more robust. [RT #16299]
--
--2187. [bug] query_addds(), query_addwildcardproof() and
-- query_addnxrrsetnsec() should take a version
-- argument. [RT #16368]
--
--2186. [port] cygwin: libbind: check for struct sockaddr_storage
-- independently of IPv6. [RT #16482]
--
--2185. [port] sunos: libbind: check for ssize_t, memmove() and
-- memchr(). [RT #16463]
--
--2184. [bug] bind9.xsl.h didn't build out of the source tree.
-- [RT #16830]
--
--2183. [bug] dnssec-signzone didn't handle offline private keys
-- well. [RT #16832]
--
--2182. [bug] dns_dispatch_createtcp() and dispatch_createudp()
-- could return ISC_R_SUCCESS when they ran out of
-- memory. [RT #16365]
--
--2181. [port] sunos: libbind: add paths.h from BIND 8. [RT #16462]
--
--2180. [cleanup] Remove bit test from 'compress_test' as they
-- are no longer needed. [RT #16497]
--
--2179. [func] 'rndc command zone' will now find 'zone' if it is
-- unique to all the views. [RT #16821]
--
--2178. [bug] 'rndc reload' of a slave or stub zone resulted in
-- a reference leak. [RT #16867]
--
--2177. [bug] Array bounds overrun on read (rcodetext) at
-- debug level 10+. [RT #16798]
--
--2176. [contrib] dbus update to handle race condition during
-- initialization (Bugzilla 235809). [RT #16842]
--
--2175. [bug] win32: windows broadcast condition variable support
-- was broken. [RT #16592]
--
--2174. [bug] I/O errors should always be fatal when reading
-- master files. [RT #16825]
--
--2173. [port] win32: When compiling with MSVS 2005 SP1 we also
-- need to ship Microsoft.VC80.MFCLOC.
--
-- --- 9.5.0a4 released ---
--
--2172. [bug] query_addsoa() was being called with a non zone db.
-- [RT #16834]
--
--2171. [bug] Handle breaks in DNSSEC trust chains where the parent
-- servers are not DS aware (DS queries to the parent
-- return a referral to the child).
--
--2170. [func] Add acache processing to test suite. [RT #16711]
--
--2169. [bug] host, nslookup: when reporting NXDOMAIN report the
-- given name and not the last name searched for.
-- [RT #16763]
--
--2168. [bug] nsupdate: in non-interactive mode treat syntax errors
-- as fatal errors. [RT #16785]
--
--2167. [bug] When re-using a automatic zone named failed to
-- attach it to the new view. [RT #16786]
--
-- --- 9.5.0a3 released ---
--
--2166. [bug] When running in batch mode, dig could misinterpret
-- a server address as a name to be looked up, causing
-- unexpected output. [RT #16743]
--
--2165. [func] Allow the destination address of a query to determine
-- if we will answer the query or recurse.
-- allow-query-on, allow-recursion-on and
-- allow-query-cache-on. [RT #16291]
--
--2164. [bug] The code to determine how named-checkzone /
-- named-compilezone was called failed under windows.
-- [RT #16764]
--
--2163. [bug] If only one of query-source and query-source-v6
-- specified a port the query pools code broke (change
-- 2129). [RT #16768]
--
--2162. [func] Allow "rrset-order fixed" to be disabled at compile
-- time. [RT #16665]
--
--2161. [bug] Fix which log messages are emitted for 'rndc flush'.
-- [RT #16698]
--
--2160. [bug] libisc wasn't handling NULL ifa_addr pointers returned
-- from getifaddrs(). [RT #16708]
--
-- --- 9.5.0a2 released ---
--
--2159. [bug] Array bounds overrun in acache processing. [RT #16710]
--
--2158. [bug] ns_client_isself() failed to initialize key
-- leading to a REQUIRE failure. [RT #16688]
--
--2157. [func] dns_db_transfernode() created. [RT #16685]
--
--2156. [bug] Fix node reference leaks in lookup.c:lookup_find(),
-- resolver.c:validated() and resolver.c:cache_name().
-- Fix a memory leak in rbtdb.c:free_noqname().
-- Make lookup.c:lookup_find() robust against
-- event leaks. [RT #16685]
--
--2155. [contrib] SQLite sdb module from jaboydjr@netwalk.com.
-- [RT #16694]
--
--2154. [func] Scoped (e.g. IPv6 link-local) addresses may now be
-- matched in acls by omitting the scope. [RT #16599]
--
--2153. [bug] nsupdate could leak memory. [RT #16691]
--
--2152. [cleanup] Use sizeof(buf) instead of fixed number in
-- dighost.c:get_trusted_key(). [RT #16678]
--
--2151. [bug] Missing newline in usage message for journalprint.
-- [RT #16679]
--
--2150. [bug] 'rrset-order cyclic' uniformly distribute the
-- starting point for the first response for a given
-- RRset. [RT #16655]
--
--2149. [bug] isc_mem_checkdestroyed() failed to abort on
-- if there were still active memory contexts.
-- [RT #16672]
--
--2148. [func] Add positive logging for rndc commands. [RT #14623]
--
--2147. [bug] libbind: remove potential buffer overflow from
-- hmac_link.c. [RT #16437]
--
--2146. [cleanup] Silence Linux's spurious "obsolete setsockopt
-- SO_BSDCOMPAT" message. [RT #16641]
--
--2145. [bug] Check DS/DLV digest lengths for known digests.
-- [RT #16622]
--
--2144. [cleanup] Suppress logging of SERVFAIL from forwarders.
-- [RT #16619]
--
--2143. [bug] We failed to restart the IPv6 client when the
-- kernel failed to return the destination the
-- packet was sent to. [RT #16613]
--
--2142. [bug] Handle master files with a modification time that
-- matches the epoch. [RT# 16612]
--
--2141. [bug] dig/host should not be setting IDN_ASCCHECK (IDN
-- equivalent of LDH checks). [RT #16609]
--
--2140. [bug] libbind: missing unlock on pthread_key_create()
-- failures. [RT #16654]
--
--2139. [bug] dns_view_find() was being called with wrong type
-- in adb.c. [RT #16670]
--
--2138. [bug] Lock order reversal in resolver.c. [RT #16653]
--
--2137. [port] Mips little endian and/or mips 64 bit are now
-- supported for atomic operations. [RT#16648]
--
--2136. [bug] nslookup/host looped if there was no search list
-- and the host didn't exist. [RT #16657]
--
--2135. [bug] Uninitialized rdataset in sdlz.c. [RT# 16656]
--
--2134. [func] Additional statistics support. [RT #16666]
--
--2133. [port] powerpc: Support both IBM and MacOS Power PC
-- assembler syntaxes. [RT #16647]
--
--2132. [bug] Missing unlock on out of memory in
-- dns_dispatchmgr_setudp().
--
--2131. [contrib] dlz/mysql: AXFR was broken. [RT #16630]
--
--2130. [func] Log if CD or DO were set. [RT #16640]
--
--2129. [func] Provide a pool of UDP sockets for queries to be
-- made over. See use-queryport-pool, queryport-pool-ports
-- and queryport-pool-updateinterval. [RT #16415]
--
--2128. [doc] xsltproc --nonet, update DTD versions. [RT #16635]
--
--2127. [port] Improved OpenSSL 0.9.8 support. [RT #16563]
--
--2126. [security] Serialize validation of type ANY responses. [RT #16555]
--
--2125. [bug] dns_zone_getzeronosoattl() REQUIRE failure if DLZ
-- was defined. [RT #16574]
--
--2124. [security] It was possible to dereference a freed fetch
-- context. [RT #16584]
--
-- --- 9.5.0a1 released ---
--
--2123. [func] Use Doxygen to generate internal documentation.
-- [RT #11398]
--
--2122. [func] Experimental http server and statistics support
-- for named via xml.
--
--2121. [func] Add a 10 slot dead masters cache (LRU) with a 600
-- second timeout. [RT #16553]
--
--2120. [doc] Fix markup on nsupdate man page. [RT #16556]
--
--2119. [compat] libbind: allow res_init() to succeed enough to
-- return the default domain even if it was unable
-- to allocate memory.
--
--2118. [bug] Handle response with long chains of domain name
-- compression pointers which point to other compression
-- pointers. [RT #16427]
--
--2117. [bug] DNSSEC fixes: named could fail to cache NSEC records
-- which could lead to validation failures. named didn't
-- handle negative DS responses that were in the process
-- of being validated. Check CNAME bit before accepting
-- NODATA proof. To be able to ignore a child NSEC there
-- must be SOA (and NS) set in the bitmap. [RT #16399]
--
--2116. [bug] 'rndc reload' could cause the cache to continually
-- be cleaned. [RT #16401]
--
--2115. [bug] 'rndc reconfig' could trigger a INSIST if the
-- number of masters for a zone was reduced. [RT #16444]
--
--2114. [bug] dig/host/nslookup: searches for names with multiple
-- labels were failing. [RT #16447]
--
--2113. [bug] nsupdate: if a zone is specified it should be used
-- for server discover. [RT# 16455]
--
--2112. [security] Warn if weak RSA exponent is used. [RT #16460]
--
--2111. [bug] Fix a number of errors reported by Coverity.
-- [RT #16507]
--
--2110. [bug] "minimal-responses yes;" interacted badly with BIND 8
-- priming queries. [RT #16491]
--
--2109. [port] libbind: silence aix 5.3 compiler warnings. [RT #16502]
--
--2108. [func] DHCID support. [RT #16456]
--
--2107. [bug] dighost.c: more cleanup of buffers. [RT #16499]
--
--2106. [func] 'rndc status' now reports named's version. [RT #16426]
--
--2105. [func] GSS-TSIG support (RFC 3645).
--
--2104. [port] Fix Solaris SMF error message.
--
--2103. [port] Add /usr/sfw to list of locations for OpenSSL
-- under Solaris.
--
--2102. [port] Silence Solaris 10 warnings.
--
--2101. [bug] OpenSSL version checks were not quite right.
-- [RT #16476]
--
--2100. [port] win32: copy libeay32.dll to Build\Debug.
-- Copy Debug\named-checkzone to Debug\named-compilezone.
--
--2099. [port] win32: more manifest issues.
--
--2098. [bug] Race in rbtdb.c:no_references(), which occasionally
-- triggered an INSIST failure about the node lock
-- reference. [RT #16411]
--
--2097. [bug] named could reference a destroyed memory context
-- after being reloaded / reconfigured. [RT #16428]
--
--2096. [bug] libbind: handle applications that fail to detect
-- res_init() failures better.
--
--2095. [port] libbind: alway prototype inet_cidr_ntop_ipv6() and
-- net_cidr_ntop_ipv6(). [RT #16388]
--
--2094. [contrib] Update named-bootconf. [RT# 16404]
--
--2093. [bug] named-checkzone -s was broken.
--
--2092. [bug] win32: dig, host, nslookup. Use registry config
-- if resolv.conf does not exist or no nameservers
-- listed. [RT #15877]
--
--2091. [port] dighost.c: race condition on cleanup. [RT #16417]
--
--2090. [port] win32: Visual C++ 2005 command line manifest support.
-- [RT #16417]
--
--2089. [security] Raise the minimum safe OpenSSL versions to
-- OpenSSL 0.9.7l and OpenSSL 0.9.8d. Versions
-- prior to these have known security flaws which
-- are (potentially) exploitable in named. [RT #16391]
--
--2088. [security] Change the default RSA exponent from 3 to 65537.
-- [RT #16391]
--
--2087. [port] libisc failed to compile on OS's w/o a vsnprintf.
-- [RT #16382]
--
--2086. [port] libbind: FreeBSD now has get*by*_r() functions.
-- [RT #16403]
--
--2085. [doc] win32: added index.html and README to zip. [RT #16201]
--
--2084. [contrib] dbus update for 9.3.3rc2.
--
--2083. [port] win32: Visual C++ 2005 support.
--
--2082. [doc] Document 'cache-file' as a test only option.
--
--2081. [port] libbind: minor 64-bit portability fix in memcluster.c.
-- [RT #16360]
--
--2080. [port] libbind: res_init.c did not compile on older versions
-- of Solaris. [RT #16363]
--
--2079. [bug] The lame cache was not handling multiple types
-- correctly. [RT #16361]
--
--2078. [bug] dnssec-checkzone output style "default" was badly
-- named. It is now called "relative". [RT #16326]
--
--2077. [bug] 'dnssec-signzone -O raw' wasn't outputting the
-- complete signed zone. [RT #16326]
--
--2076. [bug] Several files were missing #include <config.h>
-- causing build failures on OSF. [RT #16341]
--
--2075. [bug] The spillat timer event hander could leak memory.
-- [RT #16357]
--
--2074. [bug] dns_request_createvia2(), dns_request_createvia3(),
-- dns_request_createraw2() and dns_request_createraw3()
-- failed to send multiple UDP requests. [RT #16349]
--
--2073. [bug] Incorrect semantics check for update policy "wildcard".
-- [RT #16353]
--
--2072. [bug] We were not generating valid HMAC SHA digests.
-- [RT #16320]
--
--2071. [port] Test whether gcc accepts -fno-strict-aliasing.
-- [RT #16324]
--
--2070. [bug] The remote address was not always displayed when
-- reporting dispatch failures. [RT #16315]
--
--2069. [bug] Cross compiling was not working. [RT #16330]
--
--2068. [cleanup] Lower incremental tuning message to debug 1.
-- [RT #16319]
--
--2067. [bug] 'rndc' could close the socket too early triggering
-- a INSIST under Windows. [RT #16317]
--
--2066. [security] Handle SIG queries gracefully. [RT #16300]
--
--2065. [bug] libbind: probe for HPUX prototypes for
-- endprotoent_r() and endservent_r(). [RT 16313]
--
--2064. [bug] libbind: silence AIX compiler warnings. [RT #16218]
--
--2063. [bug] Change #1955 introduced a bug which caused the first
-- 'rndc flush' call to not free memory. [RT #16244]
--
--2062. [bug] 'dig +nssearch' was reusing a buffer before it had
-- been returned by the socket code. [RT #16307]
--
--2061. [bug] Accept expired wildcard message reversed. [RT #16296]
--
--2060. [bug] Enabling DLZ support could leave views partially
-- configured. [RT #16295]
--
--2059. [bug] Search into cache rbtdb could trigger an INSIST
-- failure while cleaning up a stale rdataset.
-- [RT #16292]
--
--2058. [bug] Adjust how we calculate rtt estimates in the presence
-- of authoritative servers that drop EDNS and/or CD
-- requests. Also fallback to EDNS/512 and plain DNS
-- faster for zones with less than 3 servers. [RT #16187]
--
--2057. [bug] Make setting "ra" dependent on both allow-query-cache
-- and allow-recursion. [RT #16290]
--
--2056. [bug] dig: ixfr= was not being treated case insensitively
-- at all times. [RT #15955]
--
--2055. [bug] Missing goto after dropping multicast query.
-- [RT #15944]
--
--2054. [port] freebsd: do not explicitly link against -lpthread.
-- [RT #16170]
--
--2053. [port] netbsd:libbind: silence compiler warnings. [RT #16220]
--
--2052. [bug] 'rndc' improve connect failed message to report
-- the failing address. [RT #15978]
--
--2051. [port] More strtol() fixes. [RT #16249]
--
--2050. [bug] Parsing of NSAP records was not case insensitive.
-- [RT #16287]
--
--2049. [bug] Restore SOA before AXFR when falling back from
-- a attempted IXFR when transferring in a zone.
-- Allow a initial SOA query before attempting
-- a AXFR to be requested. [RT #16156]
--
--2048. [bug] It was possible to loop forever when using
-- avoid-v4-udp-ports / avoid-v6-udp-ports when
-- the OS always returned the same local port.
-- [RT #16182]
--
--2047. [bug] Failed to initialize the interface flags to zero.
-- [RT #16245]
--
--2046. [bug] rbtdb.c:rdataset_setadditional() could cause duplicate
-- cleanup [RT #16247].
--
--2045. [func] Use lock buckets for acache entries to limit memory
-- consumption. [RT #16183]
--
--2044. [port] Add support for atomic operations for Itanium.
-- [RT #16179]
--
--2043. [port] nsupdate/nslookup: Force the flushing of the prompt
-- for interactive sessions. [RT#16148]
--
--2042. [bug] named-checkconf was incorrectly rejecting the
-- logging category "config". [RT #16117]
--
--2041. [bug] "configure --with-dlz-bdb=yes" produced a bad
-- set of libraries to be linked. [RT #16129]
--
--2040. [bug] rbtdb no_references() could trigger an INSIST
-- failure with --enable-atomic. [RT #16022]
--
--2039. [func] Check that all buffers passed to the socket code
-- have been retrieved when the socket event is freed.
-- [RT #16122]
--
--2038. [bug] dig/nslookup/host was unlinking from wrong list
-- when handling errors. [RT #16122]
--
--2037. [func] When unlinking the first or last element in a list
-- check that the list head points to the element to
-- be unlinked. [RT #15959]
--
--2036. [bug] 'rndc recursing' could cause trigger a REQUIRE.
-- [RT #16075]
--
--2035. [func] Make falling back to TCP on UDP refresh failure
-- optional. Default "try-tcp-refresh yes;" for BIND 8
-- compatibility. [RT #16123]
--
--2034. [bug] gcc: set -fno-strict-aliasing. [RT #16124]
--
--2033. [bug] We weren't creating multiple client memory contexts
-- on demand as expected. [RT #16095]
--
--2032. [bug] Remove a INSIST in query_addadditional2(). [RT #16074]
--
--2031. [bug] Emit a error message when "rndc refresh" is called on
-- a non slave/stub zone. [RT # 16073]
--
--2030. [bug] We were being overly conservative when disabling
-- openssl engine support. [RT #16030]
--
--2029. [bug] host printed out the server multiple times when
-- specified on the command line. [RT #15992]
--
--2028. [port] linux: socket.c compatibility for old systems.
-- [RT #16015]
--
--2027. [port] libbind: Solaris x86 support. [RT #16020]
--
--2026. [bug] Rate limit the two recursive client exceeded messages.
-- [RT #16044]
--
--2025. [func] Update "zone serial unchanged" message. [RT #16026]
--
--2024. [bug] named emitted spurious "zone serial unchanged"
-- messages on reload. [RT #16027]
--
--2023. [bug] "make install" should create ${localstatedir}/run and
-- ${sysconfdir} if they do not exist. [RT #16033]
--
--2022. [bug] If dnssec validation is disabled only assert CD if
-- CD was requested. [RT #16037]
--
--2021. [bug] dnssec-enable no; triggered a REQUIRE. [RT #16037]
--
--2020. [bug] rdataset_setadditional() could leak memory. [RT #16034]
--
--2019. [tuning] Reduce the amount of work performed per quantum
-- when cleaning the cache. [RT #15986]
--
--2018. [bug] Checking if the HMAC MD5 private file was broken.
-- [RT #15960]
--
--2017. [bug] allow-query default was not correct. [RT #15946]
--
--2016. [bug] Return a partial answer if recursion is not
-- allowed but requested and we had the answer
-- to the original qname. [RT #15945]
--
--2015. [cleanup] use-additional-cache is now acache-enable for
-- consistency. Default acache-enable off in BIND 9.4
-- as it requires memory usage to be configured.
-- It may be enabled by default in BIND 9.5 once we
-- have more experience with it.
--
--2014. [func] Statistics about acache now recorded and sent
-- to log. [RT #15976]
--
--2013. [bug] Handle unexpected TSIGs on unsigned AXFR/IXFR
-- responses more gracefully. [RT #15941]
--
--2012. [func] Don't insert new acache entries if acache is full.
-- [RT #15970]
--
--2011. [func] dnssec-signzone can now update the SOA record of
-- the signed zone, either as an increment or as the
-- system time(). [RT #15633]
--
--2010. [placeholder] rt15958
--
--2009. [bug] libbind: Coverity fixes. [RT #15808]
--
--2008. [func] It is now possible to enable/disable DNSSEC
-- validation from rndc. This is useful for the
-- mobile hosts where the current connection point
-- breaks DNSSEC (firewall/proxy). [RT #15592]
--
-- rndc validation newstate [view]
--
--2007. [func] It is now possible to explicitly enable DNSSEC
-- validation. default dnssec-validation no; to
-- be changed to yes in 9.5.0. [RT #15674]
--
--2006. [security] Allow-query-cache and allow-recursion now default
-- to the built in acls "localnets" and "localhost".
--
-- This is being done to make caching servers less
-- attractive as reflective amplifying targets for
-- spoofed traffic. This still leave authoritative
-- servers exposed.
--
-- The best fix is for full BCP 38 deployment to
-- remove spoofed traffic.
--
--2005. [bug] libbind: Retransmission timeouts should be
-- based on which attempt it is to the nameserver
-- and not the nameserver itself. [RT #13548]
--
--2004. [bug] dns_tsig_sign() could pass a NULL pointer to
-- dst_context_destroy() when cleaning up after a
-- error. [RT #15835]
--
--2003. [bug] libbind: The DNS name/address lookup functions could
-- occasionally follow a random pointer due to
-- structures not being completely zeroed. [RT #15806]
--
--2002. [bug] libbind: tighten the constraints on when
-- struct addrinfo._ai_pad exists. [RT #15783]
--
--2001. [func] Check the KSK flag when updating a secure dynamic zone.
-- New zone option "update-check-ksk yes;". [RT #15817]
--
--2000. [bug] memmove()/strtol() fix was incomplete. [RT #15812]
--
--1999. [func] Implement "rrset-order fixed". [RT #13662]
--
--1998. [bug] Restrict handling of fifos as sockets to just SunOS.
-- This allows named to connect to entropy gathering
-- daemons that use fifos instead of sockets. [RT #15840]
--
--1997. [bug] Named was failing to replace negative cache entries
-- when a positive one for the type was learnt.
-- [RT #15818]
--
--1996. [bug] nsupdate: if a zone has been specified it should
-- appear in the output of 'show'. [RT #15797]
--
--1995. [bug] 'host' was reporting multiple "is an alias" messages.
-- [RT #15702]
--
--1994. [port] OpenSSL 0.9.8 support. [RT #15694]
--
--1993. [bug] Log messages, via syslog, were missing the space
-- after the timestamp if "print-time yes" was specified.
-- [RT #15844]
--
--1992. [bug] Not all incoming zone transfer messages included the
-- view. [RT #15825]
--
--1991. [cleanup] The configuration data, once read, should be treated
-- as read only. Expand the use of const to enforce this
-- at compile time. [RT #15813]
--
--1990. [bug] libbind: isc's override of broken gettimeofday()
-- implementations was not always effective.
-- [RT #15709]
--
--1989. [bug] win32: don't check the service password when
-- re-installing. [RT #15882]
--
--1988. [bug] Remove a bus error from the SHA256/SHA512 support.
-- [RT #15878]
--
--1987. [func] DS/DLV SHA256 digest algorithm support. [RT #15608]
--
--1986. [func] Report when a zone is removed. [RT #15849]
--
--1985. [protocol] DLV has now been assigned a official type code of
-- 32769. [RT #15807]
--
-- Note: care should be taken to ensure you upgrade
-- both named and dnssec-signzone at the same time for
-- zones with DLV records where named is the master
-- server for the zone. Also any zones that contain
-- DLV records should be removed when upgrading a slave
-- zone. You do not however have to upgrade all
-- servers for a zone with DLV records simultaneously.
--
--1984. [func] dig, nslookup and host now advertise a 4096 byte
-- EDNS UDP buffer size by default. [RT #15855]
--
--1983. [func] Two new update policies. "selfsub" and "selfwild".
-- [RT #12895]
--
--1982. [bug] DNSKEY was being accepted on the parent side of
-- a delegation. KEY is still accepted there for
-- RFC 3007 validated updates. [RT #15620]
--
--1981. [bug] win32: condition.c:wait() could fail to reattain
-- the mutex lock.
--
--1980. [func] dnssec-signzone: output the SOA record as the
-- first record in the signed zone. [RT #15758]
--
--1979. [port] linux: allow named to drop core after changing
-- user ids. [RT #15753]
--
--1978. [port] Handle systems which have a broken recvmsg().
-- [RT #15742]
--
--1977. [bug] Silence noisy log message. [RT #15704]
--
--1976. [bug] Handle systems with no IPv4 addresses. [RT #15695]
--
--1975. [bug] libbind: isc_gethexstring() could misparse multi-line
-- hex strings with comments. [RT #15814]
--
--1974. [doc] List each of the zone types and associated zone
-- options separately in the ARM.
--
--1973. [func] TSIG HMACSHA1, HMACSHA224, HMACSHA256, HMACSHA384 and
-- HMACSHA512 support. [RT #13606]
--
--1972. [contrib] DBUS dynamic forwarders integration from
-- Jason Vas Dias <jvdias@redhat.com>.
--
--1971. [port] linux: make detection of missing IF_NAMESIZE more
-- robust. [RT #15443]
--
--1970. [bug] nsupdate: adjust UDP timeout when falling back to
-- unsigned SOA query. [RT #15775]
--
--1969. [bug] win32: the socket code was freeing the socket
-- structure too early. [RT #15776]
--
--1968. [bug] Missing lock in resolver.c:validated(). [RT #15739]
--
--1967. [func] dig/nslookup/host: warn about missing "QR". [RT #15779]
--
--1966. [bug] Don't set CD when we have fallen back to plain DNS.
-- [RT #15727]
--
--1965. [func] Suppress spurious "recursion requested but not
-- available" warning with 'dig +qr'. [RT #15780].
--
--1964. [func] Separate out MX and SRV to CNAME checks. [RT #15723]
--
--1963. [port] Tru64 4.0E doesn't support send() and recv().
-- [RT #15586]
--
--1962. [bug] Named failed to clear old update-policy when it
-- was removed. [RT #15491]
--
--1961. [bug] Check the port and address of responses forwarded
-- to dispatch. [RT #15474]
--
--1960. [bug] Update code should set NSEC ttls from SOA MINIMUM.
-- [RT #15465]
--
--1959. [func] Control the zeroing of the negative response TTL to
-- a soa query. Defaults "zero-no-soa-ttl yes;" and
-- "zero-no-soa-ttl-cache no;". [RT #15460]
--
--1958. [bug] Named failed to update the zone's secure state
-- until the zone was reloaded. [RT #15412]
--
--1957. [bug] Dig mishandled responses to class ANY queries.
-- [RT #15402]
--
--1956. [bug] Improve cross compile support, 'gen' is now built
-- by native compiler. See README for additional
-- cross compile support information. [RT #15148]
--
--1955. [bug] Pre-allocate the cache cleaning iterator. [RT #14998]
--
--1954. [func] Named now falls back to advertising EDNS with a
-- 512 byte receive buffer if the initial EDNS queries
-- fail. [RT #14852]
--
--1953. [func] The maximum EDNS UDP response named will send can
-- now be set in named.conf (max-udp-size). This is
-- independent of the advertised receive buffer
-- (edns-udp-size). [RT #14852]
--
--1952. [port] hpux: tell the linker to build a runtime link
-- path "-Wl,+b:". [RT #14816].
--
--1951. [security] Drop queries from particular well known ports.
-- Don't return FORMERR to queries from particular
-- well known ports. [RT #15636]
--
--1950. [port] Solaris 2.5.1 and earlier cannot bind() then connect()
-- a TCP socket. This prevents the source address being
-- set for TCP connections. [RT #15628]
--
--1949. [func] Addition memory leakage checks. [RT #15544]
--
--1948. [bug] If was possible to trigger a REQUIRE failure in
-- xfrin.c:maybe_free() if named ran out of memory.
-- [RT #15568]
--
--1947. [func] It is now possible to configure named to accept
-- expired RRSIGs. Default "dnssec-accept-expired no;".
-- Setting "dnssec-accept-expired yes;" leaves named
-- vulnerable to replay attacks. [RT #14685]
--
--1946. [bug] resume_dslookup() could trigger a REQUIRE failure
-- when using forwarders. [RT #15549]
--
--1945. [cleanup] dnssec-keygen: RSA (RSAMD5) is no longer recommended.
-- To generate a RSAMD5 key you must explicitly request
-- RSAMD5. [RT #13780]
--
--1944. [cleanup] isc_hash_create() does not need a read/write lock.
-- [RT #15522]
--
--1943. [bug] Set the loadtime after rolling forward the journal.
-- [RT #15647]
--
--1942. [bug] If the name of a DNSKEY match that of one in
-- trusted-keys do not attempt to validate the DNSKEY
-- using the parents DS RRset. [RT #15649]
--
--1941. [bug] ncache_adderesult() should set eresult even if no
-- rdataset is passed to it. [RT #15642]
--
--1940. [bug] Fixed a number of error conditions reported by
-- Coverity.
--
--1939. [bug] The resolver could dereference a null pointer after
-- validation if all the queries have timed out.
-- [RT #15528]
--
--1938. [bug] The validator was not correctly handling unsecure
-- negative responses at or below a SEP. [RT #15528]
--
--1937. [bug] sdlz doesn't handle RRSIG records. [RT #15564]
--
--1936. [bug] The validator could leak memory. [RT #15544]
--
--1935. [bug] 'acache' was DO sensitive. [RT #15430]
--
--1934. [func] Validate pending NS RRsets, in the authority section,
-- prior to returning them if it can be done without
-- requiring DNSKEYs to be fetched. [RT #15430]
--
--1933. [bug] dump_rdataset_raw() had a incorrect INSIST. [RT #15534]
--
--1932. [bug] hpux: LDFLAGS was getting corrupted. [RT #15530]
--
--1931. [bug] Per-client mctx could require a huge amount of memory,
-- particularly for a busy caching server. [RT #15519]
--
--1930. [port] HPUX: ia64 support. [RT #15473]
--
--1929. [port] FreeBSD: extend use of PTHREAD_SCOPE_SYSTEM.
--
--1928. [bug] Race in rbtdb.c:currentversion(). [RT #15517]
--
--1927. [bug] Access to soanode or nsnode in rbtdb violated the
-- lock order rule and could cause a dead lock.
-- [RT# 15518]
--
--1926. [bug] The Windows installer did not check for empty
-- passwords. BINDinstall was being installed in
-- the wrong place. [RT #15483]
--
--1925. [port] All outer level AC_TRY_RUNs need cross compiling
-- defaults. [RT #15469]
--
--1924. [port] libbind: hpux ia64 support. [RT #15473]
--
--1923. [bug] ns_client_detach() called too early. [RT #15499]
--
--1922. [bug] check-tool.c:setup_logging() missing call to
-- dns_log_setcontext().
--
--1921. [bug] Client memory contexts were not using internal
-- malloc. [RT# 15434]
--
--1920. [bug] The cache rbtdb lock array was too small to
-- have the desired performance characteristics.
-- [RT #15454]
--
--1919. [contrib] queryperf: a set of new features: collecting/printing
-- response delays, printing intermediate results, and
-- adjusting query rate for the "target" qps.
--
--1918. [bug] Memory leak when checking acls. [RT #15391]
--
--1917. [doc] funcsynopsisinfo wasn't being treated as verbatim
-- when generating man pages. [RT #15385]
--
--1916. [func] Integrate contributed IDN code from JPNIC. [RT #15383]
--
--1915. [bug] dig +ndots was broken. [RT #15215]
--
--1914. [protocol] DS is required to accept mnemonic algorithms
-- (RFC 4034). Still emit numeric algorithms for
-- compatibility with RFC 3658. [RT #15354]
--
--1913. [func] Integrate contributed DLZ code into named. [RT #11382]
--
--1912. [port] aix: atomic locking for powerpc. [RT #15020]
--
--1911. [bug] Update windows socket code. [RT #14965]
--
--1910. [bug] dig's +sigchase code overhauled. [RT #14933]
--
--1909. [bug] The DLV code has been re-worked to make no longer
-- query order sensitive. [RT #14933]
--
--1908. [func] dig now warns if 'RA' is not set in the answer when
-- 'RD' was set in the query. host/nslookup skip servers
-- that fail to set 'RA' when 'RD' is set unless a server
-- is explicitly set. [RT #15005]
--
--1907. [func] host/nslookup now continue (default)/fail on SERVFAIL.
-- [RT #15006]
--
--1906. [func] dig now has a '-q queryname' and '+showsearch' options.
-- [RT #15034]
--
--1905. [bug] Strings returned from cfg_obj_asstring() should be
-- treated as read-only. The prototype for
-- cfg_obj_asstring() has been updated to reflect this.
-- [RT #15256]
--
--1904. [func] Automatic empty zone creation for D.F.IP6.ARPA and
-- friends. Note: RFC 1918 zones are not yet covered by
-- this but are likely to be in a future release.
--
-- New options: empty-server, empty-contact,
-- empty-zones-enable and disable-empty-zone.
--
--1903. [func] ISC string copy API.
--
--1902. [func] Attempt to make the amount of work performed in a
-- iteration self tuning. The covers nodes clean from
-- the cache per iteration, nodes written to disk when
-- rewriting a master file and nodes destroyed per
-- iteration when destroying a zone or a cache.
-- [RT #14996]
--
--1901. [cleanup] Don't add DNSKEY records to the additional section.
--
--1900. [bug] ixfr-from-differences failed to ensure that the
-- serial number increased. [RT #15036]
--
--1899. [func] named-checkconf now validates update-policy entries.
-- [RT #14963]
--
--1898. [bug] Extend ISC_SOCKADDR_FORMATSIZE and
-- ISC_NETADDR_FORMATSIZE to allow for scope details.
--
--1897. [func] x86 and x86_64 now have separate atomic locking
-- implementations.
--
--1896. [bug] Recursive clients soft quota support wasn't working
-- as expected. [RT #15103]
--
--1895. [bug] A escaped character is, potentially, converted to
-- the output character set too early. [RT #14666]
--
--1894. [doc] Review ARM for BIND 9.4.
--
--1893. [port] Use uintptr_t if available. [RT #14606]
--
--1892. [func] Support for SPF rdata type. [RT #15033]
--
--1891. [port] freebsd: pthread_mutex_init can fail if it runs out
-- of memory. [RT #14995]
--
--1890. [func] Raise the UDP receive buffer size to 32k if it is
-- less than 32k. [RT #14953]
--
--1889. [port] sunos: non blocking i/o support. [RT #14951]
--
--1888. [func] Support for IPSECKEY rdata type. [RT #14967]
--
--1887. [bug] The cache could delete expired records too fast for
-- clients with a virtual time in the past. [RT #14991]
--
--1886. [bug] fctx_create() could return success even though it
-- failed. [RT #14993]
--
--1885. [func] dig: report the number of extra bytes still left in
-- the packet after processing all the records.
--
--1884. [cleanup] dighost.c: move external declarations into <dig/dig.h>.
--
--1883. [bug] dnssec-signzone, dnssec-keygen: handle negative debug
-- levels. [RT #14962]
--
--1882. [func] Limit the number of recursive clients that can be
-- waiting for a single query (<qname,qtype,qclass>) to
-- resolve. New options clients-per-query and
-- max-clients-per-query.
--
--1881. [func] Add a system test for named-checkconf. [RT #14931]
--
--1880. [func] The lame cache is now done on a <qname,qclass,qtype>
-- basis as some servers only appear to be lame for
-- certain query types. [RT #14916]
--
--1879. [func] "USE INTERNAL MALLOC" is now runtime selectable.
-- [RT #14892]
--
--1878. [func] Detect duplicates of UDP queries we are recursing on
-- and drop them. New stats category "duplicate".
-- [RT #2471]
--
--1877. [bug] Fix unreasonably low quantum on call to
-- dns_rbt_destroy2(). Remove unnecessary unhash_node()
-- call. [RT #14919]
--
--1876. [func] Additional memory debugging support to track size
-- and mctx arguments. [RT #14814]
--
--1875. [bug] process_dhtkey() was using the wrong memory context
-- to free some memory. [RT #14890]
--
--1874. [port] sunos: portability fixes. [RT #14814]
--
--1873. [port] win32: isc__errno2result() now reports its caller.
-- [RT #13753]
--
--1872. [port] win32: Handle ERROR_NETNAME_DELETED. [RT #13753]
--
--1871. [placeholder]
--
--1870. [func] Added framework for handling multiple EDNS versions.
-- [RT #14873]
--
--1869. [func] dig can now specify the EDNS version when making
-- a query. [RT #14873]
--
--1868. [func] edns-udp-size can now be overridden on a per
-- server basis. [RT #14851]
--
--1867. [bug] It was possible to trigger a INSIST in
-- dlv_validatezonekey(). [RT #14846]
--
--1866. [bug] resolv.conf parse errors were being ignored by
-- dig/host/nslookup. [RT #14841]
--
--1865. [bug] Silently ignore nameservers in /etc/resolv.conf with
-- bad addresses. [RT #14841]
--
--1864. [bug] Don't try the alternative transfer source if you
-- got a answer / transfer with the main source
-- address. [RT #14802]
--
--1863. [bug] rrset-order "fixed" error messages not complete.
--
--1862. [func] Add additional zone data constancy checks.
-- named-checkzone has extended checking of NS, MX and
-- SRV record and the hosts they reference.
-- named has extended post zone load checks.
-- New zone options: check-mx and integrity-check.
-- [RT #4940]
--
--1861. [bug] dig could trigger a INSIST on certain malformed
-- responses. [RT #14801]
--
--1860. [port] solaris 2.8: hack_shutup_pthreadmutexinit was
-- incorrectly set. [RT #14775]
--
--1859. [func] Add support for CH A record. [RT #14695]
--
--1858. [bug] The flush-zones-on-shutdown option wasn't being
-- parsed. [RT #14686]
--
--1857. [bug] named could trigger a INSIST() if reconfigured /
-- reloaded too fast. [RT #14673]
--
--1856. [doc] Switch Docbook toolchain from DSSSL to XSL.
-- [RT #11398]
--
--1855. [bug] ixfr-from-differences was failing to detect changes
-- of ttl due to dns_diff_subtract() was ignoring the ttl
-- of records. [RT #14616]
--
--1854. [bug] lwres also needs to know the print format for
-- (long long). [RT #13754]
--
--1853. [bug] Rework how DLV interacts with proveunsecure().
-- [RT #13605]
--
--1852. [cleanup] Remove last vestiges of dnssec-signkey and
-- dnssec-makekeyset (removed from Makefile years ago).
--
--1851. [doc] Doxygen comment markup. [RT #11398]
--
--1850. [bug] Memory leak in lwres_getipnodebyaddr(). [RT #14591]
--
--1849. [doc] All forms of the man pages (docbook, man, html) should
-- have consistent copyright dates.
--
--1848. [bug] Improve SMF integration. [RT #13238]
--
--1847. [bug] isc_ondestroy_init() is called too late in
-- dns_rbtdb_create()/dns_rbtdb64_create().
-- [RT #13661]
--
--1846. [contrib] query-loc-0.3.0 from Stephane Bortzmeyer
-- <bortzmeyer@nic.fr>.
--
--1845. [bug] Improve error reporting to distinguish between
-- accept()/fcntl() and socket()/fcntl() errors.
-- [RT #13745]
--
--1844. [bug] inet_pton() accepted more that 4 hexadecimal digits
-- for each 16 bit piece of the IPv6 address. The text
-- representation of a IPv6 address has been tightened
-- to disallow this (draft-ietf-ipv6-addr-arch-v4-02.txt).
-- [RT #5662]
--
--1843. [cleanup] CINCLUDES takes precedence over CFLAGS. This helps
-- when CFLAGS contains "-I /usr/local/include"
-- resulting in old header files being used.
--
--1842. [port] cmsg_len() could produce incorrect results on
-- some platform. [RT #13744]
--
--1841. [bug] "dig +nssearch" now makes a recursive query to
-- find the list of nameservers to query. [RT #13694]
--
--1840. [func] dnssec-signzone can now randomize signature end times
-- (dnssec-signzone -j jitter). [RT #13609]
--
--1839. [bug] <isc/hash.h> was not being installed.
--
--1838. [cleanup] Don't allow Linux capabilities to be inherited.
-- [RT #13707]
--
--1837. [bug] Compile time option ISC_FACILITY was not effective
-- for 'named -u <user>'. [RT #13714]
--
--1836. [cleanup] Silence compiler warnings in hash_test.c.
--
--1835. [bug] Update dnssec-signzone's usage message. [RT #13657]
--
--1834. [bug] Bad memset in rdata_test.c. [RT #13658]
--
--1833. [bug] Race condition in isc_mutex_lock_profile(). [RT #13660]
--
--1832. [bug] named fails to return BADKEY on unknown TSIG algorithm.
-- [RT #13620]
--
--1831. [doc] Update named-checkzone documentation. [RT#13604]
--
--1830. [bug] adb lame cache has sence of test reversed. [RT #13600]
--
--1829. [bug] win32: "pid-file none;" broken. [RT #13563]
--
--1828. [bug] isc_rwlock_init() failed to properly cleanup if it
-- encountered a error. [RT #13549]
--
--1827. [bug] host: update usage message for '-a'. [RT #37116]
--
--1826. [bug] Missing DESTROYLOCK() in isc_mem_createx() on out
-- of memory error. [RT #13537]
--
--1825. [bug] Missing UNLOCK() on out of memory error from in
-- rbtdb.c:subtractrdataset(). [RT #13519]
--
--1824. [bug] Memory leak on dns_zone_setdbtype() failure.
-- [RT #13510]
--
--1823. [bug] Wrong macro used to check for point to point interface.
-- [RT#13418]
--
--1822. [bug] check-names test for RT was reversed. [RT #13382]
--
--1821. [placeholder]
--
--1820. [bug] Gracefully handle acl loops. [RT #13659]
--
--1819. [bug] The validator needed to check both the algorithm and
-- digest types of the DS to determine if it could be
-- used to introduce a secure zone. [RT #13593]
--
--1818. [bug] 'named-checkconf -z' triggered an INSIST. [RT #13599]
--
--1817. [func] Add support for additional zone file formats for
-- improving loading performance. The masterfile-format
-- option in named.conf can be used to specify a
-- non-default format. A separate command
-- named-compilezone was provided to generate zone files
-- in the new format. Additionally, the -I and -O options
-- for dnssec-signzone specify the input and output
-- formats.
--
--1816. [port] UnixWare: failed to compile lib/isc/unix/net.c.
-- [RT #13597]
--
--1815. [bug] nsupdate triggered a REQUIRE if the server was set
-- without also setting the zone and it encountered
-- a CNAME and was using TSIG. [RT #13086]
--
--1814. [func] UNIX domain controls are now supported.
--
--1813. [func] Restructured the data locking framework using
-- architecture dependent atomic operations (when
-- available), improving response performance on
-- multi-processor machines significantly.
-- x86, x86_64, alpha, powerpc, and mips are currently
-- supported.
--
--1812. [port] win32: IN6_IS_ADDR_UNSPECIFIED macro is incorrect.
-- [RT #13453]
--
--1811. [func] Preserve the case of domain names in rdata during
-- zone transfers. [RT #13547]
--
--1810. [bug] configure, lib/bind/configure make different default
-- decisions about whether to do a threaded build.
-- [RT #13212]
--
--1809. [bug] "make distclean" failed for libbind if the platform
-- is not supported.
--
--1808. [bug] zone.c:notify_zone() contained a race condition,
-- zone->db could change underneath it. [RT #13511]
--
--1807. [bug] When forwarding (forward only) set the active domain
-- from the forward zone name. [RT #13526]
--
--1806. [bug] The resolver returned the wrong result when a CNAME /
-- DNAME was encountered when fetching glue from a
-- secure namespace. [RT #13501]
--
--1805. [bug] Pending status was not being cleared when DLV was
-- active. [RT #13501]
--
--1804. [bug] Ensure that if we are queried for glue that it fits
-- in the additional section or TC is set to tell the
-- client to retry using TCP. [RT #10114]
--
--1803. [bug] dnssec-signzone sometimes failed to remove old
-- RRSIGs. [RT #13483]
--
--1802. [bug] Handle connection resets better. [RT #11280]
--
--1801. [func] Report differences between hints and real NS rrset
-- and associated address records.
--
--1800. [bug] Changes #1719 allowed a INSIST to be triggered.
-- [RT #13428]
--
--1799. [bug] 'rndc flushname' failed to flush negative cache
-- entries. [RT #13438]
--
--1798. [func] The server syntax has been extended to support a
-- range of servers. [RT #11132]
--
--1797. [func] named-checkconf now check acls to verify that they
-- only refer to existing acls. [RT #13101]
--
--1796. [func] "rndc freeze/thaw" now freezes/thaws all zones.
--
--1795. [bug] "rndc dumpdb" was not fully documented. Minor
-- formating issues with "rndc dumpdb -all". [RT #13396]
--
--1794. [func] Named and named-checkzone can now both check for
-- non-terminal wildcard records.
--
--1793. [func] Extend adjusting TTL warning messages. [RT #13378]
--
--1792. [func] New zone option "notify-delay". Specify a minimum
-- delay between sets of NOTIFY messages.
--
--1791. [bug] 'host -t a' still printed out AAAA and MX records.
-- [RT #13230]
--
--1790. [cleanup] Move lib/dns/sec/dst up into lib/dns. This should
-- allow parallel make to succeed.
--
--1789. [bug] Prerequisite test for tkey and dnssec could fail
-- with "configure --with-libtool".
--
--1788. [bug] libbind9.la/libbind9.so needs to link against
-- libisccfg.la/libisccfg.so.
--
--1787. [port] HPUX: both "cc" and "gcc" need -Wl,+vnocompatwarnings.
--
--1786. [port] AIX: libt_api needs to be taught to look for
-- T_testlist in the main executable (--with-libtool).
-- [RT #13239]
--
--1785. [bug] libbind9.la/libbind9.so needs to link against
-- libisc.la/libisc.so.
--
--1784. [cleanup] "libtool -allow-undefined" is the default.
-- Leave hooks in configure to allow it to be set
-- if needed in the future.
--
--1783. [cleanup] We only need one copy of libtool.m4, ltmain.sh in the
-- source tree.
--
--1782. [port] OSX: --with-libtool + --enable-libbind broke on
-- __evOptMonoTime. [RT #13219]
--
--1781. [port] FreeBSD 5.3: set PTHREAD_SCOPE_SYSTEM. [RT #12810]
--
--1780. [bug] Update libtool to 1.5.10.
--
--1779. [port] OSF 5.1: libtool didn't handle -pthread correctly.
--
--1778. [port] HUX 11.11: fix broken IN6ADDR_ANY_INIT and
-- IN6ADDR_LOOPBACK_INIT macros.
--
--1777. [port] OSF 5.1: fix broken IN6ADDR_ANY_INIT and
-- IN6ADDR_LOOPBACK_INIT macros.
--
--1776. [port] Solaris 2.9: fix broken IN6ADDR_ANY_INIT and
-- IN6ADDR_LOOPBACK_INIT macros.
--
--1775. [bug] Only compile getnetent_r.c when threaded. [RT #13205]
--
--1774. [port] Aix: Silence compiler warnings / build failures.
-- [RT #13154]
--
--1773. [bug] Fast retry on host / net unreachable. [RT #13153]
--
--1772. [placeholder]
--
--1771. [placeholder]
--
--1770. [bug] named-checkconf failed to report missing a missing
-- file clause for rbt{64} master/hint zones. [RT#13009]
--
--1769. [port] win32: change compiler flags /MTd ==> /MDd,
-- /MT ==> /MD.
--
--1768. [bug] nsecnoexistnodata() could be called with a non-NSEC
-- rdataset. [RT #12907]
--
--1767. [port] Builds on IPv6 platforms without IPv6 Advanced API
-- support for (struct in6_pktinfo) failed. [RT #13077]
--
--1766. [bug] Update the master file timestamp on successful refresh
-- as well as the journal's timestamp. [RT# 13062]
--
--1765. [bug] configure --with-openssl=auto failed. [RT #12937]
--
--1764. [bug] dns_zone_replacedb failed to emit a error message
-- if there was no SOA record in the replacement db.
-- [RT #13016]
--
--1763. [func] Perform sanity checks on NS records which refer to
-- 'in zone' names. [RT #13002]
--
--1762. [bug] isc_interfaceiter_create() could return ISC_R_SUCCESS
-- even when it failed. [RT #12995]
--
--1761. [bug] 'rndc dumpdb' didn't report unassociated entries.
-- [RT #12971]
--
--1760. [bug] Host / net unreachable was not penalising rtt
-- estimates. [RT #12970]
--
--1759. [bug] Named failed to startup if the OS supported IPv6
-- but had no IPv6 interfaces configured. [RT #12942]
--
--1758. [func] Don't send notify messages to self. [RT #12933]
--
--1757. [func] host now can turn on memory debugging flags with '-m'.
--
--1756. [func] named-checkconf now checks the logging configuration.
-- [RT #12352]
--
--1755. [func] allow-update is now settable at the options / view
-- level. [RT #6636]
--
--1754. [bug] We weren't always attempting to query the parent
-- server for the DS records at the zone cut.
-- [RT #12774]
--
--1753. [bug] Don't serve a slave zone which has no NS records.
-- [RT #12894]
--
--1752. [port] Move isc_app_start() to after ns_os_daemonise()
-- as some fork() implementations unblock the signals
-- that are blocked by isc_app_start(). [RT #12810]
--
--1751. [bug] --enable-getifaddrs failed under linux. [RT #12867]
--
--1750. [port] lib/bind/make/rules.in:subdirs was not bash friendly.
-- [RT #12864]
--
--1749. [bug] 'check-names response ignore;' failed to ignore.
-- [RT #12866]
--
--1748. [func] dig now returns the byte count for axfr/ixfr.
--
--1747. [bug] BIND 8 compatibility: named/named-checkconf failed
-- to parse "host-statistics-max" in named.conf.
--
--1746. [func] Make public the function to read a key file,
-- dst_key_read_public(). [RT #12450]
--
--1745. [bug] Dig/host/nslookup accept replies from link locals
-- regardless of scope if no scope was specified when
-- query was sent. [RT #12745]
--
--1744. [bug] If tuple2msgname() failed to convert a tuple to
-- a name a REQUIRE could be triggered. [RT #12796]
--
--1743. [bug] If isc_taskmgr_create() was not able to create the
-- requested number of worker threads then destruction
-- of the manager would trigger an INSIST() failure.
-- [RT #12790]
--
--1742. [bug] Deleting all records at a node then adding a
-- previously existing record, in a single UPDATE
-- transaction, failed to leave / regenerate the
-- associated RRSIG records. [RT #12788]
--
--1741. [bug] Deleting all records at a node in a secure zone
-- using a update-policy grant failed. [RT #12787]
--
--1740. [bug] Replace rbt's hash algorithm as it performed badly
-- with certain zones. [RT #12729]
--
-- NOTE: a hash context now needs to be established
-- via isc_hash_create() if the application was not
-- already doing this.
--
--1739. [bug] dns_rbt_deletetree() could incorrectly return
-- ISC_R_QUOTA. [RT #12695]
--
--1738. [bug] Enable overrun checking by default. [RT #12695]
--
--1737. [bug] named failed if more than 16 masters were specified.
-- [RT #12627]
--
--1736. [bug] dst_key_fromnamedfile() could fail to read a
-- public key. [RT #12687]
--
--1735. [bug] 'dig +sigtrace' could die with a REQUIRE failure.
-- [RE #12688]
--
--1734. [cleanup] 'rndc-confgen -a -t' remove extra '/' in path.
-- [RT #12588]
--
--1733. [bug] Return non-zero exit status on initial load failure.
-- [RT #12658]
--
--1732. [bug] 'rrset-order name "*"' wasn't being applied to ".".
-- [RT #12467]
--
--1731. [port] darwin: relax version test in ifconfig.sh.
-- [RT #12581]
--
--1730. [port] Determine the length type used by the socket API.
-- [RT #12581]
--
--1729. [func] Improve check-names error messages.
--
--1728. [doc] Update check-names documentation.
--
--1727. [bug] named-checkzone: check-names support didn't match
-- documentation.
--
--1726. [port] aix5: add support for aix5.
--
--1725. [port] linux: update error message on interaction of threads,
-- capabilities and setuid support (named -u). [RT #12541]
--
--1724. [bug] Look for DNSKEY records with "dig +sigtrace".
-- [RT #12557]
--
--1723. [cleanup] Silence compiler warnings from t_tasks.c. [RT #12493]
--
--1722. [bug] Don't commit the journal on malformed ixfr streams.
-- [RT #12519]
--
--1721. [bug] Error message from the journal processing were not
-- always identifying the relevant journal. [RT #12519]
--
--1720. [bug] 'dig +chase' did not terminate on a RFC 2308 Type 1
-- negative response. [RT #12506]
--
--1719. [bug] named was not correctly caching a RFC 2308 Type 1
-- negative response. [RT #12506]
--
--1718. [bug] nsupdate was not handling RFC 2308 Type 3 negative
-- responses when looking for the zone / master server.
-- [RT #12506]
--
--1717. [port] solaris: ifconfig.sh did not support Solaris 10.
-- "ifconfig.sh down" didn't work for Solaris 9.
--
--1716. [doc] named.conf(5) was being installed in the wrong
-- location. [RT# 12441]
--
--1715. [func] 'dig +trace' now randomly selects the next servers
-- to try. Report if there is a bad delegation.
--
--1714. [bug] dig/host/nslookup were only trying the first
-- address when a nameserver was specified by name.
-- [RT #12286]
--
--1713. [port] linux: extend capset failure message to say:
-- please ensure that the capset kernel module is
-- loaded. see insmod(8)
--
--1712. [bug] Missing FULLCHECK for "trusted-key" in dig.
--
--1711. [func] 'rndc unfreeze' has been deprecated by 'rndc thaw'.
--
--1710. [func] 'rndc notify zone [class [view]]' resend the NOTIFY
-- messages for the specified zone. [RT #9479]
--
--1709. [port] solaris: add SMF support from Sun.
--
--1708. [cleanup] Replaced dns_fullname_hash() with dns_name_fullhash()
-- for conformance to the name space convention. Binary
-- backward compatibility to the old function name is
-- provided. [RT #12376]
--
--1707. [contrib] sdb/ldap updated to version 1.0-beta.
--
--1706. [bug] 'rndc stop' failed to cause zones to be flushed
-- sometimes. [RT #12328]
--
--1705. [func] Allow the journal's name to be changed via named.conf.
--
--1704. [port] lwres needed a snprintf() implementation for
-- platforms without snprintf(). Add missing
-- "#include <isc/print.h>". [RT #12321]
--
--1703. [bug] named would loop sending NOTIFY messages when it
-- failed to receive a response. [RT #12322]
--
--1702. [bug] also-notify should not be applied to built in zones.
-- [RT #12323]
--
--1701. [doc] A minimal named.conf man page.
--
--1700. [func] nslookup is no longer to be treated as deprecated.
-- Remove "deprecated" warning message. Add man page.
--
--1699. [bug] dnssec-signzone can generate "not exact" errors
-- when resigning. [RT #12281]
--
--1698. [doc] Use reserved IPv6 documentation prefix.
--
--1697. [bug] xxx-source{,-v6} was not effective when it
-- specified one of listening addresses and a
-- different port than the listening port. [RT #12257]
--
--1696. [bug] dnssec-signzone failed to clean out nodes that
-- consisted of only NSEC and RRSIG records.
-- [RT #12154]
--
--1695. [bug] DS records when forwarding require special handling.
-- [RT #12133]
--
--1694. [bug] Report if the builtin views of "_default" / "_bind"
-- are defined in named.conf. [RT #12023]
--
--1693. [bug] max-journal-size was not effective for master zones
-- with ixfr-from-differences set. [RT# 12024]
--
--1692. [bug] Don't set -I, -L and -R flags when libcrypto is in
-- /usr/lib. [RT #11971]
--
--1691. [bug] sdb's attachversion was not complete. [RT #11990]
--
--1690. [bug] Delay detaching view from the client until UPDATE
-- processing completes when shutting down. [RT #11714]
--
--1689. [bug] DNS_NAME_TOREGION() and DNS_NAME_SPLIT() macros
-- contained gratuitous semicolons. [RT #11707]
--
--1688. [bug] LDFLAGS was not supported.
--
--1687. [bug] Race condition in dispatch. [RT #10272]
--
--1686. [bug] Named sent a extraneous NOTIFY when it received a
-- redundant UPDATE request. [RT #11943]
--
--1685. [bug] Change #1679 loop tests weren't quite right.
--
--1684. [func] ixfr-from-differences now takes master and slave in
-- addition to yes and no at the options and view levels.
--
--1683. [bug] dig +sigchase could leak memory. [RT #11445]
--
--1682. [port] Update configure test for (long long) printf format.
-- [RT #5066]
--
--1681. [bug] Only set SO_REUSEADDR when a port is specified in
-- isc_socket_bind(). [RT #11742]
--
--1680. [func] rndc: the source address can now be specified.
--
--1679. [bug] When there was a single nameserver with multiple
-- addresses for a zone not all addresses were tried.
-- [RT #11706]
--
--1678. [bug] RRSIG should use TYPEXXXXX for unknown types.
--
--1677. [bug] dig: +aaonly didn't work, +aaflag undocumented.
--
--1676. [func] New option "allow-query-cache". This lets
-- allow-query be used to specify the default zone
-- access level rather than having to have every
-- zone override the global value. allow-query-cache
-- can be set at both the options and view levels.
-- If allow-query-cache is not set allow-query applies.
--
--1675. [bug] named would sometimes add extra NSEC records to
-- the authority section.
--
--1674. [port] linux: increase buffer size used to scan
-- /proc/net/if_inet6.
--
--1673. [port] linux: issue a error messages if IPv6 interface
-- scans fails.
--
--1672. [cleanup] Tests which only function in a threaded build
-- now return R:THREADONLY (rather than R:UNTESTED)
-- in a non-threaded build.
--
--1671. [contrib] queryperf: add NAPTR to the list of known types.
--
--1670. [func] Log UPDATE requests to slave zones without an acl as
-- "disabled" at debug level 3. [RT# 11657]
--
--1669. [placeholder]
--
--1668. [bug] DIG_SIGCHASE was making bin/dig/host dump core.
--
--1667. [port] linux: not all versions have IF_NAMESIZE.
--
--1666. [bug] The optional port on hostnames in dual-stack-servers
-- was being ignored.
--
--1665. [func] rndc now allows addresses to be set in the
-- server clauses.
--
--1664. [bug] nsupdate needed KEY for SIG(0), not DNSKEY.
--
--1663. [func] Look for OpenSSL by default.
--
--1662. [bug] Change #1658 failed to change one use of 'type'
-- to 'keytype'.
--
--1661. [bug] Restore dns_name_concatenate() call in
-- adb.c:set_target(). [RT #11582]
--
--1660. [bug] win32: connection_reset_fix() was being called
-- unconditionally. [RT #11595]
--
--1659. [cleanup] Cleanup some messages that were referring to KEY vs
-- DNSKEY, NXT vs NSEC and SIG vs RRSIG.
--
--1658. [func] Update dnssec-keygen to default to KEY for HMAC-MD5
-- and DH. Tighten which options apply to KEY and
-- DNSKEY records.
--
--1657. [doc] ARM: document query log output.
--
--1656. [doc] Update DNSSEC description in ARM to cover DS, NSEC
-- DNSKEY and RRSIG. [RT #11542]
--
--1655. [bug] Logging multiple versions w/o a size was broken.
-- [RT #11446]
--
--1654. [bug] isc_result_totext() contained array bounds read
-- error.
--
--1653. [func] Add key type checking to dst_key_fromfilename(),
-- DST_TYPE_KEY should be used to read TSIG, TKEY and
-- SIG(0) keys.
--
--1652. [bug] TKEY still uses KEY.
--
--1651. [bug] dig: process multiple dash options.
--
--1650. [bug] dig, nslookup: flush standard out after each command.
--
--1649. [bug] Silence "unexpected non-minimal diff" message.
-- [RT #11206]
--
--1648. [func] Update dnssec-lookaside named.conf syntax to support
-- multiple dnssec-lookaside namespaces (not yet
-- implemented).
--
--1647. [bug] It was possible trigger a INSIST when chasing a DS
-- record that required walking back over a empty node.
-- [RT #11445]
--
--1646. [bug] win32: logging file versions didn't work with
-- non-UNC filenames. [RT#11486]
--
--1645. [bug] named could trigger a REQUIRE failure if multiple
-- masters with keys are specified.
--
--1644. [bug] Update the journal modification time after a
-- successful refresh query. [RT #11436]
--
--1643. [bug] dns_db_closeversion() could leak memory / node
-- references. [RT #11163]
--
--1642. [port] Support OpenSSL implementations which don't have
-- DSA support. [RT #11360]
--
--1641. [bug] Update the check-names description in ARM. [RT #11389]
--
--1640. [bug] win32: isc_socket_cancel(ISC_SOCKCANCEL_ACCEPT) was
-- incorrectly closing the socket. [RT #11291]
--
--1639. [func] Initial dlv system test.
--
--1638. [bug] "ixfr-from-differences" could generate a REQUIRE
-- failure if the journal open failed. [RT #11347]
--
--1637. [bug] Node reference leak on error in addnoqname().
--
--1636. [bug] The dump done callback could get ISC_R_SUCCESS even if
-- a error had occurred. The database version no longer
-- matched the version of the database that was dumped.
--
--1635. [bug] Memory leak on error in query_addds().
--
--1634. [bug] named didn't supply a useful error message when it
-- detected duplicate views. [RT #11208]
--
--1633. [bug] named should return NOTIMP to update requests to a
-- slaves without a allow-update-forwarding acl specified.
-- [RT #11331]
--
--1632. [bug] nsupdate failed to send prerequisite only UPDATE
-- messages. [RT #11288]
--
--1631. [bug] dns_journal_compact() could sometimes corrupt the
-- journal. [RT #11124]
--
--1630. [contrib] queryperf: add support for IPv6 transport.
--
--1629. [func] dig now supports IPv6 scoped addresses with the
-- extended format in the local-server part. [RT #8753]
--
--1628. [bug] Typo in Compaq Trucluster support. [RT# 11264]
--
--1627. [bug] win32: sockets were not being closed when the
-- last external reference was removed. [RT# 11179]
--
--1626. [bug] --enable-getifaddrs was broken. [RT#11259]
--
--1625. [bug] named failed to load/transfer RFC2535 signed zones
-- which contained CNAMES. [RT# 11237]
--
--1624. [bug] zonemgr_putio() call should be locked. [RT# 11163]
--
--1623. [bug] A serial number of zero was being displayed in the
-- "sending notifies" log message when also-notify was
-- used. [RT #11177]
--
--1622. [func] probe the system to see if IPV6_(RECV)PKTINFO is
-- available, and suppress wildcard binding if not.
--
--1621. [bug] match-destinations did not work for IPv6 TCP queries.
-- [RT# 11156]
--
--1620. [func] When loading a zone report if it is signed. [RT #11149]
--
--1619. [bug] Missing ISC_LIST_UNLINK in end_reserved_dispatches().
-- [RT# 11118]
--
--1618. [bug] Fencepost errors in dns_name_ishostname() and
-- dns_name_ismailbox() could trigger a INSIST().
--
--1617. [port] win32: VC++ 6.0 support.
--
--1616. [compat] Ensure that named's version is visible in the core
-- dump. [RT #11127]
--
--1615. [port] Define ISC_SOCKADDR_LEN_T based on _BSD_SOCKLEN_T_ if
-- it is defined.
--
--1614. [port] win32: silence resource limit messages. [RT# 11101]
--
--1613. [bug] Builds would fail on machines w/o a if_nametoindex().
-- Missing #ifdef ISC_PLATFORM_HAVEIFNAMETOINDEX/#endif.
-- [RT #11119]
--
--1612. [bug] check-names at the option/view level could trigger
-- an INSIST. [RT# 11116]
--
--1611. [bug] solaris: IPv6 interface scanning failed to cope with
-- no active IPv6 interfaces.
--
--1610. [bug] On dual stack machines "dig -b" failed to set the
-- address type to be looked up with "@server".
-- [RT #11069]
--
--1609. [func] dig now has support to chase DNSSEC signature chains.
-- Requires -DDIG_SIGCHASE=1 to be set in STD_CDEFINES.
--
-- DNSSEC validation code in dig coded by Olivier Courtay
-- (olivier.courtay@irisa.fr) for the IDsA project
-- (http://idsa.irisa.fr).
--
--1608. [func] dig and host now accept -4/-6 to select IP transport
-- to use when making queries.
--
--1607. [bug] dig, host and nslookup were still using random()
-- to generate query ids. [RT# 11013]
--
--1606. [bug] DLV insecurity proof was failing.
--
--1605. [func] New dns_db_find() option DNS_DBFIND_COVERINGNSEC.
--
--1604. [bug] A xfrout_ctx_create() failure would result in
-- xfrout_ctx_destroy() being called with a
-- partially initialized structure.
--
--1603. [bug] nsupdate: set interactive based on isatty().
-- [RT# 10929]
--
--1602. [bug] Logging to a file failed unless a size was specified.
-- [RT# 10925]
--
--1601. [bug] Silence spurious warning 'both "recursion no;" and
-- "allow-recursion" active' warning from view "_bind".
-- [RT# 10920]
--
--1600. [bug] Duplicate zone pre-load checks were not case
-- insensitive.
--
--1599. [bug] Fix memory leak on error path when checking named.conf.
--
--1598. [func] Specify that certain parts of the namespace must
-- be secure (dnssec-must-be-secure).
--
--1597. [func] Allow notify-source and query-source to be specified
-- on a per server basis similar to transfer-source.
-- [RT #6496]
--
--1596. [func] Accept 'notify-source' style syntax for query-source.
--
--1595. [func] New notify type 'master-only'. Enable notify for
-- master zones only.
--
--1594. [bug] 'rndc dumpdb' could prevent named from answering
-- queries while the dump was in progress. [RT #10565]
--
--1593. [bug] rndc should return "unknown command" to unknown
-- commands. [RT# 10642]
--
--1592. [bug] configure_view() could leak a dispatch. [RT# 10675]
--
--1591. [bug] libbind: updated to BIND 8.4.5.
--
--1590. [port] netbsd: update thread support.
--
--1589. [func] DNSSEC lookaside validation.
--
--1588. [bug] win32: TCP sockets could become blocked. [RT #10115]
--
--1587. [bug] dns_message_settsigkey() failed to clear existing key.
-- [RT #10590]
--
--1586. [func] "check-names" is now implemented.
--
--1585. [placeholder]
--
--1584. [bug] "make test" failed with a read only source tree.
-- [RT #10461]
--
--1583. [bug] Records add via UPDATE failed to get the correct trust
-- level. [RT #10452]
--
--1582. [bug] rrset-order failed to work on RRsets with more
-- than 32 elements. [RT #10381]
--
--1581. [func] Disable DNSSEC support by default. To enable
-- DNSSEC specify "dnssec-enable yes;" in named.conf.
--
--1580. [bug] Zone destruction on final detach takes a long time.
-- [RT #3746]
--
--1579. [bug] Multiple task managers could not be created.
--
--1578. [bug] Don't use CLASS E IPv4 addresses when resolving.
-- [RT #10346]
--
--1577. [bug] Use isc_uint32_t in ultrasparc optimizer bug
-- workaround code. [RT #10331]
--
--1576. [bug] Race condition in dns_dispatch_addresponse().
-- [RT# 10272]
--
--1575. [func] Log TSIG name on TSIG verify failure. [RT #4404]
--
--1574. [bug] Don't attempt to open the controls socket(s) when
-- running tests. [RT #9091]
--
--1573. [port] linux: update to libtool 1.5.2 so that
-- "make install DESTDIR=/xx" works with
-- "configure --with-libtool". [RT #9941]
--
--1572. [bug] nsupdate: sign the soa query to find the enclosing
-- zone if the server is specified. [RT #10148]
--
--1571. [bug] rbt:hash_node() could fail leaving the hash table
-- in an inconsistent state. [RT #10208]
--
--1570. [bug] nsupdate failed to handle classes other than IN.
-- New keyword 'class' which sets the default class.
-- [RT #10202]
--
--1569. [func] nsupdate new command 'answer' which displays the
-- complete answer message to the last update.
--
--1568. [bug] nsupdate now reports that the update failed in
-- interactive mode. [RT# 10236]
--
--1567. [maint] B.ROOT-SERVERS.NET is now 192.228.79.201.
--
--1566. [port] Support for the cmsg framework on Solaris and HP/UX.
-- This also solved the problem that match-destinations
-- for IPv6 addresses did not work on these systems.
-- [RT #10221]
--
--1565. [bug] CD flag should be copied to outgoing queries unless
-- the query is under a secure entry point in which case
-- CD should be set.
--
--1564. [func] Attempt to provide a fallback entropy source to be
-- used if named is running chrooted and named is unable
-- to open entropy source within the chroot area.
-- [RT #10133]
--
--1563. [bug] Gracefully fail when unable to obtain neither an IPv4
-- nor an IPv6 dispatch. [RT #10230]
--
--1562. [bug] isc_socket_create() and isc_socket_accept() could
-- leak memory under error conditions. [RT #10230]
--
--1561. [bug] It was possible to release the same name twice if
-- named ran out of memory. [RT #10197]
--
--1560. [port] FreeBSD: work around FreeBSD 5.2 mapping EAI_NODATA
-- and EAI_NONAME to the same value.
--
--1559. [port] named should ignore SIGFSZ.
--
--1558. [func] New DNSSEC 'disable-algorithms'. Support entry into
-- child zones for which we don't have a supported
-- algorithm. Such child zones are treated as unsigned.
--
--1557. [func] Implement missing DNSSEC tests for
-- * NOQNAME proof with wildcard answers.
-- * NOWILDARD proof with NXDOMAIN.
-- Cache and return NOQNAME with wildcard answers.
--
--1556. [bug] nsupdate now treats all names as fully qualified.
-- [RT #6427]
--
--1555. [func] 'rrset-order cyclic' no longer has a random starting
-- point per query. [RT #7572]
--
--1554. [bug] dig, host, nslookup failed when no nameservers
-- were specified in /etc/resolv.conf. [RT #8232]
--
--1553. [bug] The windows socket code could stop accepting
-- connections. [RT#10115]
--
--1552. [bug] Accept NOTIFY requests from mapped masters if
-- matched-mapped is set. [RT #10049]
--
--1551. [port] Open "/dev/null" before calling chroot().
--
--1550. [port] Call tzset(), if available, before calling chroot().
--
--1549. [func] named-checkzone can now write out the zone contents
-- in a easily parsable format (-D and -o).
--
--1548. [bug] When parsing APL records it was possible to silently
-- accept out of range ADDRESSFAMILY values. [RT# 9979]
--
--1547. [bug] Named wasted memory recording duplicate lame zone
-- entries. [RT #9341]
--
--1546. [bug] We were rejecting valid secure CNAME to negative
-- answers.
--
--1545. [bug] It was possible to leak memory if named was unable to
-- bind to the specified transfer source and TSIG was
-- being used. [RT #10120]
--
--1544. [bug] Named would logged a single entry to a file despite it
-- being over the specified size limit.
--
--1543. [bug] Logging using "versions unlimited" did not work.
--
--1542. [placeholder]
--
--1541. [func] NSEC now uses new bitmap format.
--
--1540. [bug] "rndc reload <dynamiczone>" was silently accepted.
-- [RT #8934]
--
--1539. [bug] Open UDP sockets for notify-source and transfer-source
-- that use reserved ports at startup. [RT #9475]
--
--1538. [placeholder] rt9997
--
--1537. [func] New option "querylog". If set specify whether query
-- logging is to be enabled or disabled at startup.
--
--1536. [bug] Windows socket code failed to log a error description
-- when returning ISC_R_UNEXPECTED. [RT #9998]
--
--1535. [placeholder]
--
--1534. [bug] Race condition when priming cache. [RT# 9940]
--
--1533. [func] Warn if both "recursion no;" and "allow-recursion"
-- are active. [RT# 4389]
--
--1532. [port] netbsd: the configure test for <sys/sysctl.h>
-- requires <sys/param.h>.
--
--1531. [port] AIX more libtool fixes.
--
--1530. [bug] It was possible to trigger a INSIST() failure if a
-- slave master file was removed at just the correct
-- moment. [RT #9462]
--
--1529. [bug] "notify explicit;" failed to log that NOTIFY messages
-- were being sent for the zone. [RT# 9442]
--
--1528. [cleanup] Simplify some dns_name_ functions based on the
-- deprecation of bitstring labels.
--
--1527. [cleanup] Reduce the number of gettimeofday() calls without
-- losing necessary timer granularity.
--
--1526. [func] Implemented "additional section caching (or acache)",
-- an internal cache framework for additional section
-- content to improve response performance. Several
-- configuration options were provided to control the
-- behavior.
--
--1525. [bug] dns_cache_create() could trigger a REQUIRE
-- failure in isc_mem_put() during error cleanup.
-- [RT# 9360]
--
--1524. [port] AIX needs to be able to resolve all symbols when
-- creating shared libraries (--with-libtool).
--
--1523. [bug] Fix race condition in rbtdb. [RT# 9189]
--
--1522. [bug] dns_db_findnode() relax the requirements on 'name'.
-- [RT# 9286]
--
--1521. [bug] dns_view_createresolver() failed to check the
-- result from isc_mem_create(). [RT# 9294]
--
--1520. [protocol] Add SSHFP (SSH Finger Print) type.
--
--1519. [bug] dnssec-signzone:nsec_setbit() computed the wrong
-- length of the new bitmap.
--
--1518. [bug] dns_nsec_buildrdata(), and hence dns_nsec_build(),
-- contained a off-by-one error when working out the
-- number of octets in the bitmap.
--
--1517. [port] Support for IPv6 interface scanning on HP/UX and
-- TrueUNIX 5.1.
--
--1516. [func] Roll the DNSSEC types to RRSIG, NSEC and DNSKEY.
--
--1515. [func] Allow transfer source to be set in a server statement.
-- [RT #6496]
--
--1514. [bug] named: isc_hash_destroy() was being called too early.
-- [RT #9160]
--
--1513. [doc] Add "US" to root-delegation-only exclude list.
--
--1512. [bug] Extend the delegation-only logging to return query
-- type, class and responding nameserver.
--
--1511. [bug] delegation-only was generating false positives
-- on negative answers from sub-zones.
--
--1510. [func] New view option "root-delegation-only". Apply
-- delegation-only check to all TLDs and root.
-- Note there are some TLDs that are NOT delegation
-- only (e.g. DE, LV, US and MUSEUM) these can be excluded
-- from the checks by using exclude.
--
-- root-delegation-only exclude {
-- "DE"; "LV"; "US"; "MUSEUM";
-- };
--
--1509. [bug] Hint zones should accept delegation-only. Forward
-- zone should not accept delegation-only.
--
--1508. [bug] Don't apply delegation-only checks to answers from
-- forwarders.
--
--1507. [bug] Handle BIND 8 style returns to NS queries to parents
-- when making delegation-only checks.
--
--1506. [bug] Wrong return type for dns_view_isdelegationonly().
--
--1505. [bug] Uninitialized rdataset in sdb. [RT #8750]
--
--1504. [func] New zone type "delegation-only".
--
--1503. [port] win32: install libeay32.dll outside of system32.
--
--1502. [bug] nsupdate: adjust timeouts for UPDATE requests over TCP.
--
--1501. [func] Allow TCP queue length to be specified via
-- named.conf, tcp-listen-queue.
--
--1500. [bug] host failed to lookup MX records. Also look up
-- AAAA records.
--
--1499. [bug] isc_random need to be seeded better if arc4random()
-- is not used.
--
--1498. [port] bsdos: 5.x support.
--
--1497. [placeholder]
--
--1496. [port] test for pthread_attr_setstacksize().
--
--1495. [cleanup] Replace hash functions with universal hash.
--
--1494. [security] Turn on RSA BLINDING as a precaution.
--
--1493. [placeholder]
--
--1492. [cleanup] Preserve rwlock quota context when upgrading /
-- downgrading. [RT #5599]
--
--1491. [bug] dns_master_dump*() would produce extraneous $ORIGIN
-- lines. [RT #6206]
--
--1490. [bug] Accept reading state as well as working state in
-- ns_client_next(). [RT #6813]
--
--1489. [compat] Treat 'allow-update' on slave zones as a warning.
-- [RT #3469]
--
--1488. [bug] Don't override trust levels for glue addresses.
-- [RT #5764]
--
--1487. [bug] A REQUIRE() failure could be triggered if a zone was
-- queued for transfer and the zone was then removed.
-- [RT #6189]
--
--1486. [bug] isc_print_snprintf() '%%' consumed one too many format
-- characters. [RT# 8230]
--
--1485. [bug] gen failed to handle high type values. [RT #6225]
--
--1484. [bug] The number of records reported after a AXFR was wrong.
-- [RT #6229]
--
--1483. [bug] dig axfr failed if the message id in the answer failed
-- to match that in the request. Only the id in the first
-- message is required to match. [RT #8138]
--
--1482. [bug] named could fail to start if the kernel supports
-- IPv6 but no interfaces are configured. Similarly
-- for IPv4. [RT #6229]
--
--1481. [bug] Refresh and stub queries failed to use masters keys
-- if specified. [RT #7391]
--
--1480. [bug] Provide replay protection for rndc commands. Full
-- replay protection requires both rndc and named to
-- be updated. Partial replay protection (limited
-- exposure after restart) is provided if just named
-- is updated.
--
--1479. [bug] cfg_create_tuple() failed to handle out of
-- memory cleanup. parse_list() would leak memory
-- on syntax errors.
--
--1478. [port] ifconfig.sh didn't account for other virtual
-- interfaces. It now takes a optional argument
-- to specify the first interface number. [RT #3907]
--
--1477. [bug] memory leak using stub zones and TSIG.
--
--1476. [placeholder]
--
--1475. [port] Probe for old sprintf().
--
--1474. [port] Provide strtoul() and memmove() for platforms
-- without them.
--
--1473. [bug] create_map() and create_string() failed to handle out
-- of memory cleanup. [RT #6813]
--
--1472. [contrib] idnkit-1.0 from JPNIC, replaces mdnkit.
--
--1471. [bug] libbind: updated to BIND 8.4.0.
--
--1470. [bug] Incorrect length passed to snprintf. [RT #5966]
--
--1469. [func] Log end of outgoing zone transfer at same level
-- as the start of transfer is logged. [RT #4441]
--
--1468. [func] Internal zones are no longer counted for
-- 'rndc status'. [RT #4706]
--
--1467. [func] $GENERATES now supports optional class and ttl.
--
--1466. [bug] lwresd configuration errors resulted in memory
-- and lock leaks. [RT #5228]
--
--1465. [bug] isc_base64_decodestring() and isc_base64_tobuffer()
-- failed to check that trailing bits were zero allowing
-- some invalid base64 strings to be accepted. [RT #5397]
--
--1464. [bug] Preserve "out of zone" data for outgoing zone
-- transfers. [RT #5192]
--
--1463. [bug] dns_rdata_from{wire,struct}() failed to catch bad
-- NXT bit maps. [RT #5577]
--
--1462. [bug] parse_sizeval() failed to check the token type.
-- [RT #5586]
--
--1461. [bug] Remove deadlock from rbtdb code. [RT #5599]
--
--1460. [bug] inet_pton() failed to reject certain malformed
-- IPv6 literals.
--
--1459. [placeholder]
--
--1458. [cleanup] sprintf() -> snprintf().
--
--1457. [port] Provide strlcat() and strlcpy() for platforms without
-- them.
--
--1456. [contrib] gen-data-queryperf.py from Stephane Bortzmeyer.
--
--1455. [bug] <netaddr> missing from server grammar in
-- doc/misc/options. [RT #5616]
--
--1454. [port] Use getifaddrs() if available for interface scanning.
-- --disable-getifaddrs to override. Glibc currently
-- has a getifaddrs() that does not support IPv6.
-- Use --enable-getifaddrs=glibc to force the use of
-- this version under linux machines.
--
--1453. [doc] ARM: $GENERATE example wasn't accurate. [RT #5298]
--
--1452. [placeholder]
--
--1451. [bug] rndc-confgen didn't exit with a error code for all
-- failures. [RT #5209]
--
--1450. [bug] Fetching expired glue failed under certain
-- circumstances. [RT #5124]
--
--1449. [bug] query_addbestns() didn't handle running out of memory
-- gracefully.
--
--1448. [bug] Handle empty wildcards labels.
--
--1447. [bug] We were casting (unsigned int) to and from (void *).
-- rdataset->private4 is now rdataset->privateuint4
-- to reflect a type change.
--
--1446. [func] Implemented undocumented alternate transfer sources
-- from BIND 8. See use-alt-transfer-source,
-- alt-transfer-source and alt-transfer-source-v6.
--
-- SECURITY: use-alt-transfer-source is ENABLED unless
-- you are using views. This may cause a security risk
-- resulting in accidental disclosure of wrong zone
-- content if the master supplying different source
-- content based on IP address. If you are not certain
-- ISC recommends setting use-alt-transfer-source no;
--
--1445. [bug] DNS_ADBFIND_STARTATROOT broke stub zones. This has
-- been replaced with DNS_ADBFIND_STARTATZONE which
-- causes the search to start using the closest zone.
--
--1444. [func] dns_view_findzonecut2() allows you to specify if the
-- cache should be searched for zone cuts.
--
--1443. [func] Masters lists can now be specified and referenced
-- in zone masters clauses and other masters lists.
--
--1442. [func] New functions for manipulating port lists:
-- dns_portlist_create(), dns_portlist_add(),
-- dns_portlist_remove(), dns_portlist_match(),
-- dns_portlist_attach() and dns_portlist_detach().
--
--1441. [func] It is now possible to tell dig to bind to a specific
-- source port.
--
--1440. [func] It is now possible to tell named to avoid using
-- certain source ports (avoid-v4-udp-ports,
-- avoid-v6-udp-ports).
--
--1439. [bug] Named could return NOERROR with certain NOTIFY
-- failures. Return NOTAUTH if the NOTIFY zone is
-- not being served.
--
--1438. [func] Log TSIG (if any) when logging NOTIFY requests.
--
--1437. [bug] Leave space for stdio to work in. [RT #5033]
--
--1436. [func] dns_zonemgr_resumexfrs() can be used to restart
-- stalled transfers.
--
--1435. [bug] zmgr_resume_xfrs() was being called read locked
-- rather than write locked. zmgr_resume_xfrs()
-- was not being called if the zone was being
-- shutdown.
--
--1434. [bug] "rndc reconfig" failed to initiate the initial
-- zone transfer of new slave zones.
--
--1433. [bug] named could trigger a REQUIRE failure if it could
-- not get a file descriptor when attempting to write
-- a master file. [RT #4347]
--
--1432. [func] The advertised EDNS UDP buffer size can now be set
-- via named.conf (edns-udp-size).
--
--1431. [bug] isc_print_snprintf() "%s" with precision could walk off
-- end of argument. [RT #5191]
--
--1430. [port] linux: IPv6 interface scanning support.
--
--1429. [bug] Prevent the cache getting locked to old servers.
--
--1428. [placeholder]
--
--1427. [bug] Race condition in adb with threaded build.
--
--1426. [placeholder]
--
--1425. [port] linux/libbind: define __USE_MISC when testing *_r()
-- function prototypes in netdb.h. [RT #4921]
--
--1424. [bug] EDNS version not being correctly printed.
--
--1423. [contrib] queryperf: added A6 and SRV.
--
--1422. [func] Log name/type/class when denying a query. [RT #4663]
--
--1421. [func] Differentiate updates that don't succeed due to
-- prerequisites (unsuccessful) vs other reasons
-- (failed).
--
--1420. [port] solaris: work around gcc optimizer bug.
--
--1419. [port] openbsd: use /dev/arandom. [RT #4950]
--
--1418. [bug] 'rndc reconfig' did not cause new slaves to load.
--
--1417. [func] ID.SERVER/CHAOS is now a built in zone.
-- See "server-id" for how to configure.
--
--1416. [bug] Empty node should return NOERROR NODATA, not NXDOMAIN.
-- [RT #4715]
--
--1415. [func] DS TTL now derived from NS ttl. NXT TTL now derived
-- from SOA MINIMUM.
--
--1414. [func] Support for KSK flag.
--
--1413. [func] Explicitly request the (re-)generation of DS records
-- from keysets (dnssec-signzone -g).
--
--1412. [func] You can now specify servers to be tried if a nameserver
-- has IPv6 address and you only support IPv4 or the
-- reverse. See dual-stack-servers.
--
--1411. [bug] empty nodes should stop wildcard matches. [RT #4802]
--
--1410. [func] Handle records that live in the parent zone, e.g. DS.
--
--1409. [bug] DS should have attribute DNS_RDATATYPEATTR_DNSSEC.
--
--1408. [bug] "make distclean" was not complete. [RT #4700]
--
--1407. [bug] lfsr incorrectly implements the shift register.
-- [RT #4617]
--
--1406. [bug] dispatch initializes one of the LFSR's with a incorrect
-- polynomial. [RT #4617]
--
--1405. [func] Use arc4random() if available.
--
--1404. [bug] libbind: ns_name_ntol() could overwrite a zero length
-- buffer.
--
--1403. [func] dnssec-signzone, dnssec-keygen, dnssec-makekeyset
-- dnssec-signkey now report their version in the
-- usage message.
--
--1402. [cleanup] A6 has been moved to experimental and is no longer
-- fully supported.
--
--1401. [bug] adb wasn't clearing state when the timer expired.
--
--1400. [bug] Block the addition of wildcard NS records by IXFR
-- or UPDATE. [RT #3502]
--
--1399. [bug] Use serial number arithmetic when testing SIG
-- timestamps. [RT #4268]
--
--1398. [doc] ARM: notify-also should have been also-notify.
-- [RT #4345]
--
--1397. [maint] J.ROOT-SERVERS.NET is now 192.58.128.30.
--
--1396. [func] dnssec-signzone: adjust the default signing time by
-- 1 hour to allow for clock skew.
--
--1395. [port] OpenSSL 0.9.7 defines CRYPTO_LOCK_ENGINE but doesn't
-- have a working implementation. [RT #4079]
--
--1394. [func] It is now possible to check if a particular element is
-- in a acl. Remove duplicate entries from the localnets
-- acl.
--
--1393. [port] Bind to individual IPv6 interfaces if IPV6_IPV6ONLY
-- is not available in the kernel to prevent accidently
-- listening on IPv4 interfaces.
--
--1392. [bug] named-checkzone: update usage.
--
--1391. [func] Add support for IPv6 scoped addresses in named.
--
--1390. [func] host now supports ixfr.
--
--1389. [bug] named could fail to rotate long log files. [RT #3666]
--
--1388. [port] irix: check for sys/sysctl.h and NET_RT_IFLIST before
-- defining HAVE_IFLIST_SYSCTL. [RT #3770]
--
--1387. [bug] named could crash due to an access to invalid memory
-- space (which caused an assertion failure) in
-- incremental cleaning. [RT #3588]
--
--1386. [bug] named-checkzone -z stopped on errors in a zone.
-- [RT #3653]
--
--1385. [bug] Setting serial-query-rate to 10 would trigger a
-- REQUIRE failure.
--
--1384. [bug] host was incompatible with BIND 8 in its exit code and
-- in the output with the -l option. [RT #3536]
--
--1383. [func] Track the serial number in a IXFR response and log if
-- a mismatch occurs. This is a more specific error than
-- "not exact". [RT #3445]
--
--1382. [bug] make install failed with --enable-libbind. [RT #3656]
--
--1381. [bug] named failed to correctly process answers that
-- contained DNAME records where the resulting CNAME
-- resulted in a negative answer.
--
--1380. [func] 'rndc recursing' dump recursing queries to
-- 'recursing-file = "named.recursing";'.
--
--1379. [func] 'rndc status' now reports tcp and recursion quota
-- states.
--
--1378. [func] Improved positive feedback for 'rndc {reload|refresh}.
--
--1377. [func] dns_zone_load{new}() now reports if the zone was
-- loaded, queued for loading to up to date.
--
--1376. [func] New function dns_zone_logc() to log to specified
-- category.
--
--1375. [func] 'rndc dumpdb' now dumps the adb cache along with the
-- data cache.
--
--1374. [func] dns_adb_dump() now logs the lame zones associated
-- with each server.
--
--1373. [bug] Recovery from expired glue failed under certain
-- circumstances.
--
--1372. [bug] named crashes with an assertion failure on exit when
-- sharing the same port for listening and querying, and
-- changing listening addresses several times. [RT# 3509]
--
--1371. [bug] notify-source-v6, transfer-source-v6 and
-- query-source-v6 with explicit addresses and using the
-- same ports as named was listening on could interfere
-- with named's ability to answer queries sent to those
-- addresses.
--
--1370. [bug] dig '+[no]recurse' was incorrectly documented.
--
--1369. [bug] Adding an NS record as the lexicographically last
-- record in a secure zone didn't work.
--
--1368. [func] remove support for bitstring labels.
--
--1367. [func] Use response times to select forwarders.
--
--1366. [contrib] queryperf usage was incomplete. Add '-h' for help.
--
--1365. [func] "localhost" and "localnets" acls now include IPv6
-- addresses / prefixes.
--
--1364. [func] Log file name when unable to open memory statistics
-- and dump database files. [RT# 3437]
--
--1363. [func] Listen-on-v6 now supports specific addresses.
--
--1362. [bug] remove IFF_RUNNING test when scanning interfaces.
--
--1361. [func] log the reason for rejecting a server when resolving
-- queries.
--
--1360. [bug] --enable-libbind would fail when not built in the
-- source tree for certain OS's.
--
--1359. [security] Support patches OpenSSL libraries.
-- http://www.cert.org/advisories/CA-2002-23.html
--
--1358. [bug] It was possible to trigger a INSIST when debugging
-- large dynamic updates. [RT #3390]
--
--1357. [bug] nsupdate was extremely wasteful of memory.
--
--1356. [tuning] Reduce the number of events / quantum for zone tasks.
--
--1355. [bug] Fix DNSSEC wildcard proof for CNAME/DNAME.
--
--1354. [doc] lwres man pages had illegal nroff.
--
--1353. [contrib] sdb/ldap to version 0.9.
--
--1352. [bug] dig, host, nslookup when falling back to TCP use the
-- current search entry (if any). [RT #3374]
--
--1351. [bug] lwres_getipnodebyname() returned the wrong name
-- when given a IPv4 literal, af=AF_INET6 and AI_MAPPED
-- was set.
--
--1350. [bug] dns_name_fromtext() failed to handle too many labels
-- gracefully.
--
--1349. [security] Minimum OpenSSL version now 0.9.6e (was 0.9.5a).
-- http://www.cert.org/advisories/CA-2002-23.html
--
--1348. [port] win32: Rewrote code to use I/O Completion Ports
-- in socket.c and eliminating a host of socket
-- errors. Performance is enhanced.
--
--1347. [placeholder]
--
--1346. [placeholder]
--
--1345. [port] Use a explicit -Wformat with gcc. Not all versions
-- include it in -Wall.
--
--1344. [func] Log if the serial number on the master has gone
-- backwards.
-- If you have multiple machines specified in the masters
-- clause you may want to set 'multi-master yes;' to
-- suppress this warning.
--
--1343. [func] Log successful notifies received (info). Adjust log
-- level for failed notifies to notice.
--
--1342. [func] Log remote address with TCP dispatch failures.
--
--1341. [func] Allow a rate limiter to be stalled.
--
--1340. [bug] Delay and spread out the startup refresh load.
--
--1339. [func] dig, host and nslookup now use IP6.ARPA for nibble
-- lookups. Bit string lookups are no longer attempted.
--
--1338. [placeholder]
--
--1337. [placeholder]
--
--1336. [func] Nibble lookups under IP6.ARPA are now supported by
-- dns_byaddr_create(). dns_byaddr_createptrname() is
-- deprecated, use dns_byaddr_createptrname2() instead.
--
--1335. [bug] When performing a nonexistence proof, the validator
-- should discard parent NXTs from higher in the DNS.
--
--1334. [bug] When signing/verifying rdatasets, duplicate rdatas
-- need to be suppressed.
--
--1333. [contrib] queryperf now reports a summary of returned
-- rcodes (-c), rcodes are printed in mnemonic form (-v).
--
--1332. [func] Report the current serial with periodic commits when
-- rolling forward the journal.
--
--1331. [func] Generate DNSSEC wildcard proofs.
--
--1330. [bug] When processing events (non-threaded) only allow
-- the task one chance to use to use its quantum.
--
--1329. [func] named-checkzone will now check if nameservers that
-- appear to be IP addresses. Available modes "fail",
-- "warn" (default) and "ignore" the results of the
-- check.
--
--1328. [bug] The validator could incorrectly verify an invalid
-- negative proof.
--
--1327. [bug] The validator would incorrectly mark data as insecure
-- when seeing a bogus signature before a correct
-- signature.
--
--1326. [bug] DNAME/CNAME signatures were not being cached when
-- validation was not being performed. [RT #3284]
--
--1325. [bug] If the tcpquota was exhausted it was possible to
-- to trigger a INSIST() failure.
--
--1324. [port] darwin: ifconfig.sh now supports darwin.
--
--1323. [port] linux: Slackware 4.0 needs <asm/unistd.h>. [RT #3205]
--
--1322. [bug] dnssec-signzone usage message was misleading.
--
--1321. [bug] If the last RRset in a zone is glue, dnssec-signzone
-- would incorrectly duplicate its output and sign it.
--
--1320. [doc] query-source-v6 was missing from options section.
-- [RT #3218]
--
--1319. [func] libbind: log attempts to exploit #1318.
--
--1318. [bug] libbind: Remote buffer overrun.
--
--1317. [port] libbind: TrueUNIX 5.1 does not like __align as a
-- element name.
--
--1316. [bug] libbind: gethostans() could get out of sync parsing
-- the response if there was a very long CNAME chain.
--
--1315. [bug] Options should apply to the internal _bind view.
--
--1314. [port] Handle ECONNRESET from sendmsg() [unix].
--
--1313. [func] Query log now says if the query was signed (S) or
-- if EDNS was used (E).
--
--1312. [func] Log TSIG key used w/ outgoing zone transfers.
--
--1311. [bug] lwres_getrrsetbyname leaked memory. [RT #3159]
--
--1310. [bug] 'rndc stop' failed to cause zones to be flushed
-- sometimes. [RT #3157]
--
--1309. [func] Log that a zone transfer was covered by a TSIG.
--
--1308. [func] DS (delegation signer) support.
--
--1307. [bug] nsupdate: allow white space base64 key data.
--
--1306. [bug] Badly encoded LOC record when the size, horizontal
-- precision or vertical precision was 0.1m.
--
--1305. [bug] Document that internal zones are included in the
-- rndc status results.
--
--1304. [func] New function: dns_zone_name().
--
--1303. [func] Option 'flush-zones-on-shutdown <boolean>;'.
--
--1302. [func] Extended rndc dumpdb to support dumping of zones and
-- view selection: 'dumpdb [-all|-zones|-cache] [view]'.
--
--1301. [func] New category 'update-security'.
--
--1300. [port] Compaq Trucluster support.
--
--1299. [bug] Set AI_ADDRCONFIG when looking up addresses
-- via getaddrinfo() (affects dig, host, nslookup, rndc
-- and nsupdate).
--
--1298. [bug] The CINCLUDES macro in lib/dns/sec/dst/Makefile
-- could be left with a trailing "\" after configure
-- has been run.
--
--1297. [port] linux: make handling EINVAL from socket() no longer
-- conditional on #ifdef LINUX.
--
--1296. [bug] isc_log_closefilelogs() needed to lock the log
-- context.
--
--1295. [bug] isc_log_setdebuglevel() needed to lock the log
-- context.
--
--1294. [func] libbind: no longer attempts bit string labels for
-- IPv6 reverse resolution. Try IP6.ARPA then IP6.INT
-- for nibble style resolution.
--
--1293. [func] Entropy can now be retrieved from EGDs. [RT #2438]
--
--1292. [func] Enable IPv6 support when using ioctl style interface
-- scanning and OS supports SIOCGLIFADDR using struct
-- if_laddrreq.
--
--1291. [func] Enable IPv6 support when using sysctl style interface
-- scanning.
--
--1290. [func] "dig axfr" now reports the number of messages
-- as well as the number of records.
--
--1289. [port] See if -ldl is required for OpenSSL? [RT #2672]
--
--1288. [bug] Adjusted REQUIRE's in lib/dns/name.c to better
-- reflect written requirements.
--
--1287. [bug] REQUIRE that DNS_DBADD_MERGE only be set when adding
-- a rdataset to a zone db in the rbtdb implementation of
-- addrdataset.
--
--1286. [bug] dns_name_downcase() enforce requirement that
-- target != NULL or name->buffer != NULL.
--
--1285. [func] lwres: probe the system to see what address families
-- are currently in use.
--
--1284. [bug] The RTT estimate on unused servers was not aged.
-- [RT #2569]
--
--1283. [func] Use "dataready" accept filter if available.
--
--1282. [port] libbind: hpux 11.11 interface scanning.
--
--1281. [func] Log zone when unable to get private keys to update
-- zone. Log zone when NXT records are missing from
-- secure zone.
--
--1280. [bug] libbind: escape '(' and ')' when converting to
-- presentation form.
--
--1279. [port] Darwin uses (unsigned long) for size_t. [RT #2590]
--
--1278. [func] dig: now supports +[no]cl +[no]ttlid.
--
--1277. [func] You can now create your own customized printing
-- styles: dns_master_stylecreate() and
-- dns_master_styledestroy().
--
--1276. [bug] libbind: const pointer conflicts in res_debug.c.
--
--1275. [port] libbind: hpux: treat all hpux systems as BIG_ENDIAN.
--
--1274. [bug] Memory leak in lwres_gnbarequest_parse().
--
--1273. [port] libbind: solaris: 64 bit binary compatibility.
--
--1272. [contrib] Berkeley DB 4.0 sdb implementation from
-- Nuno Miguel Rodrigues <nmr@co.sapo.pt>.
--
--1271. [bug] "recursion available: {denied,approved}" was too
-- confusing.
--
--1270. [bug] Check that system inet_pton() and inet_ntop() support
-- AF_INET6.
--
--1269. [port] Openserver: ifconfig.sh support.
--
--1268. [port] Openserver: the value FD_SETSIZE depends on whether
-- <sys/param.h> is included or not. Be consistent.
--
--1267. [func] isc_file_openunique() now creates file using mode
-- 0666 rather than 0600.
--
--1266. [bug] ISC_LINK_INIT, ISC_LINK_UNLINK, ISC_LIST_DEQUEUE,
-- __ISC_LINK_UNLINKUNSAFE and __ISC_LIST_DEQUEUEUNSAFE
-- are not C++ compatible, use *_TYPE versions instead.
--
--1265. [bug] libbind: LINK_INIT and UNLINK were not compatible with
-- C++, use LINK_INIT_TYPE and UNLINK_TYPE instead.
--
--1264. [placeholder]
--
--1263. [bug] Reference after free error if dns_dispatchmgr_create()
-- failed.
--
--1262. [bug] ns_server_destroy() failed to set *serverp to NULL.
--
--1261. [func] libbind: ns_sign2() and ns_sign_tcp() now provide
-- support for compressed TSIG owner names.
--
--1260. [func] libbind: res_update can now update IPv6 servers,
-- new function res_findzonecut2().
--
--1259. [bug] libbind: get_salen() IPv6 support was broken for OSs
-- w/o sa_len.
--
--1258. [bug] libbind: res_nametotype() and res_nametoclass() were
-- broken.
--
--1257. [bug] Failure to write pid-file should not be fatal on
-- reload. [RT #2861]
--
--1256. [contrib] 'queryperf' now has EDNS (-e) + DNSSEC DO (-D) support.
--
--1255. [bug] When verifying that an NXT proves nonexistence, check
-- the rcode of the message and only do the matching NXT
-- check. That is, for NXDOMAIN responses, check that
-- the name is in the range between the NXT owner and
-- next name, and for NOERROR NODATA responses, check
-- that the type is not present in the NXT bitmap.
--
--1254. [func] preferred-glue option from BIND 8.3.
--
--1253. [bug] The dnssec system test failed to remove the correct
-- files.
--
--1252. [bug] Dig, host and nslookup were not checking the address
-- the answer was coming from against the address it was
-- sent to. [RT# 2692]
--
--1251. [port] win32: a make file contained absolute version specific
-- references.
--
--1250. [func] Nsupdate will report the address the update was
-- sent to.
--
--1249. [bug] Missing masters clause was not handled gracefully.
-- [RT #2703]
--
--1248. [bug] DESTDIR was not being propagated between makes.
--
--1247. [bug] Don't reset the interface index for link/site local
-- addresses. [RT #2576]
--
--1246. [func] New functions isc_sockaddr_issitelocal(),
-- isc_sockaddr_islinklocal(), isc_netaddr_issitelocal()
-- and isc_netaddr_islinklocal().
--
--1245. [bug] Treat ENOBUFS, ENOMEM and ENFILE as soft errors for
-- accept().
--
--1244. [bug] Receiving a TCP message from a blackhole address would
-- prevent further messages being received over that
-- interface.
--
--1243. [bug] It was possible to trigger a REQUIRE() in
-- dns_message_findtype(). [RT #2659]
--
--1242. [bug] named-checkzone failed if a journal existed. [RT #2657]
--
--1241. [bug] Drop received UDP messages with a zero source port
-- as these are invariably forged. [RT #2621]
--
--1240. [bug] It was possible to leak zone references by
-- specifying an incorrect zone to rndc.
--
--1239. [bug] Under certain circumstances named could continue to
-- use a name after it had been freed triggering
-- INSIST() failures. [RT #2614]
--
--1238. [bug] It is possible to lockup the server when shutting down
-- if notifies were being processed. [RT #2591]
--
--1237. [bug] nslookup: "set q=type" failed.
--
--1236. [bug] dns_rdata{class,type}_fromtext() didn't handle non
-- NULL terminated text regions. [RT #2588]
--
--1235. [func] Report 'out of memory' errors from openssl.
--
--1234. [bug] contrib/sdb: 'zonetodb' failed to call
-- dns_result_register(). DNS_R_SEENINCLUDE should not
-- be fatal.
--
--1233. [bug] The flags field of a KEY record can be expressed in
-- hex as well as decimal.
--
--1232. [bug] unix/errno2result() didn't handle EADDRNOTAVAIL.
--
--1231. [port] HPUX 11.11 recvmsg() can return spurious EADDRNOTAVAIL.
--
--1230. [bug] isccc_cc_isreply() and isccc_cc_isack() were broken.
--
--1229. [bug] named would crash if it received a TSIG signed
-- query as part of an AXFR response. [RT #2570]
--
--1228. [bug] 'make install' did not depend on 'make all'. [RT #2559]
--
--1227. [bug] dns_lex_getmastertoken() now returns ISC_R_BADNUMBER
-- if a number was expected and some other token was
-- found. [RT#2532]
--
--1226. [func] Use EDNS for zone refresh queries. [RT #2551]
--
--1225. [func] dns_message_setopt() no longer requires that
-- dns_message_renderbegin() to have been called.
--
--1224. [bug] 'rrset-order' and 'sortlist' should be additive
-- not exclusive.
--
--1223. [func] 'rrset-order' partially works 'cyclic' and 'random'
-- are supported.
--
--1222. [bug] Specifying 'port *' did not always result in a system
-- selected (non-reserved) port being used. [RT #2537]
--
--1221. [bug] Zone types 'master', 'slave' and 'stub' were not being
-- compared case insensitively. [RT #2542]
--
--1220. [func] Support for APL rdata type.
--
--1219. [func] Named now reports the TSIG extended error code when
-- signature verification fails. [RT #1651]
--
--1218. [bug] Named incorrectly returned SERVFAIL rather than
-- NOTAUTH when there was a TSIG BADTIME error. [RT #2519]
--
--1217. [func] Report locations of previous key definition when a
-- duplicate is detected.
--
--1216. [bug] Multiple server clauses for the same server were not
-- reported. [RT #2514]
--
--1215. [port] solaris: add support to ifconfig.sh for x86 2.5.1
--
--1214. [bug] Win32: isc_file_renameunique() could leave zero length
-- files behind.
--
--1213. [func] Report view associated with client if it is not a
-- standard view (_default or _bind).
--
--1212. [port] libbind: 64k answer buffers were causing stack space
-- to be exceeded for certain OS. Use heap space instead.
--
--1211. [bug] dns_name_fromtext() incorrectly handled certain
-- valid octal bitlabels. [RT #2483]
--
--1210. [bug] libbind: getnameinfo() failed to lookup IPv4 mapped /
-- compatible addresses. [RT #2461]
--
--1209. [bug] Dig, host, nslookup were not checking the message ids
-- on the responses. [RT #2454]
--
--1208. [bug] dns_master_load*() failed to log a error message if
-- an error was detected when parsing the ownername of
-- a record. [RT #2448]
--
--1207. [bug] libbind: getaddrinfo() could call freeaddrinfo() with
-- an invalid pointer.
--
--1206. [bug] SERVFAIL and NOTIMP responses to an EDNS query should
-- trigger a non-EDNS retry.
--
--1205. [bug] OPT, TSIG and TKEY cannot be used to set the "class"
-- of the message. [RT #2449]
--
--1204. [bug] libbind: res_nupdate() failed to update the name
-- server addresses before sending the update.
--
--1203. [func] Report locations of previous acl and zone definitions
-- when a duplicate is detected.
--
--1202. [func] New functions: cfg_obj_line() and cfg_obj_file().
--
--1201. [bug] Require that if 'callbacks' is passed to
-- dns_rdata_fromtext(), callbacks->error and
-- callbacks->warn are initialized.
--
--1200. [bug] Log 'errno' that we are unable to convert to
-- isc_result_t. [RT #2404]
--
--1199. [doc] ARM reference to RFC 2157 should have been RFC 1918.
-- [RT #2436]
--
--1198. [bug] OPT printing style was not consistent with the way the
-- header fields are printed. The DO bit was not reported
-- if set. Report if any of the MBZ bits are set.
--
--1197. [bug] Attempts to define the same acl multiple times were not
-- detected.
--
--1196. [contrib] update mdnkit to 2.2.3.
--
--1195. [bug] Attempts to redefine builtin acls should be caught.
-- [RT #2403]
--
--1194. [bug] Not all duplicate zone definitions were being detected
-- at the named.conf checking stage. [RT #2431]
--
--1193. [bug] dig +besteffort parsing didn't handle packet
-- truncation. dns_message_parse() has new flag
-- DNS_MESSAGE_IGNORETRUNCATION.
--
--1192. [bug] The seconds fields in LOC records were restricted
-- to three decimal places. More decimal places should
-- be allowed but warned about.
--
--1191. [bug] A dynamic update removing the last non-apex name in
-- a secure zone would fail. [RT #2399]
--
--1190. [func] Add the "rndc freeze" and "rndc unfreeze" commands.
-- [RT #2394]
--
--1189. [bug] On some systems, malloc(0) returns NULL, which
-- could cause the caller to report an out of memory
-- error. [RT #2398]
--
--1188. [bug] Dynamic updates of a signed zone would fail if
-- some of the zone private keys were unavailable.
--
--1187. [bug] named was incorrectly returning DNSSEC records
-- in negative responses when the DO bit was not set.
--
--1186. [bug] isc_hex_tobuffer(,,length = 0) failed to unget the
-- EOL token when reading to end of line.
--
--1185. [bug] libbind: don't assume statp->_u._ext.ext is valid
-- unless RES_INIT is set when calling res_*init().
--
--1184. [bug] libbind: call res_ndestroy() if RES_INIT is set
-- when res_*init() is called.
--
--1183. [bug] Handle ENOSR error when writing to the internal
-- control pipe. [RT #2395]
--
--1182. [bug] The server could throw an assertion failure when
-- constructing a negative response packet.
--
--1181. [func] Add the "key-directory" configuration statement,
-- which allows the server to look for online signing
-- keys in alternate directories.
--
--1180. [func] dnssec-keygen should always generate keys with
-- protocol 3 (DNSSEC), since it's less confusing
-- that way.
--
--1179. [func] Add SIG(0) support to nsupdate.
--
--1178. [bug] Follow and cache (if appropriate) A6 and other
-- data chains to completion in the additional section.
--
--1177. [func] Report view when loading zones if it is not a
-- standard view (_default or _bind). [RT #2270]
--
--1176. [doc] Document that allow-v6-synthesis is only performed
-- for clients that are supplied recursive service.
-- [RT #2260]
--
--1175. [bug] named-checkzone and named-checkconf failed to call
-- dns_result_register() at startup which could
-- result in runtime exceptions when printing
-- "out of memory" errors. [RT #2335]
--
--1174. [bug] Win32: add WSAECONNRESET to the expected errors
-- from connect(). [RT #2308]
--
--1173. [bug] Potential memory leaks in isc_log_create() and
-- isc_log_settag(). [RT #2336]
--
--1172. [doc] Add CERT, GPOS, KX, NAPTR, NSAP, PX and TXT to
-- table of RR types in ARM.
--
--1171. [func] Added function isc_region_compare(), updated files in
-- lib/dns to use this function instead of local one.
--
--1170. [bug] Don't attempt to print the token when a I/O error
-- occurs when parsing named.conf. [RT #2275]
--
--1169. [func] Identify recursive queries in the query log.
--
--1168. [bug] Empty also-notify clauses were not handled. [RT #2309]
--
--1167. [contrib] nslint-2.1a3 (from author).
--
--1166. [bug] "Not Implemented" should be reported as NOTIMP,
-- not NOTIMPL. [RT #2281]
--
--1165. [bug] We were rejecting notify-source{-v6} in zone clauses.
--
--1164. [bug] Empty masters clauses in slave / stub zones were not
-- handled gracefully. [RT #2262]
--
--1163. [func] isc_time_formattimestamp() now includes the year.
--
--1162. [bug] The allow-notify option was not accepted in slave
-- zone statements.
--
--1161. [bug] named-checkzone looped on unbalanced brackets.
-- [RT #2248]
--
--1160. [bug] Generating Diffie-Hellman keys longer than 1024
-- bits could fail. [RT #2241]
--
--1159. [bug] MD and MF are not permitted to be loaded by RFC1123.
--
--1158. [func] Report the client's address when logging notify
-- messages.
--
--1157. [func] match-clients and match-destinations now accept
-- keys. [RT #2045]
--
--1156. [port] The configure test for strsep() incorrectly
-- succeeded on certain patched versions of
-- AIX 4.3.3. [RT #2190]
--
--1155. [func] Recover from master files being removed from under
-- us.
--
--1154. [bug] Don't attempt to obtain the netmask of a interface
-- if there is no address configured. [RT #2176]
--
--1153. [func] 'rndc {stop|halt} -p' now reports the process id
-- of the instance of named being shutdown.
--
--1152. [bug] libbind: read buffer overflows.
--
--1151. [bug] nslookup failed to check that the arguments to
-- the port, timeout, and retry options were
-- valid integers and in range. [RT #2099]
--
--1150. [bug] named incorrectly accepted TTL values
-- containing plus or minus signs, such as
-- 1d+1h-1s.
--
--1149. [func] New function isc_parse_uint32().
--
--1148. [func] 'rndc-confgen -a' now provides positive feedback.
--
--1147. [func] Set IPV6_V6ONLY on IPv6 sockets if supported by
-- the OS. listen-on-v6 { any; }; should no longer
-- result in IPv4 queries be accepted. Similarly
-- control { inet :: ... }; should no longer result
-- in IPv4 connections being accepted. This can be
-- overridden at compile time by defining
-- ISC_ALLOW_MAPPED=1.
--
--1146. [func] Allow IPV6_IPV6ONLY to be set/cleared on a socket if
-- supported by the OS by a new function
-- isc_socket_ipv6only().
--
--1145. [func] "host" no longer reports a NOERROR/NODATA response
-- by printing nothing. [RT #2065]
--
--1144. [bug] rndc-confgen would crash if both the -a and -t
-- options were specified. [RT #2159]
--
--1143. [bug] When a trusted-keys statement was present and named
-- was built without crypto support, it would leak memory.
--
--1142. [bug] dnssec-signzone would fail to delete temporary files
-- in some failure cases. [RT #2144]
--
--1141. [bug] When named rejected a control message, it would
-- leak a file descriptor and memory. It would also
-- fail to respond, causing rndc to hang.
-- [RT #2139, #2164]
--
--1140. [bug] rndc-confgen did not accept IPv6 addresses as arguments
-- to the -s option. [RT #2138]
--
--1139. [func] It is now possible to flush a given name from the
-- cache(s) via 'rndc flushname name [view]'. [RT #2051]
--
--1138. [func] It is now possible to flush a given name from the
-- cache by calling the new function
-- dns_cache_flushname().
--
--1137. [func] It is now possible to flush a given name from the
-- ADB by calling the new function dns_adb_flushname().
--
--1136. [bug] CNAME records synthesized from DNAMEs did not
-- have a TTL of zero as required by RFC2672.
-- [RT #2129]
--
--1135. [func] You can now override the default syslog() facility for
-- named/lwresd at compile time. [RT #1982]
--
--1134. [bug] Multi-threaded servers could deadlock in ferror()
-- when reloading zone files. [RT #1951, #1998]
--
--1133. [bug] IN6_IS_ADDR_LOOPBACK was not portably defined on
-- platforms without IN6_IS_ADDR_LOOPBACK. [RT #2106]
--
--1132. [func] Improve UPDATE prerequisite failure diagnostic messages.
--
--1131. [bug] The match-destinations view option did not work with
-- IPv6 destinations. [RT #2073, #2074]
--
--1130. [bug] Log messages reporting an out-of-range serial number
-- did not include the out-of-range number but the
-- following token. [RT #2076]
--
--1129. [bug] Multi-threaded servers could crash under heavy
-- resolution load due to a race condition. [RT #2018]
--
--1128. [func] sdb drivers can now provide RR data in either text
-- or wire format, the latter using the new functions
-- dns_sdb_putrdata() and dns_sdb_putnamedrdata().
--
--1127. [func] rndc: If the server to contact has multiple addresses,
-- try all of them.
--
--1126. [bug] The server could access a freed event if shut
-- down while a client start event was pending
-- delivery. [RT #2061]
--
--1125. [bug] rndc: -k option was missing from usage message.
-- [RT #2057]
--
--1124. [doc] dig: +[no]dnssec, +[no]besteffort and +[no]fail
-- are now documented. [RT #2052]
--
--1123. [bug] dig +[no]fail did not match description. [RT #2052]
--
--1122. [tuning] Resolution timeout reduced from 90 to 30 seconds.
-- [RT #2046]
--
--1121. [bug] The server could attempt to access a NULL zone
-- table if shut down while resolving.
-- [RT #1587, #2054]
--
--1120. [bug] Errors in options were not fatal. [RT #2002]
--
--1119. [func] Added support in Win32 for NTFS file/directory ACL's
-- for access control.
--
--1118. [bug] On multi-threaded servers, a race condition
-- could cause an assertion failure in resolver.c
-- during resolver shutdown. [RT #2029]
--
--1117. [port] The configure check for in6addr_loopback incorrectly
-- succeeded on AIX 4.3 when compiling with -O2
-- because the test code was optimized away.
-- [RT #2016]
--
--1116. [bug] Setting transfers in a server clause, transfers-in,
-- or transfers-per-ns to a value greater than
-- 2147483647 disabled transfers. [RT #2002]
--
--1115. [func] Set maximum values for cleaning-interval,
-- heartbeat-interval, interface-interval,
-- max-transfer-idle-in, max-transfer-idle-out,
-- max-transfer-time-in, max-transfer-time-out,
-- statistics-interval of 28 days and
-- sig-validity-interval of 3660 days. [RT #2002]
--
--1114. [port] Ignore more accept() errors. [RT #2021]
--
--1113. [bug] The allow-update-forwarding option was ignored
-- when specified in a view. [RT #2014]
--
--1112. [placeholder]
--
--1111. [bug] Multi-threaded servers could deadlock processing
-- recursive queries due to a locking hierarchy
-- violation in adb.c. [RT #2017]
--
--1110. [bug] dig should only accept valid abbreviations of +options.
-- [RT #2003]
--
--1109. [bug] nsupdate accepted illegal ttl values.
--
--1108. [bug] On Win32, rndc was hanging when named was not running
-- due to failure to select for exceptional conditions
-- in select(). [RT #1870]
--
--1107. [bug] nsupdate could catch an assertion failure if an
-- invalid domain name was given as the argument to
-- the "zone" command.
--
--1106. [bug] After seeing an out of range TTL, nsupdate would
-- treat all TTLs as out of range. [RT #2001]
--
--1105. [port] OpenUNIX 8 enable threads by default. [RT #1970]
--
--1104. [bug] Invalid arguments to the transfer-format option
-- could cause an assertion failure. [RT #1995]
--
--1103. [port] OpenUNIX 8 support (ifconfig.sh). [RT #1970]
--
--1102. [doc] Note that query logging is enabled by directing the
-- queries category to a channel.
--
--1101. [bug] Array bounds read error in lwres_gai_strerror.
--
--1100. [bug] libbind: DNSSEC key ids were computed incorrectly.
--
--1099. [cleanup] libbind: defining REPORT_ERRORS in lib/bind/dst caused
-- compile time errors.
--
--1098. [bug] libbind: HMAC-MD5 key files are now mode 0600.
--
--1097. [func] libbind: RES_PRF_TRUNC for dig.
--
--1096. [func] libbind: "DNSSEC OK" (DO) support.
--
--1095. [func] libbind: resolver option: no-tld-query. disables
-- trying unqualified as a tld. no_tld_query is also
-- supported for FreeBSD compatibility.
--
--1094. [func] libbind: add support gcc's format string checking.
--
--1093. [doc] libbind: miscellaneous nroff fixes.
--
--1092. [bug] libbind: get*by*() failed to check if res_init() had
-- been called.
--
--1091. [bug] libbind: misplaced va_end().
--
--1090. [bug] libbind: dns_ho.c:add_hostent() was not returning
-- the amount of memory consumed resulting in garbage
-- address being returned. Alignment calculations were
-- wasting space. We weren't suppressing duplicate
-- addresses.
--
--1089. [func] libbind: inet_{cidr,net}_{pton,ntop}() now have IPv6
-- support.
--
--1088. [port] libbind: MPE/iX C.70 (incomplete)
--
--1087. [bug] libbind: struct __res_state too large on 64 bit arch.
--
--1086. [port] libbind: sunos: old sprintf.
--
--1085. [port] libbind: solaris: sys_nerr and sys_errlist do not
-- exist when compiling in 64 bit mode.
--
--1084. [cleanup] libbind: gai_strerror() rewritten.
--
--1083. [bug] The default control channel listened on the
-- wildcard address, not the loopback as documented.
-- [RT #1975]
--
--1082. [bug] The -g option to named incorrectly caused logging
-- to be sent to syslog in addition to stderr.
-- [RT #1974]
--
--1081. [bug] Multicast queries were incorrectly identified
-- based on the source address, not the destination
-- address.
--
--1080. [bug] BIND 8 compatibility: accept bare IP prefixes
-- as the second element of a two-element top level
-- sort list statement. [RT #1964]
--
--1079. [bug] BIND 8 compatibility: accept bare elements at top
-- level of sort list treating them as if they were
-- a single element list. [RT #1963]
--
--1078. [bug] We failed to correct bad tv_usec values in one case.
-- [RT #1966]
--
--1077. [func] Do not accept further recursive clients when
-- the total number of recursive lookups being
-- processed exceeds max-recursive-clients, even
-- if some of the lookups are internally generated.
-- [RT #1915, #1938]
--
--1076. [bug] A badly defined global key could trigger an assertion
-- on load/reload if views were used. [RT #1947]
--
--1075. [bug] Out-of-range network prefix lengths were not
-- reported. [RT #1954]
--
--1074. [bug] Running out of memory in dump_rdataset() could
-- cause an assertion failure. [RT #1946]
--
--1073. [bug] The ADB cache cleaning should also be space driven.
-- [RT #1915, #1938]
--
--1072. [bug] The TCP client quota could be exceeded when
-- recursion occurred. [RT #1937]
--
--1071. [bug] Sockets listening for TCP DNS connections
-- specified an excessive listen backlog. [RT #1937]
--
--1070. [bug] Copy DNSSEC OK (DO) to response as specified by
-- draft-ietf-dnsext-dnssec-okbit-03.txt.
--
--1069. [placeholder]
--
--1068. [bug] errno could be overwritten by catgets(). [RT #1921]
--
--1067. [func] Allow quotas to be soft, isc_quota_soft().
--
--1066. [bug] Provide a thread safe wrapper for strerror().
-- [RT #1689]
--
--1065. [func] Runtime support to select new / old style interface
-- scanning using ioctls.
--
--1064. [bug] Do not shut down active network interfaces if we
-- are unable to scan the interface list. [RT #1921]
--
--1063. [bug] libbind: "make install" was failing on IRIX.
-- [RT #1919]
--
--1062. [bug] If the control channel listener socket was shut
-- down before server exit, the listener object could
-- be freed twice. [RT #1916]
--
--1061. [bug] If periodic cache cleaning happened to start
-- while cleaning due to reaching the configured
-- maximum cache size was in progress, the server
-- could catch an assertion failure. [RT #1912]
--
--1060. [func] Move refresh, stub and notify UDP retry processing
-- into dns_request.
--
--1059. [func] dns_request now support will now retry UDP queries,
-- dns_request_createvia2() and dns_request_createraw2().
--
--1058. [func] Limited lifetime ticker timers are now available,
-- isc_timertype_limited.
--
--1057. [bug] Reloading the server after adding a "file" clause
-- to a zone statement could cause the server to
-- crash due to a typo in change 1016.
--
--1056. [bug] Rndc could catch an assertion failure on SIGINT due
-- to an uninitialized variable. [RT #1908]
--
--1055. [func] Version and hostname queries can now be disabled
-- using "version none;" and "hostname none;",
-- respectively.
--
--1054. [bug] On Win32, cfg_categories and cfg_modules need to be
-- exported from the libisccfg DLL.
--
--1053. [bug] Dig did not increase its timeout when receiving
-- AXFRs unless the +time option was used. [RT #1904]
--
--1052. [bug] Journals were not being created in binary mode
-- resulting in "journal format not recognized" error
-- under Win32. [RT #1889]
--
--1051. [bug] Do not ignore a network interface completely just
-- because it has a noncontiguous netmask. Instead,
-- omit it from the localnets ACL and issue a warning.
-- [RT #1891]
--
--1050. [bug] Log messages reporting malformed IP addresses in
-- address lists such as that of the forwarders option
-- failed to include the correct error code, file
-- name, and line number. [RT #1890]
--
--1049. [func] "pid-file none;" will disable writing a pid file.
-- [RT #1848]
--
--1048. [bug] Servers built with -DISC_MEM_USE_INTERNAL_MALLOC=1
-- didn't work.
--
--1047. [bug] named was incorrectly refusing all requests signed
-- with a TSIG key derived from an unsigned TKEY
-- negotiation with a NOERROR response. [RT #1886]
--
--1046. [bug] The help message for the --with-openssl configure
-- option was inaccurate. [RT #1880]
--
--1045. [bug] It was possible to skip saving glue for a nameserver
-- for a stub zone.
--
--1044. [bug] Specifying allow-transfer, notify-source, or
-- notify-source-v6 in a stub zone was not treated
-- as an error.
--
--1043. [bug] Specifying a transfer-source or transfer-source-v6
-- option in the zone statement for a master zone was
-- not treated as an error. [RT #1876]
--
--1042. [bug] The "config" logging category did not work properly.
-- [RT #1873]
--
--1041. [bug] Dig/host/nslookup could catch an assertion failure
-- on SIGINT due to an uninitialized variable. [RT #1867]
--
--1040. [bug] Multiple listen-on-v6 options with different ports
-- were not accepted. [RT #1875]
--
--1039. [bug] Negative responses with CNAMEs in the answer section
-- were cached incorrectly. [RT #1862]
--
--1038. [bug] In servers configured with a tkey-domain option,
-- TKEY queries with an owner name other than the root
-- could cause an assertion failure. [RT #1866, #1869]
--
--1037. [bug] Negative responses whose authority section contain
-- SOA or NS records whose owner names are not equal
-- equal to or parents of the query name should be
-- rejected. [RT #1862]
--
--1036. [func] Silently drop requests received via multicast as
-- long as there is no final multicast DNS standard.
--
--1035. [bug] If we respond to multicast queries (which we
-- currently do not), respond from a unicast address
-- as specified in RFC 1123. [RT #137]
--
--1034. [bug] Ignore the RD bit on multicast queries as specified
-- in RFC 1123. [RT #137]
--
--1033. [bug] Always respond to requests with an unsupported opcode
-- with NOTIMP, even if we don't have a matching view
-- or cannot determine the class.
--
--1032. [func] hostname.bind/txt/chaos now returns the name of
-- the machine hosting the nameserver. This is useful
-- in diagnosing problems with anycast servers.
--
--1031. [bug] libbind.a: isc__gettimeofday() infinite recursion.
-- [RT #1858]
--
--1030. [bug] On systems with no resolv.conf file, nsupdate
-- exited with an error rather than defaulting
-- to using the loopback address. [RT #1836]
--
--1029. [bug] Some named.conf errors did not cause the loading
-- of the configuration file to return a failure
-- status even though they were logged. [RT #1847]
--
--1028. [bug] On Win32, dig/host/nslookup looked for resolv.conf
-- in the wrong directory. [RT #1833]
--
--1027. [bug] RRs having the reserved type 0 should be rejected.
-- [RT #1471]
--
--1026. [placeholder]
--
--1025. [bug] Don't use multicast addresses to resolve iterative
-- queries. [RT #101]
--
--1024. [port] Compilation failed on HP-UX 11.11 due to
-- incompatible use of the SIOCGLIFCONF macro
-- name. [RT #1831]
--
--1023. [func] Accept hints without TTLs.
--
--1022. [bug] Don't report empty root hints as "extra data".
-- [RT #1802]
--
--1021. [bug] On Win32, log message timestamps were one month
-- later than they should have been, and the server
-- would exhibit unspecified behavior in December.
--
--1020. [bug] IXFR log messages did not distinguish between
-- true IXFRs, AXFR-style IXFRs, and mere version
-- polls. [RT #1811]
--
--1019. [bug] The value of the lame-ttl option was limited to 18000
-- seconds, not 1800 seconds as documented. [RT #1803]
--
--1018. [bug] The default log channel was not always initialized
-- correctly. [RT #1813]
--
--1017. [bug] When specifying TSIG keys to dig and nsupdate using
-- the -k option, they must be HMAC-MD5 keys. [RT #1810]
--
--1016. [bug] Slave zones with no backup file were re-transferred
-- on every server reload.
--
--1015. [bug] Log channels that had a "versions" option but no
-- "size" option failed to create numbered log
-- files. [RT #1783]
--
--1014. [bug] Some queries would cause statistics counters to
-- increment more than once or not at all. [RT #1321]
--
--1013. [bug] It was possible to cancel a query twice when marking
-- a server as bogus or by having a blackhole acl.
-- [RT #1776]
--
--1012. [bug] The -p option to named did not behave as documented.
--
--1011. [cleanup] Removed isc_dir_current().
--
--1010. [bug] The server could attempt to execute a command channel
-- command after initiating server shutdown, causing
-- an assertion failure. [RT #1766]
--
--1009. [port] OpenUNIX 8 support. [RT #1728]
--
--1008. [port] libtool.m4, ltmain.sh from libtool-1.4.2.
--
--1007. [port] config.guess, config.sub from autoconf-2.52.
--
--1006. [bug] If a KEY RR was found missing during DNSSEC validation,
-- an assertion failure could subsequently be triggered
-- in the resolver. [RT #1763]
--
--1005. [bug] Don't copy nonzero RCODEs from request to response.
-- [RT #1765]
--
--1004. [port] Deal with recvfrom() returning EHOSTDOWN. [RT #1770]
--
--1003. [func] Add the +retry option to dig.
--
--1002. [bug] When reporting an unknown class name in named.conf,
-- including the file name and line number. [RT #1759]
--
--1001. [bug] win32 socket code doio_recv was not catching a
-- WSACONNRESET error when a client was timing out
-- the request and closing its socket. [RT #1745]
--
--1000. [bug] BIND 8 compatibility: accept "HESIOD" as an alias
-- for class "HS". [RT #1759]
--
-- 999. [func] "rndc retransfer zone [class [view]]" added.
-- [RT #1752]
--
-- 998. [func] named-checkzone now has arguments to specify the
-- chroot directory (-t) and working directory (-w).
-- [RT #1755]
--
-- 997. [func] Add support for RSA-SHA1 keys (RFC3110).
--
-- 996. [func] Issue warning if the configuration filename contains
-- the chroot path.
--
-- 995. [bug] dig, host, nslookup: using a raw IPv6 address as a
-- target address should be fatal on a IPv4 only system.
--
-- 994. [func] Treat non-authoritative responses to queries for type
-- NS as referrals even if the NS records are in the
-- answer section, because BIND 8 servers incorrectly
-- send them that way. This is necessary for DNSSEC
-- validation of the NS records of a secure zone to
-- succeed when the parent is a BIND 8 server. [RT #1706]
--
-- 993. [func] dig: -v now reports the version.
--
-- 992. [doc] dig: ~/.digrc is now documented.
--
-- 991. [func] Lower UDP refresh timeout messages to level
-- debug 1.
--
-- 990. [bug] The rndc-confgen man page was not installed.
--
-- 989. [bug] Report filename if $INCLUDE fails for file related
-- errors. [RT #1736]
--
-- 988. [bug] 'additional-from-auth no;' did not work reliably
-- in the case of queries answered from the cache.
-- [RT #1436]
--
-- 987. [bug] "dig -help" didn't show "+[no]stats".
--
-- 986. [bug] "dig +noall" failed to clear stats and command
-- printing.
--
-- 985. [func] Consider network interfaces to be up iff they have
-- a nonzero IP address rather than based on the
-- IFF_UP flag. [RT #1160]
--
-- 984. [bug] Multi-threading should be enabled by default on
-- Solaris 2.7 and newer, but it wasn't.
--
-- 983. [func] The server now supports generating IXFR difference
-- sequences for non-dynamic zones by comparing zone
-- versions, when enabled using the new config
-- option "ixfr-from-differences". [RT #1727]
--
-- 982. [func] If "memstatistics-file" is set in options the memory
-- statistics will be written to it.
--
-- 981. [func] The dnssec tools can now take multiple '-r randomfile'
-- arguments.
--
-- 980. [bug] Incoming zone transfers restarting after an error
-- could trigger an assertion failure. [RT #1692]
--
-- 979. [func] Incremental master file dumping. dns_master_dumpinc(),
-- dns_master_dumptostreaminc(), dns_dumpctx_attach(),
-- dns_dumpctx_detach(), dns_dumpctx_cancel(),
-- dns_dumpctx_db() and dns_dumpctx_version().
--
-- 978. [bug] dns_db_attachversion() had an invalid REQUIRE()
-- condition.
--
-- 977. [bug] Improve "not at top of zone" error message.
--
-- 976. [func] named-checkconf can now test load master zones
-- (named-checkconf -z). [RT #1468]
--
-- 975. [bug] "max-cache-size default;" as a view option
-- caused an assertion failure.
--
-- 974. [bug] "max-cache-size unlimited;" as a global option
-- was not accepted.
--
-- 973. [bug] Failed to log the question name when logging:
-- "bad zone transfer request: non-authoritative zone
-- (NOTAUTH)".
--
-- 972. [bug] The file modification time code in zone.c was using the
-- wrong epoch. [RT #1667]
--
-- 971. [placeholder]
--
-- 970. [func] 'max-journal-size' can now be used to set a target
-- size for a journal.
--
-- 969. [func] dig now supports the undocumented dig 8 feature
-- of allowing arbitrary labels, not just dotted
-- decimal quads, with the -x option. This can be
-- used to conveniently look up RFC2317 names as in
-- "dig -x 10.0.0.0-127". [RT #827, #1576, #1598]
--
-- 968. [bug] On win32, the isc_time_now() function was unnecessarily
-- calling strtime(). [RT #1671]
--
-- 967. [bug] On win32, the link for bindevt was not including the
-- required resource file to enable the event viewer
-- to interpret the error messages in the event log,
-- [RT #1668]
--
-- 966. [placeholder]
--
-- 965. [bug] Including data other than root server NS and A
-- records in the root hint file could cause a rbtdb
-- node reference leak. [RT #1581, #1618]
--
-- 964. [func] Warn if data other than root server NS and A records
-- are found in the root hint file. [RT #1581, #1618]
--
-- 963. [bug] Bad ISC_LANG_ENDDECLS. [RT #1645]
--
-- 962. [bug] libbind: bad "#undef", don't attempt to install
-- non-existent nlist.h. [RT #1640]
--
-- 961. [bug] Tried to use a IPV6 feature when ISC_PLATFORM_HAVEIPV6
-- was not defined. [RT #1482]
--
-- 960. [port] liblwres failed to build on systems with support for
-- getrrsetbyname() in the OS. [RT #1592]
--
-- 959. [port] On FreeBSD, determine the number of CPUs by calling
-- sysctlbyname(). [RT #1584]
--
-- 958. [port] ssize_t is not available on all platforms. [RT #1607]
--
-- 957. [bug] sys/select.h inclusion was broken on older platforms.
-- [RT #1607]
--
-- 956. [bug] ns_g_autorndcfile changed to ns_g_keyfile
-- in named/win32/os.c due to code changes in
-- change #953. win32 .make file for rndc-confgen
-- updated to add include path for os.h header.
--
-- --- 9.2.0rc1 released ---
--
-- 955. [bug] When using views, the zone's class was not being
-- inherited from the view's class. [RT #1583]
--
-- 954. [bug] When requesting AXFRs or IXFRs using dig, host, or
-- nslookup, the RD bit should not be set as zone
-- transfers are inherently non-recursive. [RT #1575]
--
-- 953. [func] The /var/run/named.key file from change #843
-- has been replaced by /etc/rndc.key. Both
-- named and rndc will look for this file and use
-- it to configure a default control channel key
-- if not already configured using a different
-- method (rndc.conf / controls). Unlike
-- named.key, rndc.key is not created automatically;
-- it must be created by manually running
-- "rndc-confgen -a".
--
-- 952. [bug] The server required manual intervention to serve the
-- affected zones if it died between creating a journal
-- and committing the first change to it.
--
-- 951. [bug] CFLAGS was not passed to the linker when
-- linking some of the test programs under
-- bin/tests. [RT #1555].
--
-- 950. [bug] Explicit TTLs did not properly override $TTL
-- due to a bug in change 834. [RT #1558]
--
-- 949. [bug] host was unable to print records larger than 512
-- bytes. [RT #1557]
--
-- --- 9.2.0b2 released ---
--
-- 948. [port] Integrated support for building on Windows NT /
-- Windows 2000.
--
-- 947. [bug] dns_rdata_soa_t had a badly named element "mname" which
-- was really the RNAME field from RFC1035. To avoid
-- confusion and silent errors that would occur it the
-- "origin" and "mname" elements were given their correct
-- names "mname" and "rname" respectively, the "mname"
-- element is renamed to "contact".
--
-- 946. [cleanup] doc/misc/options is now machine-generated from the
-- configuration parser syntax tables, and therefore
-- more likely to be correct.
--
-- 945. [func] Add the new view-specific options
-- "match-destinations" and "match-recursive-only".
--
-- 944. [func] Check for expired signatures on load.
--
-- 943. [bug] The server could crash when receiving a command
-- via rndc if the configuration file listed only
-- nonexistent keys in the controls statement. [RT #1530]
--
-- 942. [port] libbind: GETNETBYADDR_ADDR_T was not correctly
-- defined on some platforms.
--
-- 941. [bug] The configuration checker crashed if a slave
-- zone didn't contain a masters statement. [RT #1514]
--
-- 940. [bug] Double zone locking failure on error path. [RT #1510]
--
-- --- 9.2.0b1 released ---
--
-- 939. [port] Add the --disable-linux-caps option to configure for
-- systems that manage capabilities outside of named.
-- [RT #1503]
--
-- 938. [placeholder]
--
-- 937. [bug] A race when shutting down a zone could trigger a
-- INSIST() failure. [RT #1034]
--
-- 936. [func] Warn about IPv4 addresses that are not complete
-- dotted quads. [RT #1084]
--
-- 935. [bug] inet_pton failed to reject leading zeros.
--
-- 934. [port] Deal with systems where accept() spuriously returns
-- ECONNRESET.
--
-- 933. [bug] configure failed doing libbind on platforms not
-- supported by BIND 8. [RT #1496]
--
-- --- 9.2.0a3 released ---
--
-- 932. [bug] Use INSTALL_SCRIPT, not INSTALL_PROGRAM,
-- when installing isc-config.sh.
-- [RT #198, #1466]
--
-- 931. [bug] The controls statement only attempted to verify
-- messages using the first key in the key list.
-- (9.2.0a1/a2 only).
--
-- 930. [func] Query performance testing tool added as
-- contrib/queryperf.
--
-- 929. [placeholder]
--
-- 928. [bug] nsupdate would send empty update packets if the
-- send (or empty line) command was run after
-- another send but before any new updates or
-- prerequisites were specified. It should simply
-- ignore this command.
--
-- 927. [bug] Don't hold the zone lock for the entire dump to disk.
-- [RT #1423]
--
-- 926. [bug] The resolver could deadlock with the ADB when
-- shutting down (multi-threaded builds only).
-- [RT #1324]
--
-- 925. [cleanup] Remove openssl from the distribution; require that
-- --with-openssl be specified if DNSSEC is needed.
--
-- 924. [port] Extend support for pre-RFC2133 IPv6 implementation.
-- [RT #987]
--
-- 923. [bug] Multiline TSIG secrets (and other multiline strings)
-- were not accepted in named.conf. [RT #1469]
--
-- 922. [func] Added two new lwres_getrrsetbyname() result codes,
-- ERR_NONAME and ERR_NODATA.
--
-- 921. [bug] lwres returned an incorrect error code if it received
-- a truncated message.
--
-- 920. [func] Increase the lwres receive buffer size to 16K.
-- [RT #1451]
--
-- 919. [placeholder]
--
-- 918. [func] In nsupdate, TSIG errors are no longer treated as
-- fatal errors.
--
-- 917. [func] New nsupdate command 'key', allowing TSIG keys to
-- be specified in the nsupdate command stream rather
-- than the command line.
--
-- 916. [bug] Specifying type ixfr to dig without specifying
-- a serial number failed in unexpected ways.
--
-- 915. [func] The named-checkconf and named-checkzone programs
-- now have a '-v' option for printing their version.
-- [RT #1151]
--
-- 914. [bug] Global 'server' statements were rejected when
-- using views, even though they were accepted
-- in 9.1. [RT #1368]
--
-- 913. [bug] Cache cleaning was not sufficiently aggressive.
-- [RT #1441, #1444]
--
-- 912. [bug] Attempts to set the 'additional-from-cache' or
-- 'additional-from-auth' option to 'no' in a
-- server with recursion enabled will now
-- be ignored and cause a warning message.
-- [RT #1145]
--
-- 911. [placeholder]
--
-- 910. [port] Some pre-RFC2133 IPv6 implementations do not define
-- IN6ADDR_ANY_INIT. [RT #1416]
--
-- 909. [placeholder]
--
-- 908. [func] New program, rndc-confgen, to simplify setting up rndc.
--
-- 907. [func] The ability to get entropy from either the
-- random device, a user-provided file or from
-- the keyboard was migrated from the DNSSEC tools
-- to libisc as isc_entropy_usebestsource().
--
-- 906. [port] Separated the system independent portion of
-- lib/isc/unix/entropy.c into lib/isc/entropy.c
-- and added lib/isc/win32/entropy.c.
--
-- 905. [bug] Configuring a forward "zone" for the root domain
-- did not work. [RT #1418]
--
-- 904. [bug] The server would leak memory if attempting to use
-- an expired TSIG key. [RT #1406]
--
-- 903. [bug] dig should not crash when receiving a TCP packet
-- of length 0.
--
-- 902. [bug] The -d option was ignored if both -t and -g were also
-- specified.
--
-- 901. [placeholder]
--
-- 900. [bug] A config.guess update changed the system identification
-- string of FreeBSD systems; configure and
-- bin/tests/system/ifconfig.sh now recognize the new
-- string.
--
-- --- 9.2.0a2 released ---
--
-- 899. [bug] lib/dns/soa.c failed to compile on many platforms
-- due to inappropriate use of a void value.
-- [RT #1372, #1373, #1386, #1387, #1395]
--
-- 898. [bug] "dig" failed to set a nonzero exit status
-- on UDP query timeout. [RT #1323]
--
-- 897. [bug] A config.guess update changed the system identification
-- string of UnixWare systems; configure now recognizes
-- the new string.
--
-- 896. [bug] If a configuration file is set on named's command line
-- and it has a relative pathname, the current directory
-- (after any possible jailing resulting from named -t)
-- will be prepended to it so that reloading works
-- properly even when a directory option is present.
--
-- 895. [func] New function, isc_dir_current(), akin to POSIX's
-- getcwd().
--
-- 894. [bug] When using the DNSSEC tools, a message intended to warn
-- when the keyboard was being used because of the lack
-- of a suitable random device was not being printed.
--
-- 893. [func] Removed isc_file_test() and added isc_file_exists()
-- for the basic functionality that was being added
-- with isc_file_test().
--
-- 892. [placeholder]
--
-- 891. [bug] Return an error when a SIG(0) signed response to
-- an unsigned query is seen. This should actually
-- do the verification, but it's not currently
-- possible. [RT #1391]
--
-- 890. [cleanup] The man pages no longer require the mandoc macros
-- and should now format cleanly using most versions of
-- nroff, and HTML versions of the man pages have been
-- added. Both are generated from DocBook source.
--
-- 889. [port] Eliminated blank lines before .TH in nroff man
-- pages since they cause problems with some versions
-- of nroff. [RT #1390]
--
-- 888. [bug] Don't die when using TKEY to delete a nonexistent
-- TSIG key. [RT #1392]
--
-- 887. [port] Detect broken compilers that can't call static
-- functions from inline functions. [RT #1212]
--
-- 886. [placeholder]
--
-- 885. [placeholder]
--
-- 884. [placeholder]
--
-- 883. [placeholder]
--
-- 882. [placeholder]
--
-- 881. [placeholder]
--
-- 880. [placeholder]
--
-- 879. [placeholder]
--
-- 878. [placeholder]
--
-- 877. [placeholder]
--
-- 876. [placeholder]
--
-- 875. [placeholder]
--
-- 874. [placeholder]
--
-- 873. [placeholder]
--
-- 872. [placeholder]
--
-- 871. [placeholder]
--
-- 870. [placeholder]
--
-- 869. [placeholder]
--
-- 868. [placeholder]
--
-- 867. [placeholder]
--
-- 866. [func] Close debug only file channels when debug is set to
-- zero. [RT #1246]
--
-- 865. [bug] The new configuration parser did not allow
-- the optional debug level in a "severity debug"
-- clause of a logging channel to be omitted.
-- This is now allowed and treated as "severity
-- debug 1;" like it does in BIND 8.2.4, not as
-- "severity debug 0;" like it did in BIND 9.1.
-- [RT #1367]
--
-- 864. [cleanup] Multi-threading is now enabled by default on
-- OSF1, Solaris 2.7 and newer, AIX, IRIX, and HP-UX.
--
-- 863. [bug] If an error occurred while an outgoing zone transfer
-- was starting up, the server could access a domain
-- name that had already been freed when logging a
-- message saying that the transfer was starting.
-- [RT #1383]
--
-- 862. [bug] Use after realloc(), non portable pointer arithmetic in
-- grmerge().
--
-- 861. [port] Add support for Mac OS X, by making it equivalent
-- to Darwin. This was derived from the config.guess
-- file shipped with Mac OS X. [RT #1355]
--
-- 860. [func] Drop cross class glue in zone transfers.
--
-- 859. [bug] Cache cleaning now won't swamp the CPU if there
-- is a persistent over limit condition.
--
-- 858. [func] isc_mem_setwater() no longer requires that when the
-- callback function is non-NULL then its hi_water
-- argument must be greater than its lo_water argument
-- (they can now be equal) or that they be non-zero.
--
-- 857. [cleanup] Use ISC_MAGIC() to define all magic numbers for
-- structs, for our friends in EBCDIC-land.
--
-- 856. [func] Allow partial rdatasets to be returned in answer and
-- authority sections to help non-TCP capable clients
-- recover from truncation. [RT #1301]
--
-- 855. [bug] Stop spurious "using RFC 1035 TTL semantics" warnings.
--
-- 854. [bug] The config parser didn't properly handle config
-- options that were specified in units of time other
-- than seconds. [RT #1372]
--
-- 853. [bug] configure_view_acl() failed to detach existing acls.
-- [RT #1374]
--
-- 852. [bug] Handle responses from servers which do not know
-- about IXFR.
--
-- 851. [cleanup] The obsolete support-ixfr option was not properly
-- ignored.
--
-- --- 9.2.0a1 released ---
--
-- 850. [bug] dns_rbt_findnode() would not find nodes that were
-- split on a bitstring label somewhere other than in
-- the last label of the node. [RT #1351]
--
-- 849. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined.
--
-- 848. [func] A minimum max-cache-size of two megabytes is enforced
-- by the cache cleaner.
--
-- 847. [func] Added isc_file_test(), which currently only has
-- some very basic functionality to test for the
-- existence of a file, whether a pathname is absolute,
-- or whether a pathname is the fundamental representation
-- of the current directory. It is intended that this
-- function can be expanded to test other things a
-- programmer might want to know about a file.
--
-- 846. [func] A non-zero 'param' to dst_key_generate() when making an
-- hmac-md5 key means that good entropy is not required.
--
-- 845. [bug] The access rights on the public file of a symmetric
-- key are now restricted as soon as the file is opened,
-- rather than after it has been written and closed.
--
-- 844. [func] <isc/net.h> will ensure INADDR_LOOPBACK is defined,
-- just as <lwres/net.h> does.
--
-- 843. [func] If no controls statement is present in named.conf,
-- or if any inet phrase of a controls statement is
-- lacking a keys clause, then a key will be automatically
-- generated by named and an rndc.conf-style file
-- named named.key will be written that uses it. rndc
-- will use this file only if its normal configuration
-- file, or one provided on the command line, does not
-- exist.
--
-- 842. [func] 'rndc flush' now takes an optional view.
--
-- 841. [bug] When sdb modules were not declared threadsafe, their
-- create and destroy functions were not serialized.
--
-- 840. [bug] The config file parser could print the wrong file
-- name if an error was detected after an included file
-- was parsed. [RT #1353]
--
-- 839. [func] Dump packets for which there was no view or that the
-- class could not be determined to category "unmatched".
--
-- 838. [port] UnixWare 7.x.x is now suported by
-- bin/tests/system/ifconfig.sh.
--
-- 837. [cleanup] Multi-threading is now enabled by default only on
-- OSF1, Solaris 2.7 and newer, and AIX.
--
-- 836. [func] Upgraded libtool to 1.4.
--
-- 835. [bug] The dispatcher could enter a busy loop if
-- it got an I/O error receiving on a UDP socket.
-- [RT #1293]
--
-- 834. [func] Accept (but warn about) master files beginning with
-- an SOA record without an explicit TTL field and
-- lacking a $TTL directive, by using the SOA MINTTL
-- as a default TTL. This is for backwards compatibility
-- with old versions of BIND 8, which accepted such
-- files without warning although they are illegal
-- according to RFC1035.
--
-- 833. [cleanup] Moved dns_soa_*() from <dns/journal.h> to
-- <dns/soa.h>, and extended them to support
-- all the integer-valued fields of the SOA RR.
--
-- 832. [bug] The default location for named.conf in named-checkconf
-- should depend on --sysconfdir like it does in named.
-- [RT #1258]
--
-- 831. [placeholder]
--
-- 830. [func] Implement 'rndc status'.
--
-- 829. [bug] The DNS_R_ZONECUT result code should only be returned
-- when an ANY query is made with DNS_DBFIND_GLUEOK set.
-- In all other ANY query cases, returning the delegation
-- is better.
--
-- 828. [bug] The errno value from recvfrom() could be overwritten
-- by logging code. [RT #1293]
--
-- 827. [bug] When an IXFR protocol error occurs, the slave
-- should retry with AXFR.
--
-- 826. [bug] Some IXFR protocol errors were not detected.
--
-- 825. [bug] zone.c:ns_query() detached from the wrong zone
-- reference. [RT #1264]
--
-- 824. [bug] Correct line numbers reported by dns_master_load().
-- [RT #1263]
--
-- 823. [func] The output of "dig -h" now goes to stdout so that it
-- can easily be piped through "more". [RT #1254]
--
-- 822. [bug] Sending nxrrset prerequisites would crash nsupdate.
-- [RT #1248]
--
-- 821. [bug] The program name used when logging to syslog should
-- be stripped of leading path components.
-- [RT #1178, #1232]
--
-- 820. [bug] Name server address lookups failed to follow
-- A6 chains into the glue of local authoritative
-- zones.
--
-- 819. [bug] In certain cases, the resolver's attempts to
-- restart an address lookup at the root could cause
-- the fetch to deadlock (with itself) instead of
-- restarting. [RT #1225]
--
-- 818. [bug] Certain pathological responses to ANY queries could
-- cause an assertion failure. [RT #1218]
--
-- 817. [func] Adjust timeouts for dialup zone queries.
--
-- 816. [bug] Report potential problems with log file accessibility
-- at configuration time, since such problems can't
-- reliably be reported at the time they actually occur.
--
-- 815. [bug] If a log file was specified with a path separator
-- character (i.e. "/") in its name and the directory
-- did not exist, the log file's name was treated as
-- though it were the directory name. [RT #1189]
--
-- 814. [bug] Socket objects left over from accept() failures
-- were incorrectly destroyed, causing corruption
-- of socket manager data structures.
--
-- 813. [bug] File descriptors exceeding FD_SETSIZE were handled
-- badly. [RT #1192]
--
-- 812. [bug] dig sometimes printed incomplete IXFR responses
-- due to an uninitialized variable. [RT #1188]
--
-- 811. [bug] Parentheses were not quoted in zone dumps. [RT #1194]
--
-- 810. [bug] The signer name in SIG records was not properly
-- down-cased when signing/verifying records. [RT #1186]
--
-- 809. [bug] Configuring a non-local address as a transfer-source
-- could cause an assertion failure during load.
--
-- 808. [func] Add 'rndc flush' to flush the server's cache.
--
-- 807. [bug] When setting up TCP connections for incoming zone
-- transfers, the transfer-source port was not
-- ignored like it should be.
--
-- 806. [bug] DNS_R_SEENINCLUDE was failing to propagate back up
-- the calling stack to the zone maintenance level,
-- causing zones to not reload when an included file was
-- touched but the top-level zone file was not.
--
-- 805. [bug] When using "forward only", missing root hints should
-- not cause queries to fail. [RT #1143]
--
-- 804. [bug] Attempting to obtain entropy could fail in some
-- situations. This would be most common on systems
-- with user-space threads. [RT #1131]
--
-- 803. [bug] Treat all SIG queries as if they have the CD bit set,
-- otherwise no data will be returned [RT #749]
--
-- 802. [bug] DNSSEC key tags were computed incorrectly in almost
-- all cases. [RT #1146]
--
-- 801. [bug] nsupdate should treat lines beginning with ';' as
-- comments. [RT #1139]
--
-- 800. [bug] dnssec-signzone produced incorrect statistics for
-- large zones. [RT #1133]
--
-- 799. [bug] The ADB didn't find AAAA glue in a zone unless A6
-- glue was also present.
--
-- 798. [bug] nsupdate should be able to reject bad input lines
-- and continue. [RT #1130]
--
-- 797. [func] Issue a warning if the 'directory' option contains
-- a relative path. [RT #269]
--
-- 796. [func] When a size limit is associated with a log file,
-- only roll it when the size is reached, not every
-- time the log file is opened. [RT #1096]
--
-- 795. [func] Add the +multiline option to dig. [RT #1095]
--
-- 794. [func] Implement the "port" and "default-port" statements
-- in rndc.conf.
--
-- 793. [cleanup] The DNSSEC tools could create filenames that were
-- illegal or contained shell meta-characters. They
-- now use a different text encoding of names that
-- doesn't have these problems. [RT #1101]
--
-- 792. [cleanup] Replace the OMAPI command channel protocol with a
-- simpler one.
--
-- 791. [bug] The command channel now works over IPv6.
--
-- 790. [bug] Wildcards created using dynamic update or IXFR
-- could fail to match. [RT #1111]
--
-- 789. [bug] The "localhost" and "localnets" ACLs did not match
-- when used as the second element of a two-element
-- sortlist item.
--
-- 788. [func] Add the "match-mapped-addresses" option, which
-- causes IPv6 v4mapped addresses to be treated as
-- IPv4 addresses for the purpose of acl matching.
--
-- 787. [bug] The DNSSEC tools failed to downcase domain
-- names when mapping them into file names.
--
-- 786. [bug] When DNSSEC signing/verifying data, owner names were
-- not properly down-cased.
--
-- 785. [bug] A race condition in the resolver could cause
-- an assertion failure. [RT #673, #872, #1048]
--
-- 784. [bug] nsupdate and other programs would not quit properly
-- if some signals were blocked by the caller. [RT #1081]
--
-- 783. [bug] Following CNAMEs could cause an assertion failure
-- when either using an sdb database or under very
-- rare conditions.
--
-- 782. [func] Implement the "serial-query-rate" option.
--
-- 781. [func] Avoid error packet loops by dropping duplicate FORMERR
-- responses. [RT #1006]
--
-- 780. [bug] Error handling code dealing with out of memory or
-- other rare errors could lead to assertion failures
-- by calling functions on uninitialized names. [RT #1065]
--
-- 779. [func] Added the "minimal-responses" option.
--
-- 778. [bug] When starting cache cleaning, cleaning_timer_action()
-- returned without first pausing the iterator, which
-- could cause deadlock. [RT #998]
--
-- 777. [bug] An empty forwarders list in a zone failed to override
-- global forwarders. [RT #995]
--
-- 776. [func] Improved error reporting in denied messages. [RT #252]
--
-- 775. [placeholder]
--
-- 774. [func] max-cache-size is implemented.
--
-- 773. [func] Added isc_rwlock_trylock() to attempt to lock without
-- blocking.
--
-- 772. [bug] Owner names could be incorrectly omitted from cache
-- dumps in the presence of negative caching entries.
-- [RT #991]
--
-- 771. [cleanup] TSIG errors related to unsynchronized clocks
-- are logged better. [RT #919]
--
-- 770. [func] Add the "edns yes_or_no" statement to the server
-- clause. [RT #524]
--
-- 769. [func] Improved error reporting when parsing rdata. [RT #740]
--
-- 768. [bug] The server did not emit an SOA when a CNAME
-- or DNAME chain ended in NXDOMAIN in an
-- authoritative zone.
--
-- 767. [placeholder]
--
-- 766. [bug] A few cases in query_find() could leak fname.
-- This would trigger the mpctx->allocated == 0
-- assertion when the server exited.
-- [RT #739, #776, #798, #812, #818, #821, #845,
-- #892, #935, #966]
--
-- 765. [func] ACL names are once again case insensitive, like
-- in BIND 8. [RT #252]
--
-- 764. [func] Configuration files now allow "include" directives
-- in more places, such as inside the "view" statement.
-- [RT #377, #728, #860]
--
-- 763. [func] Configuration files no longer have reserved words.
-- [RT #731, #753]
--
-- 762. [cleanup] The named.conf and rndc.conf file parsers have
-- been completely rewritten.
--
-- 761. [bug] _REENTRANT was still defined when building with
-- --disable-threads.
--
-- 760. [contrib] Significant enhancements to the pgsql sdb driver.
--
-- 759. [bug] The resolver didn't turn off "avoid fetches" mode
-- when restarting, possibly causing resolution
-- to fail when it should not. This bug only affected
-- platforms which support both IPv4 and IPv6. [RT #927]
--
-- 758. [bug] The "avoid fetches" code did not treat negative
-- cache entries correctly, causing fetches that would
-- be useful to be avoided. This bug only affected
-- platforms which support both IPv4 and IPv6. [RT #927]
--
-- 757. [func] Log zone transfers.
--
-- 756. [bug] dns_zone_load() could "return" success when no master
-- file was configured.
--
-- 755. [bug] Fix incorrectly formatted log messages in zone.c.
--
-- 754. [bug] Certain failure conditions sending UDP packets
-- could cause the server to retry the transmission
-- indefinitely. [RT #902]
--
-- 753. [bug] dig, host, and nslookup would fail to contact a
-- remote server if getaddrinfo() returned an IPv6
-- address on a system that doesn't support IPv6.
-- [RT #917]
--
-- 752. [func] Correct bad tv_usec elements returned by
-- gettimeofday().
--
-- 751. [func] Log successful zone loads / transfers. [RT #898]
--
-- 750. [bug] A query should not match a DNAME whose trust level
-- is pending. [RT #916]
--
-- 749. [bug] When a query matched a DNAME in a secure zone, the
-- server did not return the signature of the DNAME.
-- [RT #915]
--
-- 748. [doc] List supported RFCs in doc/misc/rfc-compliance.
-- [RT #781]
--
-- 747. [bug] The code to determine whether an IXFR was possible
-- did not properly check for a database that could
-- not have a journal. [RT #865, #908]
--
-- 746. [bug] The sdb didn't clone rdatasets properly, causing
-- a crash when the server followed delegations. [RT #905]
--
-- 745. [func] Report the owner name of records that fail
-- semantic checks while loading.
--
-- 744. [bug] When returning DNS_R_CNAME or DNS_R_DNAME as the
-- result of an ANY or SIG query, the resolver failed
-- to setup the return event's rdatasets, causing an
-- assertion failure in the query code. [RT #881]
--
-- 743. [bug] Receiving a large number of certain malformed
-- answers could cause named to stop responding.
-- [RT #861]
--
-- 742. [placeholder]
--
-- 741. [port] Support openssl-engine. [RT #709]
--
-- 740. [port] Handle openssl library mismatches slightly better.
--
-- 739. [port] Look for /dev/random in configure, rather than
-- assuming it will be there for only a predefined
-- set of OSes.
--
-- 738. [bug] If a non-threadsafe sdb driver supported AXFR and
-- received an AXFR request, it would deadlock or die
-- with an assertion failure. [RT #852]
--
-- 737. [port] stdtime.c failed to compile on certain platforms.
--
-- 736. [func] New functions isc_task_{begin,end}exclusive().
--
-- 735. [doc] Add BIND 4 migration notes.
--
-- 734. [bug] An attempt to re-lock the zone lock could occur if
-- the server was shutdown during a zone transfer.
-- [RT #830]
--
-- 733. [bug] Reference counts of dns_acl_t objects need to be
-- locked but were not. [RT #801, #821]
--
-- 732. [bug] Glue with 0 TTL could also cause SERVFAIL. [RT #828]
--
-- 731. [bug] Certain zone errors could cause named-checkzone to
-- fail ungracefully. [RT #819]
--
-- 730. [bug] lwres_getaddrinfo() returns the correct result when
-- it fails to contact a server. [RT #768]
--
-- 729. [port] pthread_setconcurrency() needs to be called on Solaris.
--
-- 728. [bug] Fix comment processing on master file directives.
-- [RT# 757]
--
-- 727. [port] Work around OS bug where accept() succeeds but
-- fails to fill in the peer address of the accepted
-- connection, by treating it as an error rather than
-- an assertion failure. [RT #809]
--
-- 726. [func] Implement the "trace" and "notrace" commands in rndc.
--
-- 725. [bug] Installing man pages could fail.
--
-- 724. [func] New libisc functions isc_netaddr_any(),
-- isc_netaddr_any6().
--
-- 723. [bug] Referrals whose NS RRs had a 0 TTL caused the resolver
-- to return DNS_R_SERVFAIL. [RT #783]
--
-- 722. [func] Allow incremental loads to be canceled.
--
-- 721. [cleanup] Load manager and dns_master_loadfilequota() are no
-- more.
--
-- 720. [bug] Server could enter infinite loop in
-- dispatch.c:do_cancel(). [RT #733]
--
-- 719. [bug] Rapid reloads could trigger an assertion failure.
-- [RT #743, #763]
--
-- 718. [cleanup] "internal" is no longer a reserved word in named.conf.
-- [RT #753, #731]
--
-- 717. [bug] Certain TKEY processing failure modes could
-- reference an uninitialized variable, causing the
-- server to crash. [RT #750]
--
-- 716. [bug] The first line of a $INCLUDE master file was lost if
-- an origin was specified. [RT #744]
--
-- 715. [bug] Resolving some A6 chains could cause an assertion
-- failure in adb.c. [RT #738]
--
-- 714. [bug] Preserve interval timers across reloads unless changed.
-- [RT# 729]
--
-- 713. [func] named-checkconf takes '-t directory' similar to named.
-- [RT #726]
--
-- 712. [bug] Sending a large signed update message caused an
-- assertion failure. [RT #718]
--
-- 711. [bug] The libisc and liblwres implementations of
-- inet_ntop contained an off by one error.
--
-- 710. [func] The forwarders statement now takes an optional
-- port. [RT #418]
--
-- 709. [bug] ANY or SIG queries for data with a TTL of 0
-- would return SERVFAIL. [RT #620]
--
-- 708. [bug] When building with --with-openssl, the openssl headers
-- included with BIND 9 should not be used. [RT #702]
--
-- 707. [func] The "filename" argument to named-checkzone is no
-- longer optional, to reduce confusion. [RT #612]
--
-- 706. [bug] Zones with an explicit "allow-update { none; };"
-- were considered dynamic and therefore not reloaded
-- on SIGHUP or "rndc reload".
--
-- 705. [port] Work out resource limit type for use where rlim_t is
-- not available. [RT #695]
--
-- 704. [port] RLIMIT_NOFILE is not available on all platforms.
-- [RT #695]
--
-- 703. [port] sys/select.h is needed on older platforms. [RT #695]
--
-- 702. [func] If the address 0.0.0.0 is seen in resolv.conf,
-- use 127.0.0.1 instead. [RT #693]
--
-- 701. [func] Root hints are now fully optional. Class IN
-- views use compiled-in hints by default, as
-- before. Non-IN views with no root hints now
-- provide authoritative service but not recursion.
-- A warning is logged if a view has neither root
-- hints nor authoritative data for the root. [RT #696]
--
-- 700. [bug] $GENERATE range check was wrong. [RT #688]
--
-- 699. [bug] The lexer mishandled empty quoted strings. [RT #694]
--
-- 698. [bug] Aborting nsupdate with ^C would lead to several
-- race conditions.
--
-- 697. [bug] nsupdate was not compatible with the undocumented
-- BIND 8 behavior of ignoring TTLs in "update delete"
-- commands. [RT #693]
--
-- 696. [bug] lwresd would die with an assertion failure when passed
-- a zero-length name. [RT #692]
--
-- 695. [bug] If the resolver attempted to query a blackholed or
-- bogus server, the resolution would fail immediately.
--
-- 694. [bug] $GENERATE did not produce the last entry.
-- [RT #682, #683]
--
-- 693. [bug] An empty lwres statement in named.conf caused
-- the server to crash while loading.
--
-- 692. [bug] Deal with systems that have getaddrinfo() but not
-- gai_strerror(). [RT #679]
--
-- 691. [bug] Configuring per-view forwarders caused an assertion
-- failure. [RT #675, #734]
--
-- 690. [func] $GENERATE now supports DNAME. [RT #654]
--
-- 689. [doc] man pages are now installed. [RT #210]
--
-- 688. [func] "make tags" now works on systems with the
-- "Exuberant Ctags" etags.
--
-- 687. [bug] Only say we have IPv6, with sufficient functionality,
-- if it has actually been tested. [RT #586]
--
-- 686. [bug] dig and nslookup can now be properly aborted during
-- blocking operations. [RT #568]
--
-- 685. [bug] nslookup should use the search list/domain options
-- from resolv.conf by default. [RT #405, #630]
--
-- 684. [bug] Memory leak with view forwarders. [RT #656]
--
-- 683. [bug] File descriptor leak in isc_lex_openfile().
--
-- 682. [bug] nslookup displayed SOA records incorrectly. [RT #665]
--
-- 681. [bug] $GENERATE specifying output format was broken. [RT #653]
--
-- 680. [bug] dns_rdata_fromstruct() mishandled options bigger
-- than 255 octets.
--
-- 679. [bug] $INCLUDE could leak memory and file descriptors on
-- reload. [RT #639]
--
-- 678. [bug] "transfer-format one-answer;" could trigger an assertion
-- failure. [RT #646]
--
-- 677. [bug] dnssec-signzone would occasionally use the wrong ttl
-- for database operations and fail. [RT #643]
--
-- 676. [bug] Log messages about lame servers to category
-- 'lame-servers' rather than 'resolver', so as not
-- to be gratuitously incompatible with BIND 8.
--
-- 675. [bug] TKEY queries could cause the server to leak
-- memory.
--
-- 674. [func] Allow messages to be TSIG signed / verified using
-- a offset from the current time.
--
-- 673. [func] The server can now convert RFC1886-style recursive
-- lookup requests into RFC2874-style lookups, when
-- enabled using the new option "allow-v6-synthesis".
--
-- 672. [bug] The wrong time was in the "time signed" field when
-- replying with BADTIME error.
--
-- 671. [bug] The message code was failing to parse a message with
-- no question section and a TSIG record. [RT #628]
--
-- 670. [bug] The lwres replacements for getaddrinfo and
-- getipnodebyname didn't properly check for the
-- existence of the sockaddr sa_len field.
--
-- 669. [bug] dnssec-keygen now makes the public key file
-- non-world-readable for symmetric keys. [RT #403]
--
-- 668. [func] named-checkzone now reports multiple errors in master
-- files.
--
-- 667. [bug] On Linux, running named with the -u option and a
-- non-world-readable configuration file didn't work.
-- [RT #626]
--
-- 666. [bug] If a request sent by dig is longer than 512 bytes,
-- use TCP.
--
-- 665. [bug] Signed responses were not sent when the size of the
-- TSIG + question exceeded the maximum message size.
-- [RT #628]
--
-- 664. [bug] The t_tasks and t_timers module tests are now skipped
-- when building without threads, since they require
-- threads.
--
-- 663. [func] Accept a size_spec, not just an integer, in the
-- (unimplemented and ignored) max-ixfr-log-size option
-- for compatibility with recent versions of BIND 8.
-- [RT #613]
--
-- 662. [bug] dns_rdata_fromtext() failed to log certain errors.
--
-- 661. [bug] Certain UDP IXFR requests caused an assertion failure
-- (mpctx->allocated == 0). [RT #355, #394, #623]
--
-- 660. [port] Detect multiple CPUs on HP-UX and IRIX.
--
-- 659. [performance] Rewrite the name compression code to be much faster.
--
-- 658. [cleanup] Remove all vestiges of 16 bit global compression.
--
-- 657. [bug] When a listen-on statement in an lwres block does not
-- specify a port, use 921, not 53. Also update the
-- listen-on documentation. [RT #616]
--
-- 656. [func] Treat an unescaped newline in a quoted string as
-- an error. This means that TXT records with missing
-- close quotes should have meaningful errors printed.
--
-- 655. [bug] Improve error reporting on unexpected eof when loading
-- zones. [RT #611]
--
-- 654. [bug] Origin was being forgotten in TCP retries in dig.
-- [RT #574]
--
-- 653. [bug] +defname option in dig was reversed in sense.
-- [RT #549]
--
-- 652. [bug] zone_saveunique() did not report the new name.
--
-- 651. [func] The AD bit in responses now has the meaning
-- specified in <draft-ietf-dnsext-ad-is-secure>.
--
-- 650. [bug] SIG(0) records were being generated and verified
-- incorrectly. [RT #606]
--
-- 649. [bug] It was possible to join to an already running fctx
-- after it had "cloned" its events, but before it sent
-- them. In this case, the event of the newly joined
-- fetch would not contain the answer, and would
-- trigger the INSIST() in fctx_sendevents(). In
-- BIND 9.0, this bug did not trigger an INSIST(), but
-- caused the fetch to fail with a SERVFAIL result.
-- [RT #588, #597, #605, #607]
--
-- 648. [port] Add support for pre-RFC2133 IPv6 implementations.
--
-- 647. [bug] Resolver queries sent after following multiple
-- referrals had excessively long retransmission
-- timeouts due to incorrectly counting the referrals
-- as "restarts".
--
-- 646. [bug] The UnixWare ISC_PLATFORM_FIXIN6INADDR fix in isc/net.h
-- didn't _cleanly_ fix the problem it was trying to fix.
--
-- 645. [port] BSD/OS 3.0 needs pthread_init(). [RT #603]
--
-- 644. [bug] #622 needed more work. [RT #562]
--
-- 643. [bug] xfrin error messages made more verbose, added class
-- of the zone. [RT# 599]
--
-- 642. [bug] Break the exit_check() race in the zone module.
-- [RT #598]
--
-- --- 9.1.0b2 released ---
--
-- 641. [bug] $GENERATE caused a uninitialized link to be used.
-- [RT #595]
--
-- 640. [bug] Memory leak in error path could cause
-- "mpctx->allocated == 0" failure. [RT #584]
--
-- 639. [bug] Reading entropy from the keyboard would sometimes fail.
-- [RT #591]
--
-- 638. [port] lib/isc/random.c needed to explicitly include time.h
-- to get a prototype for time() when pthreads was not
-- being used. [RT #592]
--
-- 637. [port] Use isc_u?int64_t instead of (unsigned) long long in
-- lib/isc/print.c. Also allow lib/isc/print.c to
-- be compiled even if the platform does not need it.
-- [RT #592]
--
-- 636. [port] Shut up MSVC++ about a possible loss of precision
-- in the ISC__BUFFER_PUTUINT*() macros. [RT #592]
--
-- 635. [bug] Reloading a server with a configured blackhole list
-- would cause an assertion. [RT #590]
--
-- 634. [bug] A log file will completely stop being written when
-- it reaches the maximum size in all cases, not just
-- when versioning is also enabled. [RT #570]
--
-- 633. [port] Cope with rlim_t missing on BSD/OS systems. [RT #575]
--
-- 632. [bug] The index array of the journal file was
-- corrupted as it was written to disk.
--
-- 631. [port] Build without thread support on systems without
-- pthreads.
--
-- 630. [bug] Locking failure in zone code. [RT #582]
--
-- 629. [bug] 9.1.0b1 dereferenced a null pointer and crashed
-- when responding to a UDP IXFR request.
--
-- 628. [bug] If the root hints contained only AAAA addresses,
-- named would be unable to perform resolution.
--
-- 627. [bug] The EDNS0 blackhole detection code of change 324
-- waited for three retransmissions to each server,
-- which takes much too long when a domain has many
-- name servers and all of them drop EDNS0 queries.
-- Now we retry without EDNS0 after three consecutive
-- timeouts, even if they are all from different
-- servers. [RT #143]
--
-- 626. [bug] The lightweight resolver daemon no longer crashes
-- when asked for a SIG rrset. [RT #558]
--
-- 625. [func] Zones now inherit their class from the enclosing view.
--
-- 624. [bug] The zone object could get timer events after it had
-- been destroyed, causing a server crash. [RT #571]
--
-- 623. [func] Added "named-checkconf" and "named-checkzone" program
-- for syntax checking named.conf files and zone files,
-- respectively.
--
-- 622. [bug] A canceled request could be destroyed before
-- dns_request_destroy() was called. [RT #562]
--
-- 621. [port] Disable IPv6 at runtime if IPv6 sockets are unusable.
-- This mostly affects Red Hat Linux 7.0, which has
-- conflicts between libc and the kernel.
--
-- 620. [bug] dns_master_load*inc() now require 'task' and 'load'
-- to be non-null. Also 'done' will not be called if
-- dns_master_load*inc() fails immediately. [RT #565]
--
-- 619. [placeholder]
--
-- 618. [bug] Queries to a signed zone could sometimes cause
-- an assertion failure.
--
-- 617. [bug] When using dynamic update to add a new RR to an
-- existing RRset with a different TTL, the journal
-- entries generated from the update did not include
-- explicit deletions and re-additions of the existing
-- RRs to update their TTL to the new value.
--
-- 616. [func] dnssec-signzone -t output now includes performance
-- statistics.
--
-- 615. [bug] dnssec-signzone did not like child keysets signed
-- by multiple keys.
--
-- 614. [bug] Checks for uninitialized link fields were prone
-- to false positives, causing assertion failures.
-- The checks are now disabled by default and may
-- be re-enabled by defining ISC_LIST_CHECKINIT.
--
-- 613. [bug] "rndc reload zone" now reloads primary zones.
-- It previously only updated slave and stub zones,
-- if an SOA query indicated an out of date serial.
--
-- 612. [cleanup] Shutup a ridiculously noisy HP-UX compiler that
-- complains relentlessly about how its treatment
-- of 'const' has changed as well as how casting
-- sometimes tightens alignment constraints.
--
-- 611. [func] allow-notify can be used to permit processing of
-- notify messages from hosts other than a slave's
-- masters.
--
-- 610. [func] rndc dumpdb is now supported.
--
-- 609. [bug] getrrsetbyname() would crash lwresd if the server
-- found more SIGs than answers. [RT #554]
--
-- 608. [func] dnssec-signzone now adds a comment to the zone
-- with the time the file was signed.
--
-- 607. [bug] nsupdate would fail if it encountered a CNAME or
-- DNAME in a response to an SOA query. [RT #515]
--
-- 606. [bug] Compiling with --disable-threads failed due
-- to isc_thread_self() being incorrectly defined
-- as an integer rather than a function.
--
-- 605. [func] New function isc_lex_getlasttokentext().
--
-- 604. [bug] The named.conf parser could print incorrect line
-- numbers when long comments were present.
--
-- 603. [bug] Make dig handle multiple types or classes on the same
-- query more correctly.
--
-- 602. [func] Cope automatically with UnixWare's broken
-- IN6_IS_ADDR_* macros. [RT #539]
--
-- 601. [func] Return a non-zero exit code if an update fails
-- in nsupdate.
--
-- 600. [bug] Reverse lookups sometimes failed in dig, etc...
--
-- 599. [func] Added four new functions to the libisc log API to
-- support i18n messages. isc_log_iwrite(),
-- isc_log_ivwrite(), isc_log_iwrite1() and
-- isc_log_ivwrite1() were added.
--
-- 598. [bug] An update-policy statement would cause the server
-- to assert while loading. [RT #536]
--
-- 597. [func] dnssec-signzone is now multi-threaded.
--
-- 596. [bug] DNS_RDATASLAB_FORCE and DNS_RDATASLAB_EXACT are
-- not mutually exclusive.
--
-- 595. [port] On Linux 2.2, socket() returns EINVAL when it
-- should return EAFNOSUPPORT. Work around this.
-- [RT #531]
--
-- 594. [func] sdb drivers are now assumed to not be thread-safe
-- unless the DNS_SDBFLAG_THREADSAFE flag is supplied.
--
-- 593. [bug] If a secure zone was missing all its NXTs and
-- a dynamic update was attempted, the server entered
-- an infinite loop.
--
-- 592. [bug] The sig-validity-interval option now specifies a
-- number of days, not seconds. This matches the
-- documentation. [RT #529]
--
-- --- 9.1.0b1 released ---
--
-- 591. [bug] Work around non-reentrancy in openssl by disabling
-- pre-computation in keys.
--
-- 590. [doc] There are now man pages for the lwres library in
-- doc/man/lwres.
--
-- 589. [bug] The server could deadlock if a zone was updated
-- while being transferred out.
--
-- 588. [bug] ctx->in_use was not being correctly initialized when
-- when pushing a file for $INCLUDE. [RT #523]
--
-- 587. [func] A warning is now printed if the "allow-update"
-- option allows updates based on the source IP
-- address, to alert users to the fact that this
-- is insecure and becoming increasingly so as
-- servers capable of update forwarding are being
-- deployed.
--
-- 586. [bug] multiple views with the same name were fatal. [RT #516]
--
-- 585. [func] dns_db_addrdataset() and and dns_rdataslab_merge()
-- now support 'exact' additions in a similar manner to
-- dns_db_subtractrdataset() and dns_rdataslab_subtract().
--
-- 584. [func] You can now say 'notify explicit'; to suppress
-- notification of the servers listed in NS records
-- and notify only those servers listed in the
-- 'also-notify' option.
--
-- 583. [func] "rndc querylog" will now toggle logging of
-- queries, like "ndc querylog" in BIND 8.
--
-- 582. [bug] dns_zone_idetach() failed to lock the zone.
-- [RT #199, #463]
--
-- 581. [bug] log severity was not being correctly processed.
-- [RT #485]
--
-- 580. [func] Ignore trailing garbage on incoming DNS packets,
-- for interoperability with broken server
-- implementations. [RT #491]
--
-- 579. [bug] nsupdate did not take a filename to read update from.
-- [RT #492]
--
-- 578. [func] New config option "notify-source", to specify the
-- source address for notify messages.
--
-- 577. [func] Log illegal RDATA combinations. e.g. multiple
-- singleton types, cname and other data.
--
-- 576. [doc] isc_log_create() description did not match reality.
--
-- 575. [bug] isc_log_create() was not setting internal state
-- correctly to reflect the default channels created.
--
-- 574. [bug] TSIG signed queries sent by the resolver would fail to
-- have their responses validated and would leak memory.
--
-- 573. [bug] The journal files of IXFRed slave zones were
-- inadvertently discarded on server reload, causing
-- "journal out of sync with zone" errors on subsequent
-- reloads. [RT #482]
--
-- 572. [bug] Quoted strings were not accepted as key names in
-- address match lists.
--
-- 571. [bug] It was possible to create an rdataset of singleton
-- type which had more than one rdata. [RT #154]
-- [RT #279]
--
-- 570. [bug] rbtdb.c allowed zones containing nodes which had
-- both a CNAME and "other data". [RT #154]
--
-- 569. [func] The DNSSEC AD bit will not be set on queries which
-- have not requested a DNSSEC response.
--
-- 568. [func] Add sample simple database drivers in contrib/sdb.
--
-- 567. [bug] Setting the zone transfer timeout to zero caused an
-- assertion failure. [RT #302]
--
-- 566. [func] New public function dns_timer_setidle().
--
-- 565. [func] Log queries more like BIND 8: query logging is now
-- done to category "queries", level "info". [RT #169]
--
-- 564. [func] Add sortlist support to lwresd.
--
-- 563. [func] New public functions dns_rdatatype_format() and
-- dns_rdataclass_format(), for convenient formatting
-- of rdata type/class mnemonics in log messages.
--
-- 562. [cleanup] Moved lib/dns/*conf.c to bin/named where they belong.
--
-- 561. [func] The 'datasize', 'stacksize', 'coresize' and 'files'
-- clauses of the options{} statement are now implemented.
--
-- 560. [bug] dns_name_split did not properly the resulting prefix
-- when a maximal length bitstring label was split which
-- was preceded by another bitstring label. [RT #429]
--
-- 559. [bug] dns_name_split did not properly create the suffix
-- when splitting within a maximal length bitstring label.
--
-- 558. [func] New functions, isc_resource_getlimit and
-- isc_resource_setlimit.
--
-- 557. [func] Symbolic constants for libisc integral types.
--
-- 556. [func] The DNSSEC OK bit in the EDNS extended flags
-- is now implemented. Responses to queries without
-- this bit set will not contain any DNSSEC records.
--
-- 555. [bug] A slave server attempting a zone transfer could
-- crash with an assertion failure on certain
-- malformed responses from the master. [RT #457]
--
-- 554. [bug] In some cases, not all of the dnssec tools were
-- properly installed.
--
-- 553. [bug] Incoming zone transfers deferred due to quota
-- were not started when quota was increased but
-- only when a transfer in progress finished. [RT #456]
--
-- 552. [bug] We were not correctly detecting the end of all c-style
-- comments. [RT #455]
--
-- 551. [func] Implemented the 'sortlist' option.
--
-- 550. [func] Support unknown rdata types and classes.
--
-- 549. [bug] "make" did not immediately abort the build when a
-- subdirectory make failed [RT #450].
--
-- 548. [func] The lexer now ungets tokens more correctly.
--
-- 547. [placeholder]
--
-- 546. [func] Option 'lame-ttl' is now implemented.
--
-- 545. [func] Name limit and counting options removed from dig;
-- they didn't work properly, and cannot be correctly
-- implemented without significant changes.
--
-- 544. [func] Add statistics option, enable statistics-file option,
-- add RNDC option "dump-statistics" to write out a
-- query statistics file.
--
-- 543. [doc] The 'port' option is now documented.
--
-- 542. [func] Add support for update forwarding as required for
-- full compliance with RFC2136. It is turned off
-- by default and can be enabled using the
-- 'allow-update-forwarding' option.
--
-- 541. [func] Add bogus server support.
--
-- 540. [func] Add dialup support.
--
-- 539. [func] Support the blackhole option.
--
-- 538. [bug] fix buffer overruns by 1 in lwres_getnameinfo().
--
-- 537. [placeholder]
--
-- 536. [func] Use transfer-source{-v6} when sending refresh queries.
-- Transfer-source{-v6} now take a optional port
-- parameter for setting the UDP source port. The port
-- parameter is ignored for TCP.
--
-- 535. [func] Use transfer-source{-v6} when forwarding update
-- requests.
--
-- 534. [func] Ancestors have been removed from RBT chains. Ancestor
-- information can be discerned via node parent pointers.
--
-- 533. [func] Incorporated name hashing into the RBT database to
-- improve search speed.
--
-- 532. [func] Implement DNS UPDATE pseudo records using
-- DNS_RDATA_UPDATE flag.
--
-- 531. [func] Rdata really should be initialized before being assigned
-- to (dns_rdata_fromwire(), dns_rdata_fromtext(),
-- dns_rdata_clone(), dns_rdata_fromregion()),
-- check that it is.
--
-- 530. [func] New function dns_rdata_invalidate().
--
-- 529. [bug] 521 contained a bug which caused zones to always
-- reload. [RT #410]
--
-- 528. [func] The ISC_LIST_XXXX macros now perform sanity checks
-- on their arguments. ISC_LIST_XXXXUNSAFE can be use
-- to skip the checks however use with caution.
--
-- 527. [func] New function dns_rdata_clone().
--
-- 526. [bug] nsupdate incorrectly refused to add RRs with a TTL
-- of 0.
--
-- 525. [func] New arguments 'options' for dns_db_subtractrdataset(),
-- and 'flags' for dns_rdataslab_subtract() allowing you
-- to request that the RR's must exist prior to deletion.
-- DNS_R_NOTEXACT is returned if the condition is not met.
--
-- 524. [func] The 'forward' and 'forwarders' statement in
-- non-forward zones should work now.
--
-- 523. [doc] The source to the Administrator Reference Manual is
-- now an XML file using the DocBook DTD, and is included
-- in the distribution. The plain text version of the
-- ARM is temporarily unavailable while we figure out
-- how to generate readable plain text from the XML.
--
-- 522. [func] The lightweight resolver daemon can now use
-- a real configuration file, and its functionality
-- can be provided by a name server. Also, the -p and -P
-- options to lwresd have been reversed.
--
-- 521. [bug] Detect master files which contain $INCLUDE and always
-- reload. [RT #196]
--
-- 520. [bug] Upgraded libtool to 1.3.5, which makes shared
-- library builds almost work on AIX (and possibly
-- others).
--
-- 519. [bug] dns_name_split() would improperly split some bitstring
-- labels, zeroing a few of the least significant bits in
-- the prefix part. When such an improperly created
-- prefix was returned to the RBT database, the bogus
-- label was dutifully stored, corrupting the tree.
-- [RT #369]
--
-- 518. [bug] The resolver did not realize that a DNAME which was
-- "the answer" to the client's query was "the answer",
-- and such queries would fail. [RT #399]
--
-- 517. [bug] The resolver's DNAME code would trigger an assertion
-- if there was more than one DNAME in the chain.
-- [RT #399]
--
-- 516. [bug] Cache lookups which had a NULL node pointer, e.g.
-- those by dns_view_find(), and which would match a
-- DNAME, would trigger an INSIST(!search.need_cleanup)
-- assertion. [RT #399]
--
-- 515. [bug] The ssu table was not being attached / detached
-- by dns_zone_[sg]etssutable. [RT#397]
--
-- 514. [func] Retry refresh and notify queries if they timeout.
-- [RT #388]
--
-- 513. [func] New functionality added to rdnc and server to allow
-- individual zones to be refreshed or reloaded.
--
-- 512. [bug] The zone transfer code could throw an exception with
-- an invalid IXFR stream.
--
-- 511. [bug] The message code could throw an assertion on an
-- out of memory failure. [RT #392]
--
-- 510. [bug] Remove spurious view notify warning. [RT #376]
--
-- 509. [func] Add support for write of zone files on shutdown.
--
-- 508. [func] dns_message_parse() can now do a best-effort
-- attempt, which should allow dig to print more invalid
-- messages.
--
-- 507. [func] New functions dns_zone_flush(), dns_zt_flushanddetach()
-- and dns_view_flushanddetach().
--
-- 506. [func] Do not fail to start on errors in zone files.
--
-- 505. [bug] nsupdate was printing "unknown result code". [RT #373]
--
-- 504. [bug] The zone was not being marked as dirty when updated via
-- IXFR.
--
-- 503. [bug] dumptime was not being set along with
-- DNS_ZONEFLG_NEEDDUMP.
--
-- 502. [func] On a SERVFAIL reply, DiG will now try the next server
-- in the list, unless the +fail option is specified.
--
-- 501. [bug] Incorrect port numbers were being displayed by
-- nslookup. [RT #352]
--
-- 500. [func] Nearly useless +details option removed from DiG.
--
-- 499. [func] In DiG, specifying a class with -c or type with -t
-- changes command-line parsing so that classes and
-- types are only recognized if following -c or -t.
-- This allows hosts with the same name as a class or
-- type to be looked up.
--
-- 498. [doc] There is now a man page for "dig"
-- in doc/man/bin/dig.1.
--
-- 497. [bug] The error messages printed when an IP match list
-- contained a network address with a nonzero host
-- part where not sufficiently detailed. [RT #365]
--
-- 496. [bug] named didn't sanity check numeric parameters. [RT #361]
--
-- 495. [bug] nsupdate was unable to handle large records. [RT #368]
--
-- 494. [func] Do not cache NXDOMAIN responses for SOA queries.
--
-- 493. [func] Return non-cachable (ttl = 0) NXDOMAIN responses
-- for SOA queries. This makes it easier to locate
-- the containing zone without polluting intermediate
-- caches.
--
-- 492. [bug] attempting to reload a zone caused the server fail
-- to shutdown cleanly. [RT #360]
--
-- 491. [bug] nsupdate would segfault when sending certain
-- prerequisites with empty RDATA. [RT #356]
--
-- 490. [func] When a slave/stub zone has not yet successfully
-- obtained an SOA containing the zone's configured
-- retry time, perform the SOA query retries using
-- exponential backoff. [RT #337]
--
-- 489. [func] The zone manager now has a "i/o" queue.
--
-- 488. [bug] Locks weren't properly destroyed in some cases.
--
-- 487. [port] flockfile() is not defined on all systems.
--
-- 486. [bug] nslookup: "set all" and "server" commands showed
-- the incorrect port number if a port other than 53
-- was specified. [RT #352]
--
-- 485. [func] When dig had more than one server to query, it would
-- send all of the messages at the same time. Add
-- rate limiting of the transmitted messages.
--
-- 484. [bug] When the server was reloaded after removing addresses
-- from the named.conf "listen-on" statement, sockets
-- were still listening on the removed addresses due
-- to reference count loops. [RT #325]
--
-- 483. [bug] nslookup: "set all" showed a "search" option but it
-- was not settable.
--
-- 482. [bug] nslookup: a plain "server" or "lserver" should be
-- treated as a lookup.
--
-- 481. [bug] nslookup:get_next_command() stack size could exceed
-- per thread limit.
--
-- 480. [bug] strtok() is not thread safe. [RT #349]
--
-- 479. [func] The test suite can now be run by typing "make check"
-- or "make test" at the top level.
--
-- 478. [bug] "make install" failed if the directory specified with
-- --prefix did not already exist.
--
-- 477. [bug] The the isc-config.sh script could be installed before
-- its directory was created. [RT #324]
--
-- 476. [bug] A zone could expire while a zone transfer was in
-- progress triggering a INSIST failure. [RT #329]
--
-- 475. [bug] query_getzonedb() sometimes returned a non-null version
-- on failure. This caused assertion failures when
-- generating query responses where names subject to
-- additional section processing pointed to a zone
-- to which access had been denied by means of the
-- allow-query option. [RT #336]
--
-- 474. [bug] The mnemonic of the CHAOS class is CH according to
-- RFC1035, but it was printed and read only as CHAOS.
-- We now accept both forms as input, and print it
-- as CH. [RT #305]
--
-- 473. [bug] nsupdate overran the end of the list of name servers
-- when no servers could be reached, typically causing
-- it to print the error message "dns_request_create:
-- not implemented".
--
-- 472. [bug] Off-by-one error caused isc_time_add() to sometimes
-- produce invalid time values.
--
-- 471. [bug] nsupdate didn't compile on HP/UX 10.20
--
-- 470. [func] $GENERATE is now supported. See also
-- doc/misc/migration.
--
-- 469. [bug] "query-source address * port 53;" now works.
--
-- 468. [bug] dns_master_load*() failed to report file and line
-- number in certain error conditions.
--
-- 467. [bug] dns_master_load*() failed to log an error if
-- pushfile() failed.
--
-- 466. [bug] dns_master_load*() could return success when it failed.
--
-- 465. [cleanup] Allow 0 to be set as an omapi_value_t value by
-- omapi_value_storeint().
--
-- 464. [cleanup] Build with openssl's RSA code instead of dnssafe.
--
-- 463. [bug] nsupdate sent malformed SOA queries to the second
-- and subsequent name servers in resolv.conf if the
-- query sent to the first one failed.
--
-- 462. [bug] --disable-ipv6 should work now.
--
-- 461. [bug] Specifying an unknown key in the "keys" clause of the
-- "controls" statement caused a NULL pointer dereference.
-- [RT #316]
--
-- 460. [bug] Much of the DNSSEC code only worked with class IN.
--
-- 459. [bug] Nslookup processed the "set" command incorrectly.
--
-- 458. [bug] Nslookup didn't properly check class and type values.
-- [RT #305]
--
-- 457. [bug] Dig/host/hslookup didn't properly handle connect
-- timeouts in certain situations, causing an
-- unnecessary warning message to be printed.
--
-- 456. [bug] Stub zones were not resetting the refresh and expire
-- counters, loadtime or clearing the DNS_ZONE_REFRESH
-- (refresh in progress) flag upon successful update.
-- This disabled further refreshing of the stub zone,
-- causing it to eventually expire. [RT #300]
--
-- 455. [doc] Document IPv4 prefix notation does not require a
-- dotted decimal quad but may be just dotted decimal.
--
-- 454. [bug] Enforce dotted decimal and dotted decimal quad where
-- documented as such in named.conf. [RT #304, RT #311]
--
-- 453. [bug] Warn if the obsolete option "maintain-ixfr-base"
-- is specified in named.conf. [RT #306]
--
-- 452. [bug] Warn if the unimplemented option "statistics-file"
-- is specified in named.conf. [RT #301]
--
-- 451. [func] Update forwarding implemented.
--
-- 450. [func] New function ns_client_sendraw().
--
-- 449. [bug] isc_bitstring_copy() only works correctly if the
-- two bitstrings have the same lsb0 value, but this
-- requirement was not documented, nor was there a
-- REQUIRE for it.
--
-- 448. [bug] Host output formatting change, to match v8. [RT #255]
--
-- 447. [bug] Dig didn't properly retry in TCP mode after
-- a truncated reply. [RT #277]
--
-- 446. [bug] Confusing notify log message. [RT #298]
--
-- 445. [bug] Doing a 0 bit isc_bitstring_copy() of an lsb0
-- bitstring triggered a REQUIRE statement. The REQUIRE
-- statement was incorrect. [RT #297]
--
-- 444. [func] "recursion denied" messages are always logged at
-- debug level 1, now, rather than sometimes at ERROR.
-- This silences these warnings in the usual case, where
-- some clients set the RD bit in all queries.
--
-- 443. [bug] When loading a master file failed because of an
-- unrecognized RR type name, the error message
-- did not include the file name and line number.
-- [RT #285]
--
-- 442. [bug] TSIG signed messages that did not match any view
-- crashed the server. [RT #290]
--
-- 441. [bug] Nodes obscured by a DNAME were inaccessible even
-- when DNS_DBFIND_GLUEOK was set.
--
-- 440. [func] New function dns_zone_forwardupdate().
--
-- 439. [func] New function dns_request_createraw().
--
-- 438. [func] New function dns_message_getrawmessage().
--
-- 437. [func] Log NOTIFY activity to the notify channel.
--
-- 436. [bug] If recvmsg() returned EHOSTUNREACH or ENETUNREACH,
-- which sometimes happens on Linux, named would enter
-- a busy loop. Also, unexpected socket errors were
-- not logged at a high enough logging level to be
-- useful in diagnosing this situation. [RT #275]
--
-- 435. [bug] dns_zone_dump() overwrote existing zone files
-- rather than writing to a temporary file and
-- renaming. This could lead to empty or partial
-- zone files being left around in certain error
-- conditions involving the initial transfer of a
-- slave zone, interfering with subsequent server
-- startup. [RT #282]
--
-- 434. [func] New function isc_file_isabsolute().
--
-- 433. [func] isc_base64_decodestring() now accepts newlines
-- within the base64 data. This makes it possible
-- to break up the key data in a "trusted-keys"
-- statement into multiple lines. [RT #284]
--
-- 432. [func] Added refresh/retry jitter. The actual refresh/
-- retry time is now a random value between 75% and
-- 100% of the configured value.
--
-- 431. [func] Log at ISC_LOG_INFO when a zone is successfully
-- loaded.
--
-- 430. [bug] Rewrote the lightweight resolver client management
-- code to handle shutdown correctly and general
-- cleanup.
--
-- 429. [bug] The space reserved for a TSIG record in a response
-- was 2 bytes too short, leading to message
-- generation failures.
--
-- 428. [bug] rbtdb.c:find_closest_nxt() erroneously returned
-- DNS_R_BADDB for nodes which had neither NXT nor SIG NXT
-- (e.g. glue). This could cause SERVFAILs when
-- generating negative responses in a secure zone.
--
-- 427. [bug] Avoid going into an infinite loop when the validator
-- gets a negative response to a key query where the
-- records are signed by the missing key.
--
-- 426. [bug] Attempting to generate an oversized RSA key could
-- cause dnssec-keygen to dump core.
--
-- 425. [bug] Warn about the auth-nxdomain default value change
-- if there is no auth-nxdomain statement in the
-- config file. [RT #287]
--
-- 424. [bug] notify_createmessage() could trigger an assertion
-- failure when creating the notify message failed,
-- e.g. due to corrupt zones with multiple SOA records.
-- [RT #279]
--
-- 423. [bug] When responding to a recursive query, errors that occur
-- after following a CNAME should cause the query to fail.
-- [RT #274]
--
-- 422. [func] get rid of isc_random_t, and make isc_random_get()
-- and isc_random_jitter() use rand() internally
-- instead of local state. Note that isc_random_*()
-- functions are only for weak, non-critical "randomness"
-- such as timing jitter and such.
--
-- 421. [bug] nslookup would exit when given a blank line as input.
--
-- 420. [bug] nslookup failed to implement the "exit" command.
--
-- 419. [bug] The certificate type PKIX was misspelled as SKIX.
--
-- 418. [bug] At debug levels >= 10, getting an unexpected
-- socket receive error would crash the server
-- while trying to log the error message.
--
-- 417. [func] Add isc_app_block() and isc_app_unblock(), which
-- allow an application to handle signals while
-- blocking.
--
-- 416. [bug] Slave zones with no master file tried to use a
-- NULL pointer for a journal file name when they
-- received an IXFR. [RT #273]
--
-- 415. [bug] The logging code leaked file descriptors.
--
-- 414. [bug] Server did not shut down until all incoming zone
-- transfers were finished.
--
-- 413. [bug] Notify could attempt to use the zone database after
-- it had been unloaded. [RT#267]
--
-- 412. [bug] named -v didn't print the version.
--
-- 411. [bug] A typo in the HS A code caused an assertion failure.
--
-- 410. [bug] lwres_gethostbyname() and company set lwres_h_errno
-- to a random value on success.
--
-- 409. [bug] If named was shut down early in the startup
-- process, ns_omapi_shutdown() would attempt to lock
-- an uninitialized mutex. [RT #262]
--
-- 408. [bug] stub zones could leak memory and reference counts if
-- all the masters were unreachable.
--
-- 407. [bug] isc_rwlock_lock() would needlessly block
-- readers when it reached the read quota even
-- if no writers were waiting.
--
-- 406. [bug] Log messages were occasionally lost or corrupted
-- due to a race condition in isc_log_doit().
--
-- 405. [func] Add support for selective forwarding (forward zones)
--
-- 404. [bug] The request library didn't completely work with IPv6.
--
-- 403. [bug] "host" did not use the search list.
--
-- 402. [bug] Treat undefined acls as errors, rather than
-- warning and then later throwing an assertion.
-- [RT #252]
--
-- 401. [func] Added simple database API.
--
-- 400. [bug] SIG(0) signing and verifying was done incorrectly.
-- [RT #249]
--
-- 399. [bug] When reloading the server with a config file
-- containing a syntax error, it could catch an
-- assertion failure trying to perform zone
-- maintenance on, or sending notifies from,
-- tentatively created zones whose views were
-- never fully configured and lacked an address
-- database and request manager.
--
-- 398. [bug] "dig" sometimes caught an assertion failure when
-- using TSIG, depending on the key length.
--
-- 397. [func] Added utility functions dns_view_gettsig() and
-- dns_view_getpeertsig().
--
-- 396. [doc] There is now a man page for "nsupdate"
-- in doc/man/bin/nsupdate.8.
--
-- 395. [bug] nslookup printed incorrect RR type mnemonics
-- for RRs of type >= 21 [RT #237].
--
-- 394. [bug] Current name was not propagated via $INCLUDE.
--
-- 393. [func] Initial answer while loading (awl) support.
-- Entry points: dns_master_loadfileinc(),
-- dns_master_loadstreaminc(), dns_master_loadbufferinc().
-- Note: calls to dns_master_load*inc() should be rate
-- be rate limited so as to not use up all file
-- descriptors.
--
-- 392. [func] Add ISC_R_FAMILYNOSUPPORT. Returned when OS does
-- not support the given address family requested.
--
-- 391. [clarity] ISC_R_FAMILY -> ISC_R_FAMILYMISMATCH.
--
-- 390. [func] The function dns_zone_setdbtype() now takes
-- an argc/argv style vector of words and sets
-- both the zone database type and its arguments,
-- making the functions dns_zone_adddbarg()
-- and dns_zone_cleardbargs() unnecessary.
--
-- 389. [bug] Attempting to send a request over IPv6 using
-- dns_request_create() on a system without IPv6
-- support caused an assertion failure [RT #235].
--
-- 388. [func] dig and host can now do reverse ipv6 lookups.
--
-- 387. [func] Add dns_byaddr_createptrname(), which converts
-- an address into the name used by a PTR query.
--
-- 386. [bug] Missing strdup() of ACL name caused random
-- ACL matching failures [RT #228].
--
-- 385. [cleanup] Removed functions dns_zone_equal(), dns_zone_print(),
-- and dns_zt_print().
--
-- 384. [bug] nsupdate was incorrectly limiting TTLs to 65535 instead
-- of 2147483647.
--
-- 383. [func] When writing a master file, print the SOA and NS
-- records (and their SIGs) before other records.
--
-- 382. [bug] named -u failed on many Linux systems where the
-- libc provided kernel headers do not match
-- the current kernel.
--
-- 381. [bug] Check for IPV6_RECVPKTINFO and use it instead of
-- IPV6_PKTINFO if found. [RT #229]
--
-- 380. [bug] nsupdate didn't work with IPv6.
--
-- 379. [func] New library function isc_sockaddr_anyofpf().
--
-- 378. [func] named and lwresd will log the command line arguments
-- they were started with in the "starting ..." message.
--
-- 377. [bug] When additional data lookups were refused due to
-- "allow-query", the databases were still being
-- attached causing reference leaks.
--
-- 376. [bug] The server should always use good entropy when
-- performing cryptographic functions needing entropy.
--
-- 375. [bug] Per-zone "allow-query" did not properly override the
-- view/global one for CNAME targets and additional
-- data [RT #220].
--
-- 374. [bug] SOA in authoritative negative responses had wrong TTL.
--
-- 373. [func] nslookup is now installed by "make install".
--
-- 372. [bug] Deal with Microsoft DNS servers appending two bytes of
-- garbage to zone transfer requests.
--
-- 371. [bug] At high debug levels, doing an outgoing zone transfer
-- of a very large RRset could cause an assertion failure
-- during logging.
--
-- 370. [bug] The error messages for roll-forward failures were
-- overly terse.
--
-- 369. [func] Support new named.conf options, view and zone
-- statements:
--
-- max-retry-time, min-retry-time,
-- max-refresh-time, min-refresh-time.
--
-- 368. [func] Restructure the internal ".bind" view so that more
-- zones can be added to it.
--
-- 367. [bug] Allow proper selection of server on nslookup command
-- line.
--
-- 366. [func] Allow use of '-' batch file in dig for stdin.
--
-- 365. [bug] nsupdate -k leaked memory.
--
-- 364. [func] Added additional-from-{cache,auth}
--
-- 363. [placeholder]
--
-- 362. [bug] rndc no longer aborts if the configuration file is
-- missing an options statement. [RT #209]
--
-- 361. [func] When the RBT find or chain functions set the name and
-- origin for a node that stores the root label
-- the name is now set to an empty name, instead of ".",
-- to simplify later use of the name and origin by
-- dns_name_concatenate(), dns_name_totext() or
-- dns_name_format().
--
-- 360. [func] dns_name_totext() and dns_name_format() now allow
-- an empty name to be passed, which is formatted as "@".
--
-- 359. [bug] dnssec-signzone occasionally signed glue records.
--
-- 358. [cleanup] Rename the intermediate files used by the dnssec
-- programs.
--
-- 357. [bug] The zone file parser crashed if the argument
-- to $INCLUDE was a quoted string.
--
-- 356. [cleanup] isc_task_send no longer requires event->sender to
-- be non-null.
--
-- 355. [func] Added isc_dir_createunique(), similar to mkdtemp().
--
-- 354. [doc] Man pages for the dnssec tools are now included in
-- the distribution, in doc/man/dnssec.
--
-- 353. [bug] double increment in lwres/gethost.c:copytobuf().
-- [RT# 187]
--
-- 352. [bug] Race condition in dns_client_t startup could cause
-- an assertion failure.
--
-- 351. [bug] Constructing a response with rcode SERVFAIL to a TSIG
-- signed query could crash the server.
--
-- 350. [bug] Also-notify lists specified in the global options
-- block were not correctly reference counted, causing
-- a memory leak.
--
-- 349. [bug] Processing a query with the CD bit set now works
-- as expected.
--
-- 348. [func] New boolean named.conf options 'additional-from-auth'
-- and 'additional-from-cache' now supported in view and
-- global options statement.
--
-- 347. [bug] Don't crash if an argument is left off options in dig.
--
-- 346. [placeholder]
--
-- 345. [bug] Large-scale changes/cleanups to dig:
-- * Significantly improve structure handling
-- * Don't pre-load entire batch files
-- * Add name/rr counting/limiting
-- * Fix SIGINT handling
-- * Shorten timeouts to match v8's behavior
--
-- 344. [bug] When shutting down, lwresd sometimes tried
-- to shut down its client tasks twice,
-- triggering an assertion.
--
-- 343. [bug] Although zone maintenance SOA queries and
-- notify requests were signed with TSIG keys
-- when configured for the server in case,
-- the TSIG was not verified on the response.
--
-- 342. [bug] The wrong name was being passed to
-- dns_name_dup() when generating a TSIG
-- key using TKEY.
--
-- 341. [func] Support 'key' clause in named.conf zone masters
-- statement to allow authentication via TSIG keys:
--
-- masters {
-- 10.0.0.1 port 5353 key "foo";
-- 10.0.0.2 ;
-- };
--
-- 340. [bug] The top-level COPYRIGHT file was missing from
-- the distribution.
--
-- 339. [bug] DNSSEC validation of the response to an ANY
-- query at a name with a CNAME RR in a secure
-- zone triggered an assertion failure.
--
-- 338. [bug] lwresd logged to syslog as named, not lwresd.
--
-- 337. [bug] "dig" did not recognize "nsap-ptr" as an RR type
-- on the command line.
--
-- 336. [bug] "dig -f" used 64 k of memory for each line in
-- the file. It now uses much less, though still
-- proportionally to the file size.
--
-- 335. [bug] named would occasionally attempt recursion when
-- it was disallowed or undesired.
--
-- 334. [func] Added hmac-md5 to libisc.
--
-- 333. [bug] The resolver incorrectly accepted referrals to
-- domains that were not parents of the query name,
-- causing assertion failures.
--
-- 332. [func] New function dns_name_reset().
--
-- 331. [bug] Only log "recursion denied" if RD is set. [RT #178]
--
-- 330. [bug] Many debugging messages were partially formatted
-- even when debugging was turned off, causing a
-- significant decrease in query performance.
--
-- 329. [func] omapi_auth_register() now takes a size_t argument for
-- the length of a key's secret data. Previously
-- OMAPI only stored secrets up to the first NUL byte.
--
-- 328. [func] Added isc_base64_decodestring().
--
-- 327. [bug] rndc.conf parser wasn't correctly recognizing an IP
-- address where a host specification was required.
--
-- 326. [func] 'keys' in an 'inet' control statement is now
-- required and must have at least one item in it.
-- A "not supported" warning is now issued if a 'unix'
-- control channel is defined.
--
-- 325. [bug] isc_lex_gettoken was processing octal strings when
-- ISC_LEXOPT_CNUMBER was not set.
--
-- 324. [func] In the resolver, turn EDNS0 off if there is no
-- response after a number of retransmissions.
-- This is to allow queries some chance of succeeding
-- even if all the authoritative servers of a zone
-- silently discard EDNS0 requests instead of
-- sending an error response like they ought to.
--
-- 323. [bug] dns_rbt_findname() did not ignore empty rbt nodes.
-- Because of this, servers authoritative for a parent
-- and grandchild zone but not authoritative for the
-- intervening child zone did not correctly issue
-- referrals to the servers of the child zone.
--
-- 322. [bug] Queries for KEY RRs are now sent to the parent
-- server before the authoritative one, making
-- DNSSEC insecurity proofs work in many cases
-- where they previously didn't.
--
-- 321. [bug] When synthesizing a CNAME RR for a DNAME
-- response, query_addcname() failed to initialize
-- the type and class of the CNAME dns_rdata_t,
-- causing random failures.
--
-- 320. [func] Multiple rndc changes: parses an rndc.conf file,
-- uses authentication to talk to named, command
-- line syntax changed. This will all be described
-- in the ARM.
--
-- 319. [func] The named.conf "controls" statement is now used
-- to configure the OMAPI command channel.
--
-- 318. [func] dns_c_ndcctx_destroy() could never return anything
-- except ISC_R_SUCCESS; made it have void return instead.
--
-- 317. [func] Use callbacks from libomapi to determine if a
-- new connection is valid, and if a key requested
-- to be used with that connection is valid.
--
-- 316. [bug] Generate a warning if we detect an unexpected <eof>
-- but treat as <eol><eof>.
--
-- 315. [bug] Handle non-empty blanks lines. [RT #163]
--
-- 314. [func] The named.conf controls statement can now have
-- more than one key specified for the inet clause.
--
-- 313. [bug] When parsing resolv.conf, don't terminate on an
-- error. Instead, parse as much as possible, but
-- still return an error if one was found.
--
-- 312. [bug] Increase the number of allowed elements in the
-- resolv.conf search path from 6 to 8. If there
-- are more than this, ignore the remainder rather
-- than returning a failure in lwres_conf_parse.
--
-- 311. [bug] lwres_conf_parse failed when the first line of
-- resolv.conf was empty or a comment.
--
-- 310. [func] Changes to named.conf "controls" statement (inet
-- subtype only)
--
-- - support "keys" clause
--
-- controls {
-- inet * port 1024
-- allow { any; } keys { "foo"; }
-- }
--
-- - allow "port xxx" to be left out of statement,
-- in which case it defaults to omapi's default port
-- of 953.
--
-- 309. [bug] When sending a referral, the server did not look
-- for name server addresses as glue in the zone
-- holding the NS RRset in the case where this zone
-- was not the same as the one where it looked for
-- name server addresses as authoritative data.
--
-- 308. [bug] Treat a SOA record not at top of zone as an error
-- when loading a zone. [RT #154]
--
-- 307. [bug] When canceling a query, the resolver didn't check for
-- isc_socket_sendto() calls that did not yet have their
-- completion events posted, so it could (rarely) end up
-- destroying the query context and then want to use
-- it again when the send event posted, triggering an
-- assertion as it tried to cancel an already-canceled
-- query. [RT #77]
--
-- 306. [bug] Reading HMAC-MD5 private key files didn't work.
--
-- 305. [bug] When reloading the server with a config file
-- containing a syntax error, it could catch an
-- assertion failure trying to perform zone
-- maintenance on tentatively created zones whose
-- views were never fully configured and lacked
-- an address database.
--
-- 304. [bug] If more than LWRES_CONFMAXNAMESERVERS servers
-- are listed in resolv.conf, silently ignore them
-- instead of returning failure.
--
-- 303. [bug] Add additional sanity checks to differentiate a AXFR
-- response vs a IXFR response. [RT #157]
--
-- 302. [bug] In dig, host, and nslookup, MXNAME should be large
-- enough to hold any legal domain name in presentation
-- format + terminating NULL.
--
-- 301. [bug] Uninitialized pointer in host:printmessage(). [RT #159]
--
-- 300. [bug] Using both <isc/net.h> and <lwres/net.h> didn't work
-- on platforms lacking IPv6 because each included their
-- own ipv6 header file for the missing definitions. Now
-- each library's ipv6.h defines the wrapper symbol of
-- the other (ISC_IPV6_H and LWRES_IPV6_H).
--
-- 299. [cleanup] Get the user and group information before changing the
-- root directory, so the administrator does not need to
-- keep a copy of the user and group databases in the
-- chroot'ed environment. Suggested by Hakan Olsson.
--
-- 298. [bug] A mutex deadlock occurred during shutdown of the
-- interface manager under certain conditions.
-- Digital Unix systems were the most affected.
--
-- 297. [bug] Specifying a key name that wasn't fully qualified
-- in certain parts of the config file could cause
-- an assertion failure.
--
-- 296. [bug] "make install" from a separate build directory
-- failed unless configure had been run in the source
-- directory, too.
--
-- 295. [bug] When invoked with type==CNAME and a message
-- not constructed by dns_message_parse(),
-- dns_message_findname() failed to find anything
-- due to checking for attribute bits that are set
-- only in dns_message_parse(). This caused an
-- infinite loop when constructing the response to
-- an ANY query at a CNAME in a secure zone.
--
-- 294. [bug] If we run out of space in while processing glue
-- when reading a master file and commit "current name"
-- reverts to "name_current" instead of staying as
-- "name_glue".
--
-- 293. [port] Add support for FreeBSD 4.0 system tests.
--
-- 292. [bug] Due to problems with the way some operating systems
-- handle simultaneous listening on IPv4 and IPv6
-- addresses, the server no longer listens on IPv6
-- addresses by default. To revert to the previous
-- behavior, specify "listen-on-v6 { any; };" in
-- the config file.
--
-- 291. [func] Caching servers no longer send outgoing queries
-- over TCP just because the incoming recursive query
-- was a TCP one.
--
-- 290. [cleanup] +twiddle option to dig (for testing only) removed.
--
-- 289. [cleanup] dig is now installed in $bindir instead of $sbindir.
-- host is now installed in $bindir. (Be sure to remove
-- any $sbindir/dig from a previous release.)
--
-- 288. [func] rndc is now installed by "make install" into $sbindir.
--
-- 287. [bug] rndc now works again as "rndc 127.1 reload" (for
-- only that task). Parsing its configuration file and
-- using digital signatures for authentication has been
-- disabled until named supports the "controls" statement,
-- post-9.0.0.
--
-- 286. [bug] On Solaris 2, when named inherited a signal state
-- where SIGHUP had the SIG_IGN action, SIGHUP would
-- be ignored rather than causing the server to reload
-- its configuration.
--
-- 285. [bug] A change made to the dst API for beta4 inadvertently
-- broke OMAPI's creation of a dst key from an incoming
-- message, causing an assertion to be triggered. Fixed.
--
-- 284. [func] The DNSSEC key generation and signing tools now
-- generate randomness from keyboard input on systems
-- that lack /dev/random.
--
-- 283. [cleanup] The 'lwresd' program is now a link to 'named'.
--
-- 282. [bug] The lexer now returns ISC_R_RANGE if parsed integer is
-- too big for an unsigned long.
--
-- 281. [bug] Fixed list of recognized config file category names.
--
-- 280. [func] Add isc-config.sh, which can be used to more
-- easily build applications that link with
-- our libraries.
--
-- 279. [bug] Private omapi function symbols shared between
-- two or more files in libomapi.a were not namespace
-- protected using the ISC convention of starting with
-- the library name and two underscores ("omapi__"...)
--
-- 278. [bug] bin/named/logconf.c:category_fromconf() didn't take
-- note of when isc_log_categorybyname() wasn't able
-- to find the category name and would then apply the
-- channel list of the unknown category to all categories.
--
-- 277. [bug] isc_log_categorybyname() and isc_log_modulebyname()
-- would fail to find the first member of any category
-- or module array apart from the internal defaults.
-- Thus, for example, the "notify" category was improperly
-- configured by named.
--
-- 276. [bug] dig now supports maximum sized TCP messages.
--
-- 275. [bug] The definition of lwres_gai_strerror() was missing
-- the lwres_ prefix.
--
-- 274. [bug] TSIG AXFR verify failed when talking to a BIND 8
-- server.
--
-- 273. [func] The default for the 'transfer-format' option is
-- now 'many-answers'. This will break zone transfers
-- to BIND 4.9.5 and older unless there is an explicit
-- 'one-answer' configuration.
--
-- 272. [bug] The sending of large TCP responses was canceled
-- in mid-transmission due to a race condition
-- caused by the failure to set the client object's
-- "newstate" variable correctly when transitioning
-- to the "working" state.
--
-- 271. [func] Attempt to probe the number of cpus in named
-- if unspecified rather than defaulting to 1.
--
-- 270. [func] Allow maximum sized TCP answers.
--
-- 269. [bug] Failed DNSSEC validations could cause an assertion
-- failure by causing clone_results() to be called with
-- with hevent->node == NULL.
--
-- 268. [doc] A plain text version of the Administrator
-- Reference Manual is now included in the distribution,
-- as doc/arm/Bv9ARM.txt.
--
-- 267. [func] Nsupdate is now provided in the distribution.
--
-- 266. [bug] zone.c:save_nsrrset() node was not initialized.
--
-- 265. [bug] dns_request_create() now works for TCP.
--
-- 264. [func] Dispatch can not take TCP sockets in connecting
-- state. Set DNS_DISPATCHATTR_CONNECTED when calling
-- dns_dispatch_createtcp() for connected TCP sockets
-- or call dns_dispatch_starttcp() when the socket is
-- connected.
--
-- 263. [func] New logging channel type 'stderr'
--
-- channel some-name {
-- stderr;
-- severity error;
-- }
--
-- 262. [bug] 'master' was not initialized in zone.c:stub_callback().
--
-- 261. [func] Add dns_zone_markdirty().
--
-- 260. [bug] Running named as a non-root user failed on Linux
-- kernels new enough to support retaining capabilities
-- after setuid().
--
-- 259. [func] New random-device and random-seed-file statements
-- for global options block of named.conf. Both accept
-- a single string argument.
--
-- 258. [bug] Fixed printing of lwres_addr_t.address field.
--
-- 257. [bug] The server detached the last zone manager reference
-- too early, while it could still be in use by queries.
-- This manifested itself as assertion failures during the
-- shutdown process for busy name servers. [RT #133]
--
-- 256. [func] isc_ratelimiter_t now has attach/detach semantics, and
-- isc_ratelimiter_shutdown guarantees that the rate
-- limiter is detached from its task.
--
-- 255. [func] New function dns_zonemgr_attach().
--
-- 254. [bug] Suppress "query denied" messages on additional data
-- lookups.
--
-- --- 9.0.0b4 released ---
--
-- 253. [func] resolv.conf parser now recognizes ';' and '#' as
-- comments (anywhere in line, not just as the beginning).
--
-- 252. [bug] resolv.conf parser mishandled masks on sortlists.
-- It also aborted when an unrecognized keyword was seen,
-- now it silently ignores the entire line.
--
-- 251. [bug] lwresd caught an assertion failure on startup.
--
-- 250. [bug] fixed handling of size+unit when value would be too
-- large for internal representation.
--
-- 249. [cleanup] max-cache-size config option now takes a size-spec
-- like 'datasize', except 'default' is not allowed.
--
-- 248. [bug] global lame-ttl option was not being printed when
-- config structures were written out.
--
-- 247. [cleanup] Rename cache-size config option to max-cache-size.
--
-- 246. [func] Rename global option cachesize to cache-size and
-- add corresponding option to view statement.
--
-- 245. [bug] If an uncompressed name will take more than 255
-- bytes and the buffer is sufficiently long,
-- dns_name_fromwire should return DNS_R_FORMERR,
-- not ISC_R_NOSPACE. This bug caused cause the
-- server to catch an assertion failure when it
-- received a query for a name longer than 255
-- bytes.
--
-- 244. [bug] empty named.conf file and empty options statement are
-- now parsed properly.
--
-- 243. [func] new cachesize option for named.conf
--
-- 242. [cleanup] fixed incorrect warning about auth-nxdomain usage.
--
-- 241. [cleanup] nscount and soacount have been removed from the
-- dns_master_*() argument lists.
--
-- 240. [func] databases now come in three flavours: zone, cache
-- and stub.
--
-- 239. [func] If ISC_MEM_DEBUG is enabled, the variable
-- isc_mem_debugging controls whether messages
-- are printed or not.
--
-- 238. [cleanup] A few more compilation warnings have been quieted:
-- + missing sigwait prototype on BSD/OS 4.0/4.0.1.
-- + PTHREAD_ONCE_INIT unbraced initializer warnings on
-- Solaris 2.8.
-- + IN6ADDR_ANY_INIT unbraced initializer warnings on
-- BSD/OS 4.*, Linux and Solaris 2.8.
--
-- 237. [bug] If connect() returned ENOBUFS when the resolver was
-- initiating a TCP query, the socket didn't get
-- destroyed, and the server did not shut down cleanly.
--
-- 236. [func] Added new listen-on-v6 config file statement.
--
-- 235. [func] Consider it a config file error if a listen-on
-- statement has an IPv6 address in it, or a
-- listen-on-v6 statement has an IPv4 address in it.
--
-- 234. [bug] Allow a trusted-key's first field (domain-name) be
-- either a quoted or an unquoted string, instead of
-- requiring a quoted string.
--
-- 233. [cleanup] Convert all config structure integer values to unsigned
-- integer (isc_uint32_t) to match grammar.
--
-- 232. [bug] Allow slave zones to not have a file.
--
-- 231. [func] Support new 'port' clause in config file options
-- section. Causes 'listen-on', 'masters' and
-- 'also-notify' statements to use its value instead of
-- default (53).
--
-- 230. [func] Replace the dst sign/verify API with a cleaner one.
--
-- 229. [func] Support config file sig-validity-interval statement
-- in options, views and zone statements (master
-- zones only).
--
-- 228. [cleanup] Logging messages in config module stripped of
-- trailing period.
--
-- 227. [cleanup] The enumerated identifiers dns_rdataclass_*,
-- dns_rcode_*, dns_opcode_*, and dns_trust_* are
-- also now cast to their appropriate types, as with
-- dns_rdatatype_* in item number 225 below.
--
-- 226. [func] dns_name_totext() now always prints the root name as
-- '.', even when omit_final_dot is true.
--
-- 225. [cleanup] The enumerated dns_rdatatype_* identifiers are now
-- cast to dns_rdatatype_t via macros of their same name
-- so that they are of the proper integral type wherever
-- a dns_rdatatype_t is needed.
--
-- 224. [cleanup] The entire project builds cleanly with gcc's
-- -Wcast-qual and -Wwrite-strings warnings enabled,
-- which is now the default when using gcc. (Warnings
-- from confparser.c, because of yacc's code, are
-- unfortunately to be expected.)
--
-- 223. [func] Several functions were re-prototyped to qualify one
-- or more of their arguments with "const". Similarly,
-- several functions that return pointers now have
-- those pointers qualified with const.
--
-- 222. [bug] The global 'also-notify' option was ignored.
--
-- 221. [bug] An uninitialized variable was sometimes passed to
-- dns_rdata_freestruct() when loading a zone, causing
-- an assertion failure.
--
-- 220. [cleanup] Set the default outgoing port in the view, and
-- set it in sockaddrs returned from the ADB.
-- [31-May-2000 explorer]
--
-- 219. [bug] Signed truncated messages more correctly follow
-- the respective specs.
--
-- 218. [func] When an rdataset is signed, its ttl is normalized
-- based on the signature validity period.
--
-- 217. [func] Also-notify and trusted-keys can now be used in
-- the 'view' statement.
--
-- 216. [func] The 'max-cache-ttl' and 'max-ncache-ttl' options
-- now work.
--
-- 215. [bug] Failures at certain points in request processing
-- could cause the assertion INSIST(client->lockview
-- == NULL) to be triggered.
--
-- 214. [func] New public function isc_netaddr_format(), for
-- formatting network addresses in log messages.
--
-- 213. [bug] Don't leak memory when reloading the zone if
-- an update-policy clause was present in the old zone.
--
-- 212. [func] Added dns_message_get/settsigkey, to make TSIG
-- key management reasonable.
--
-- 211. [func] The 'key' and 'server' statements can now occur
-- inside 'view' statements.
--
-- 210. [bug] The 'allow-transfer' option was ignored for slave
-- zones, and the 'transfers-per-ns' option was
-- was ignored for all zones.
--
-- 209. [cleanup] Upgraded openssl files to new version 0.9.5a
--
-- 208. [func] Added ISC_OFFSET_MAXIMUM for the maximum value
-- of an isc_offset_t.
--
-- 207. [func] The dnssec tools properly use the logging subsystem.
--
-- 206. [cleanup] dst now stores the key name as a dns_name_t, not
-- a char *.
--
-- 205. [cleanup] On IRIX, turn off the mostly harmless warnings 1692
-- ("prototyped function redeclared without prototype")
-- and 1552 ("variable ... set but not used") when
-- compiling in the lib/dns/sec/{dnssafe,openssl}
-- directories, which contain code imported from outside
-- sources.
--
-- 204. [cleanup] On HP/UX, pass +vnocompatwarnings to the linker
-- to quiet the warnings that "The linked output may not
-- run on a PA 1.x system."
--
-- 203. [func] notify and zone soa queries are now tsig signed when
-- appropriate.
--
-- 202. [func] isc_lex_getsourceline() changed from returning int
-- to returning unsigned long, the type of its underlying
-- counter.
--
-- 201. [cleanup] Removed the test/sdig program, it has been
-- replaced by bin/dig/dig.
--
-- --- 9.0.0b3 released ---
--
-- 200. [bug] Failures in sending query responses to clients
-- (e.g., running out of network buffers) were
-- not logged.
--
-- 199. [bug] isc_heap_delete() sometimes violated the heap
-- invariant, causing timer events not to be posted
-- when due.
--
-- 198. [func] Dispatch managers hold memory pools which
-- any managed dispatcher may use. This allows
-- us to avoid dipping into the memory context for
-- most allocations. [19-May-2000 explorer]
--
-- 197. [bug] When an incoming AXFR or IXFR completes, the
-- zone's internal state is refreshed from the
-- SOA data. [19-May-2000 explorer]
--
-- 196. [func] Dispatchers can be shared easily between views
-- and/or interfaces. [19-May-2000 explorer]
--
-- 195. [bug] Including the NXT record of the root domain
-- in a negative response caused an assertion
-- failure.
--
-- 194. [doc] The PDF version of the Administrator's Reference
-- Manual is no longer included in the ISC BIND9
-- distribution.
--
-- 193. [func] changed dst_key_free() prototype.
--
-- 192. [bug] Zone configuration validation is now done at end
-- of config file parsing, and before loading
-- callbacks.
--
-- 191. [func] Patched to compile on UnixWare 7.x. This platform
-- is not directly supported by the ISC.
--
-- 190. [cleanup] The DNSSEC tools have been moved to a separate
-- directory dnssec/ and given the following new,
-- more descriptive names:
--
-- dnssec-keygen
-- dnssec-signzone
-- dnssec-signkey
-- dnssec-makekeyset
--
-- Their command line arguments have also been changed to
-- be more consistent. dnssec-keygen now prints the
-- name of the generated key files (sans extension)
-- on standard output to simplify its use in automated
-- scripts.
--
-- 189. [func] isc_time_secondsastimet(), a new function, will ensure
-- that the number of seconds in an isc_time_t does not
-- exceed the range of a time_t, or return ISC_R_RANGE.
-- Similarly, isc_time_now(), isc_time_nowplusinterval(),
-- isc_time_add() and isc_time_subtract() now check the
-- range for overflow/underflow. In the case of
-- isc_time_subtract, this changed a calling requirement
-- (ie, something that could generate an assertion)
-- into merely a condition that returns an error result.
-- isc_time_add() and isc_time_subtract() were void-
-- valued before but now return isc_result_t.
--
-- 188. [func] Log a warning message when an incoming zone transfer
-- contains out-of-zone data.
--
-- 187. [func] isc_ratelimiter_enqueue() has an additional argument
-- 'task'.
--
-- 186. [func] dns_request_getresponse() has an additional argument
-- 'preserve_order'.
--
-- 185. [bug] Fixed up handling of ISC_MEMCLUSTER_LEGACY. Several
-- public functions did not have an isc__ prefix, and
-- referred to functions that had previously been
-- renamed.
--
-- 184. [cleanup] Variables/functions which began with two leading
-- underscores were made to conform to the ANSI/ISO
-- standard, which says that such names are reserved.
--
-- 183. [func] ISC_LOG_PRINTTAG option for log channels. Useful
-- for logging the program name or other identifier.
--
-- 182. [cleanup] New command-line parameters for dnssec tools
--
-- 181. [func] Added dst_key_buildfilename and dst_key_parsefilename
--
-- 180. [func] New isc_result_t ISC_R_RANGE. Supersedes DNS_R_RANGE.
--
-- 179. [func] options named.conf statement *must* now come
-- before any zone or view statements.
--
-- 178. [func] Post-load of named.conf check verifies a slave zone
-- has non-empty list of masters defined.
--
-- 177. [func] New per-zone boolean:
--
-- enable-zone yes | no ;
--
-- intended to let a zone be disabled without having
-- to comment out the entire zone statement.
--
-- 176. [func] New global and per-view option:
--
-- max-cache-ttl number
--
-- 175. [func] New global and per-view option:
--
-- additional-data internal | minimal | maximal;
--
-- 174. [func] New public function isc_sockaddr_format(), for
-- formatting socket addresses in log messages.
--
-- 173. [func] Keep a queue of zones waiting for zone transfer
-- quota so that a new transfer can be dispatched
-- immediately whenever quota becomes available.
--
-- 172. [bug] $TTL directive was sometimes missing from dumped
-- master files because totext_ctx_init() failed to
-- initialize ctx->current_ttl_valid.
--
-- 171. [cleanup] On NetBSD systems, the mit-pthreads or
-- unproven-pthreads library is now always used
-- unless --with-ptl2 is explicitly specified on
-- the configure command line. The
-- --with-mit-pthreads option is no longer needed
-- and has been removed.
--
-- 170. [cleanup] Remove inter server consistency checks from zone,
-- these should return as a separate module in 9.1.
-- dns_zone_checkservers(), dns_zone_checkparents(),
-- dns_zone_checkchildren(), dns_zone_checkglue().
--
-- Remove dns_zone_setadb(), dns_zone_setresolver(),
-- dns_zone_setrequestmgr() these should now be found
-- via the view.
--
-- 169. [func] ratelimiter can now process N events per interval.
--
-- 168. [bug] include statements in named.conf caused syntax errors
-- due to not consuming the semicolon ending the include
-- statement before switching input streams.
--
-- 167. [bug] Make lack of masters for a slave zone a soft error.
--
-- 166. [bug] Keygen was overwriting existing keys if key_id
-- conflicted, now it will retry, and non-null keys
-- with key_id == 0 are not generated anymore. Key
-- was not able to generate NOAUTHCONF DSA key,
-- increased RSA key size to 2048 bits.
--
-- 165. [cleanup] Silence "end-of-loop condition not reached" warnings
-- from Solaris compiler.
--
-- 164. [func] Added functions isc_stdio_open(), isc_stdio_close(),
-- isc_stdio_seek(), isc_stdio_read(), isc_stdio_write(),
-- isc_stdio_flush(), isc_stdio_sync(), isc_file_remove()
-- to encapsulate nonportable usage of errno and sync.
--
-- 163. [func] Added result codes ISC_R_FILENOTFOUND and
-- ISC_R_FILEEXISTS.
--
-- 162. [bug] Ensure proper range for arguments to ctype.h functions.
--
-- 161. [cleanup] error in yyparse prototype that only HPUX caught.
--
-- 160. [cleanup] getnet*() are not going to be implemented at this
-- stage.
--
-- 159. [func] Redefinition of config file elements is now an
-- error (instead of a warning).
--
-- 158. [bug] Log channel and category list copy routines
-- weren't assigning properly to output parameter.
--
-- 157. [port] Fix missing prototype for getopt().
--
-- 156. [func] Support new 'database' statement in zone.
--
-- database "quoted-string";
--
-- 155. [bug] ns_notify_start() was not detaching the found zone.
--
-- 154. [func] The signer now logs libdns warnings to stderr even when
-- not verbose, and in a nicer format.
--
-- 153. [func] dns_rdata_tostruct() 'mctx' is now optional. If 'mctx'
-- is NULL then you need to preserve the 'rdata' until
-- you have finished using the structure as there may be
-- references to the associated memory. If 'mctx' is
-- non-NULL it is guaranteed that there are no references
-- to memory associated with 'rdata'.
--
-- dns_rdata_freestruct() must be called if 'mctx' was
-- non-NULL and may safely be called if 'mctx' was NULL.
--
-- 152. [bug] keygen dumped core if domain name argument was omitted
-- from command line.
--
-- 151. [func] Support 'disabled' statement in zone config (causes
-- zone to be parsed and then ignored). Currently must
-- come after the 'type' clause.
--
-- 150. [func] Support optional ports in masters and also-notify
-- statements:
--
-- masters [ port xxx ] { y.y.y.y [ port zzz ] ; }
--
-- 149. [cleanup] Removed unused argument 'olist' from
-- dns_c_view_unsetordering().
--
-- 148. [cleanup] Stop issuing some warnings about some configuration
-- file statements that were not implemented, but now are.
--
-- 147. [bug] Changed yacc union size to be smaller for yaccs that
-- put yacc-stack on the real stack.
--
-- 146. [cleanup] More general redundant header file cleanup. Rather
-- than continuing to itemize every header which changed,
-- this changelog entry just notes that if a header file
-- did not need another header file that it was including
-- in order to provide its advertised functionality, the
-- inclusion of the other header file was removed. See
-- util/check-includes for how this was tested.
--
-- 145. [cleanup] Added <isc/lang.h> and ISC_LANG_BEGINDECLS/
-- ISC_LANG_ENDDECLS to header files that had function
-- prototypes, and removed it from those that did not.
--
-- 144. [cleanup] libdns header files too numerous to name were made
-- to conform to the same style for multiple inclusion
-- protection.
--
-- 143. [func] Added function dns_rdatatype_isknown().
--
-- 142. [cleanup] <isc/stdtime.h> does not need <time.h> or
-- <isc/result.h>.
--
-- 141. [bug] Corrupt requests with multiple questions could
-- cause an assertion failure.
--
-- 140. [cleanup] <isc/time.h> does not need <time.h> or <isc/result.h>.
--
-- 139. [cleanup] <isc/net.h> now includes <isc/types.h> instead of
-- <isc/int.h> and <isc/result.h>.
--
-- 138. [cleanup] isc_strtouq moved from str.[ch] to string.[ch] and
-- renamed isc_string_touint64. isc_strsep moved from
-- strsep.c to string.c and renamed isc_string_separate.
--
-- 137. [cleanup] <isc/commandline.h>, <isc/mem.h>, <isc/print.h>
-- <isc/serial.h>, <isc/string.h> and <isc/offset.h>
-- made to conform to the same style for multiple
-- inclusion protection.
--
-- 136. [cleanup] <isc/commandline.h>, <isc/interfaceiter.h>,
-- <isc/net.h> and Win32's <isc/thread.h> needed
-- ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS.
--
-- 135. [cleanup] Win32's <isc/condition.h> did not need <isc/result.h>
-- or <isc/boolean.h>, now uses <isc/types.h> in place
-- of <isc/time.h>, and needed ISC_LANG_BEGINDECLS
-- and ISC_LANG_ENDDECLS.
--
-- 134. [cleanup] <isc/dir.h> does not need <limits.h>.
--
-- 133. [cleanup] <isc/ipv6.h> needs <isc/platform.h>.
--
-- 132. [cleanup] <isc/app.h> does not need <isc/task.h>, but does
-- need <isc/eventclass.h>.
--
-- 131. [cleanup] <isc/mutex.h> and <isc/util.h> need <isc/result.h>
-- for ISC_R_* codes used in macros.
--
-- 130. [cleanup] <isc/condition.h> does not need <pthread.h> or
-- <isc/boolean.h>, and now includes <isc/types.h>
-- instead of <isc/time.h>.
--
-- 129. [bug] The 'default_debug' log channel was not set up when
-- 'category default' was present in the config file
--
-- 128. [cleanup] <isc/dir.h> had ISC_LANG_BEGINDECLS instead of
-- ISC_LANG_ENDDECLS at end of header.
--
-- 127. [cleanup] The contracts for the comparison routines
-- dns_name_fullcompare(), dns_name_compare(),
-- dns_name_rdatacompare(), and dns_rdata_compare() now
-- specify that the order value returned is < 0, 0, or > 0
-- instead of -1, 0, or 1.
--
-- 126. [cleanup] <isc/quota.h> and <isc/taskpool.h> need <isc/lang.h>.
--
-- 125. [cleanup] <isc/eventclass.h>, <isc/ipv6.h>, <isc/magic.h>,
-- <isc/mutex.h>, <isc/once.h>, <isc/region.h>, and
-- <isc/resultclass.h> do not need <isc/lang.h>.
--
-- 124. [func] signer now imports parent's zone key signature
-- and creates null keys/sets zone status bit for
-- children when necessary
--
-- 123. [cleanup] <isc/event.h> does not need <stddef.h>.
--
-- 122. [cleanup] <isc/task.h> does not need <isc/mem.h> or
-- <isc/result.h>.
--
-- 121. [cleanup] <isc/symtab.h> does not need <isc/mem.h> or
-- <isc/result.h>. Multiple inclusion protection
-- symbol fixed from ISC_SYMBOL_H to ISC_SYMTAB_H.
-- isc_symtab_t moved to <isc/types.h>.
--
-- 120. [cleanup] <isc/socket.h> does not need <isc/boolean.h>,
-- <isc/bufferlist.h>, <isc/task.h>, <isc/mem.h> or
-- <isc/net.h>.
--
-- 119. [cleanup] structure definitions for generic rdata structures do
-- not have _generic_ in their names.
--
-- 118. [cleanup] libdns.a is now namespace-clean, on NetBSD, excepting
-- YACC crust (yyparse, etc) [2000-apr-27 explorer]
--
-- 117. [cleanup] libdns.a changes:
-- dns_zone_clearnotify() and dns_zone_addnotify()
-- are replaced by dns_zone_setnotifyalso().
-- dns_zone_clearmasters() and dns_zone_addmaster()
-- are replaced by dns_zone_setmasters().
--
-- 116. [func] Added <isc/offset.h> for isc_offset_t (aka off_t
-- on Unix systems).
--
-- 115. [port] Shut up the -Wmissing-declarations warning about
-- <stdio.h>'s __sputaux on BSD/OS pre-4.1.
--
-- 114. [cleanup] <isc/sockaddr.h> does not need <isc/buffer.h> or
-- <isc/list.h>.
--
-- 113. [func] Utility programs dig and host added.
--
-- 112. [cleanup] <isc/serial.h> does not need <isc/boolean.h>.
--
-- 111. [cleanup] <isc/rwlock.h> does not need <isc/result.h> or
-- <isc/mutex.h>.
--
-- 110. [cleanup] <isc/result.h> does not need <isc/boolean.h> or
-- <isc/list.h>.
--
-- 109. [bug] "make depend" did nothing for
-- bin/tests/{db,mem,sockaddr,tasks,timers}/.
--
-- 108. [cleanup] DNS_SETBIT/DNS_GETBIT/DNS_CLEARBIT moved from
-- <dns/types.h> to <dns/bit.h> and renamed to
-- DNS_BIT_SET/DNS_BIT_GET/DNS_BIT_CLEAR.
--
-- 107. [func] Add keysigner and keysettool.
--
-- 106. [func] Allow dnssec verifications to ignore the validity
-- period. Used by several of the dnssec tools.
--
-- 105. [doc] doc/dev/coding.html expanded with other
-- implicit conventions the developers have used.
--
-- 104. [bug] Made compress_add and compress_find static to
-- lib/dns/compress.c.
--
-- 103. [func] libisc buffer API changes for <isc/buffer.h>:
-- Added:
-- isc_buffer_base(b) (pointer)
-- isc_buffer_current(b) (pointer)
-- isc_buffer_active(b) (pointer)
-- isc_buffer_used(b) (pointer)
-- isc_buffer_length(b) (int)
-- isc_buffer_usedlength(b) (int)
-- isc_buffer_consumedlength(b) (int)
-- isc_buffer_remaininglength(b) (int)
-- isc_buffer_activelength(b) (int)
-- isc_buffer_availablelength(b) (int)
-- Removed:
-- ISC_BUFFER_USEDCOUNT(b)
-- ISC_BUFFER_AVAILABLECOUNT(b)
-- isc_buffer_type(b)
-- Changed names:
-- isc_buffer_used(b, r) ->
-- isc_buffer_usedregion(b, r)
-- isc_buffer_available(b, r) ->
-- isc_buffer_available_region(b, r)
-- isc_buffer_consumed(b, r) ->
-- isc_buffer_consumedregion(b, r)
-- isc_buffer_active(b, r) ->
-- isc_buffer_activeregion(b, r)
-- isc_buffer_remaining(b, r) ->
-- isc_buffer_remainingregion(b, r)
--
-- Buffer types were removed, so the ISC_BUFFERTYPE_*
-- macros are no more, and the type argument to
-- isc_buffer_init and isc_buffer_allocate were removed.
-- isc_buffer_putstr is now void (instead of isc_result_t)
-- and requires that the caller ensure that there
-- is enough available buffer space for the string.
--
-- 102. [port] Correctly detect inet_aton, inet_pton and inet_ptop
-- on BSD/OS 4.1.
--
-- 101. [cleanup] Quieted EGCS warnings from lib/isc/print.c.
--
-- 100. [cleanup] <isc/random.h> does not need <isc/int.h> or
-- <isc/mutex.h>. isc_random_t moved to <isc/types.h>.
--
-- 99. [cleanup] Rate limiter now has separate shutdown() and
-- destroy() functions, and it guarantees that all
-- queued events are delivered even in the shutdown case.
--
-- 98. [cleanup] <isc/print.h> does not need <stdarg.h> or <stddef.h>
-- unless ISC_PLATFORM_NEEDVSNPRINTF is defined.
--
-- 97. [cleanup] <isc/ondestroy.h> does not need <stddef.h> or
-- <isc/event.h>.
--
-- 96. [cleanup] <isc/mutex.h> does not need <isc/result.h>.
--
-- 95. [cleanup] <isc/mutexblock.h> does not need <isc/result.h>.
--
-- 94. [cleanup] Some installed header files did not compile as C++.
--
-- 93. [cleanup] <isc/msgcat.h> does not need <isc/result.h>.
--
-- 92. [cleanup] <isc/mem.h> does not need <stddef.h>, <isc/boolean.h>,
-- or <isc/result.h>.
--
-- 91. [cleanup] <isc/log.h> does not need <sys/types.h> or
-- <isc/result.h>.
--
-- 90. [cleanup] Removed unneeded ISC_LANG_BEGINDECLS/ISC_LANG_ENDDECLS
-- from <named/listenlist.h>.
--
-- 89. [cleanup] <isc/lex.h> does not need <stddef.h>.
--
-- 88. [cleanup] <isc/interfaceiter.h> does not need <isc/result.h> or
-- <isc/mem.h>. isc_interface_t and isc_interfaceiter_t
-- moved to <isc/types.h>.
--
-- 87. [cleanup] <isc/heap.h> does not need <isc/boolean.h>,
-- <isc/mem.h> or <isc/result.h>.
--
-- 86. [cleanup] isc_bufferlist_t moved from <isc/bufferlist.h> to
-- <isc/types.h>.
--
-- 85. [cleanup] <isc/bufferlist.h> does not need <isc/buffer.h>,
-- <isc/list.h>, <isc/mem.h>, <isc/region.h> or
-- <isc/int.h>.
--
-- 84. [func] allow-query ACL checks now apply to all data
-- added to a response.
--
-- 83. [func] If the server is authoritative for both a
-- delegating zone and its (nonsecure) delegatee, and
-- a query is made for a KEY RR at the top of the
-- delegatee, then the server will look for a KEY
-- in the delegator if it is not found in the delegatee.
--
-- 82. [cleanup] <isc/buffer.h> does not need <isc/list.h>.
--
-- 81. [cleanup] <isc/int.h> and <isc/boolean.h> do not need
-- <isc/lang.h>.
--
-- 80. [cleanup] <isc/print.h> does not need <stdio.h> or <stdlib.h>.
--
-- 79. [cleanup] <dns/callbacks.h> does not need <stdio.h>.
--
-- 78. [cleanup] lwres_conftest renamed to lwresconf_test for
-- consistency with other *_test programs.
--
-- 77. [cleanup] typedef of isc_time_t and isc_interval_t moved from
-- <isc/time.h> to <isc/types.h>.
--
-- 76. [cleanup] Rewrote keygen.
--
-- 75. [func] Don't load a zone if its database file is older
-- than the last time the zone was loaded.
--
-- 74. [cleanup] Removed mktemplate.o and ufile.o from libisc.a,
-- subsumed by file.o.
--
-- 73. [func] New "file" API in libisc, including new function
-- isc_file_getmodtime, isc_mktemplate renamed to
-- isc_file_mktemplate and isc_ufile renamed to
-- isc_file_openunique. By no means an exhaustive API,
-- it is just what's needed for now.
--
-- 72. [func] DNS_RBTFIND_NOPREDECESSOR and DNS_RBTFIND_NOOPTIONS
-- added for dns_rbt_findnode, the former to disable the
-- setting of the chain to the predecessor, and the
-- latter to make clear when no options are set.
--
-- 71. [cleanup] Made explicit the implicit REQUIREs of
-- isc_time_seconds, isc_time_nanoseconds, and
-- isc_time_subtract.
--
-- 70. [func] isc_time_set() added.
--
-- 69. [bug] The zone object's master and also-notify lists grew
-- longer with each server reload.
--
-- 68. [func] Partial support for SIG(0) on incoming messages.
--
-- 67. [performance] Allow use of alternate (compile-time supplied)
-- OpenSSL libraries/headers.
--
-- 66. [func] Data in authoritative zones should have a trust level
-- beyond secure.
--
-- 65. [cleanup] Removed obsolete typedef of dns_zone_callbackarg_t
-- from <dns/types.h>.
--
-- 64. [func] The RBT, DB, and zone table APIs now allow the
-- caller find the most-enclosing superdomain of
-- a name.
--
-- 63. [func] Generate NOTIFY messages.
--
-- 62. [func] Add UDP refresh support.
--
-- 61. [cleanup] Use single quotes consistently in log messages.
--
-- 60. [func] Catch and disallow singleton types on message
-- parse.
--
-- 59. [bug] Cause net/host unreachable to be a hard error
-- when sending and receiving.
--
-- 58. [bug] bin/named/query.c could sometimes trigger the
-- (client->query.attributes & NS_QUERYATTR_NAMEBUFUSED)
-- == 0 assertion in query_newname().
--
-- 57. [func] Added dns_nxt_typepresent()
--
-- 56. [bug] SIG records were not properly returned in cached
-- negative answers.
--
-- 55. [bug] Responses containing multiple names in the authority
-- section were not negatively cached.
--
-- 54. [bug] If a fetch with sigrdataset==NULL joined one with
-- sigrdataset!=NULL or vice versa, the resolver
-- could catch an assertion or lose signature data,
-- respectively.
--
-- 53. [port] freebsd 4.0: lib/isc/unix/socket.c requires
-- <sys/param.h>.
--
-- 52. [bug] rndc: taskmgr and socketmgr were not initialized
-- to NULL.
--
-- 51. [cleanup] dns/compress.h and dns/zt.h did not need to include
-- dns/rbt.h; it was needed only by compress.c and zt.c.
--
-- 50. [func] RBT deletion no longer requires a valid chain to work,
-- and dns_rbt_deletenode was added.
--
-- 49. [func] Each cache now has its own mctx.
--
-- 48. [func] isc_task_create() no longer takes an mctx.
-- isc_task_mem() has been eliminated.
--
-- 47. [func] A number of modules now use memory context reference
-- counting.
--
-- 46. [func] Memory contexts are now reference counted.
-- Added isc_mem_inuse() and isc_mem_preallocate().
-- Renamed isc_mem_destroy_check() to
-- isc_mem_setdestroycheck().
--
-- 45. [bug] The trusted-key statement incorrectly loaded keys.
--
-- 44. [bug] Don't include authority data if it would force us
-- to unset the AD bit in the message.
--
-- 43. [bug] DNSSEC verification of cached rdatasets was failing.
--
-- 42. [cleanup] Simplified logging of messages with embedded domain
-- names by introducing a new convenience function
-- dns_name_format().
--
-- 41. [func] Use PR_SET_KEEPCAPS on Linux 2.3.99-pre3 and later
-- to allow 'named' to run as a non-root user while
-- retaining the ability to bind() to privileged
-- ports.
--
-- 40. [func] Introduced new logging category "dnssec" and
-- logging module "dns/validator".
--
-- 39. [cleanup] Moved the typedefs for isc_region_t, isc_textregion_t,
-- and isc_lex_t to <isc/types.h>.
--
-- 38. [bug] TSIG signed incoming zone transfers work now.
--
-- 37. [bug] If the first RR in an incoming zone transfer was
-- not an SOA, the server died with an assertion failure
-- instead of just reporting an error.
--
-- 36. [cleanup] Change DNS_R_SUCCESS (and others) to ISC_R_SUCCESS
--
-- 35. [performance] Log messages which are of a level too high to be
-- logged by any channel in the logging configuration
-- will not cause the log mutex to be locked.
--
-- 34. [bug] Recursion was allowed even with 'recursion no'.
--
-- 33. [func] The RBT now maintains a parent pointer at each node.
--
-- 32. [cleanup] bin/lwresd/client.c needs <string.h> for memset()
-- prototype.
--
-- 31. [bug] Use ${LIBTOOL} to compile bin/named/main.@O@.
--
-- 30. [func] config file grammar change to support optional
-- class type for a view.
--
-- 29. [func] support new config file view options:
--
-- auth-nxdomain recursion query-source
-- query-source-v6 transfer-source
-- transfer-source-v6 max-transfer-time-out
-- max-transfer-idle-out transfer-format
-- request-ixfr provide-ixfr cleaning-interval
-- fetch-glue notify rfc2308-type1 lame-ttl
-- max-ncache-ttl min-roots
--
-- 28. [func] support lame-ttl, min-roots and serial-queries
-- config global options.
--
-- 27. [bug] Only include <netinet6/in6.h> on BSD/OS 4.[01]*.
-- Including it on other platforms (eg, NetBSD) can
-- cause a forced #error from the C preprocessor.
--
-- 26. [func] new match-clients statement in config file view.
--
-- 25. [bug] make install failed to install <isc/log.h> and
-- <isc/ondestroy.h>.
--
-- 24. [cleanup] Eliminate some unnecessary #includes of header
-- files from header files.
--
-- 23. [cleanup] Provide more context in log messages about client
-- requests, using a new function ns_client_log().
--
-- 22. [bug] SIGs weren't returned in the answer section when
-- the query resulted in a fetch.
--
-- 21. [port] Look at STD_CINCLUDES after CINCLUDES during
-- compilation, so additional system include directories
-- can be searched but header files in the bind9 source
-- tree with conflicting names take precedence. This
-- avoids issues with installed versions of dnssafe and
-- openssl.
--
-- 20. [func] Configuration file post-load validation of zones
-- failed if there were no zones.
--
-- 19. [bug] dns_zone_notifyreceive() failed to unlock the zone
-- lock in certain error cases.
--
-- 18. [bug] Use AC_TRY_LINK rather than AC_TRY_COMPILE in
-- configure.in to check for presence of in6addr_any.
--
-- 17. [func] Do configuration file post-load validation of zones.
--
-- 16. [bug] put quotes around key names on config file
-- output to avoid possible keyword clashes.
--
-- 15. [func] Add dns_name_dupwithoffsets(). This function is
-- improves comparison performance for duped names.
--
-- 14. [bug] free_rbtdb() could have 'put' unallocated memory in
-- an unlikely error path.
--
-- 13. [bug] lib/dns/master.c and lib/dns/xfrin.c didn't ignore
-- out-of-zone data.
--
-- 12. [bug] Fixed possible uninitialized variable error.
--
-- 11. [bug] axfr_rrstream_first() didn't check the result code of
-- db_rr_iterator_first(), possibly causing an assertion
-- to be triggered later.
--
-- 10. [bug] A bug in the code which makes EDNS0 OPT records in
-- bin/named/client.c and lib/dns/resolver.c could
-- trigger an assertion.
--
-- 9. [cleanup] replaced bit-setting code in confctx.c and replaced
-- repeated code with macro calls.
--
-- 8. [bug] Shutdown of incoming zone transfer accessed
-- freed memory.
--
-- 7. [cleanup] removed 'listen-on' from view statement.
--
-- 6. [bug] quote RR names when generating config file to
-- prevent possible clash with config file keywords
-- (such as 'key').
--
-- 5. [func] syntax change to named.conf file: new ssu grant/deny
-- statements must now be enclosed by an 'update-policy'
-- block.
--
-- 4. [port] bin/named/unix/os.c didn't compile on systems with
-- linux 2.3 kernel includes due to conflicts between
-- C library includes and the kernel includes. We now
-- get only what we need from <linux/capability.h>, and
-- avoid pulling in other linux kernel .h files.
--
-- 3. [bug] TKEYs go in the answer section of responses, not
-- the additional section.
--
-- 2. [bug] Generating cryptographic randomness failed on
-- systems without /dev/random.
--
-- 1. [bug] The installdirs rule in
-- lib/isc/unix/include/isc/Makefile.in had a typo which
-- prevented the isc directory from being created if it
-- didn't exist.
--
-- --- 9.0.0b2 released ---
--
--# This tells Emacs to use hard tabs in this file.
--# Local Variables:
--# indent-tabs-mode: t
--# End:
+++ /dev/null
--# Microsoft Developer Studio Project File - Name="dig" - Package Owner=<4>
--# Microsoft Developer Studio Generated Build File, Format Version 6.00
--# ** DO NOT EDIT **
--
--# TARGTYPE "Win32 (x86) Console Application" 0x0103
--
--CFG=dig - Win32 Debug
--!MESSAGE This is not a valid makefile. To build this project using NMAKE,
--!MESSAGE use the Export Makefile command and run
--!MESSAGE
--!MESSAGE NMAKE /f "dig.mak".
--!MESSAGE
--!MESSAGE You can specify a configuration when running NMAKE
--!MESSAGE by defining the macro CFG on the command line. For example:
--!MESSAGE
--!MESSAGE NMAKE /f "dig.mak" CFG="dig - Win32 Debug"
--!MESSAGE
--!MESSAGE Possible choices for configuration are:
--!MESSAGE
--!MESSAGE "dig - Win32 Release" (based on "Win32 (x86) Console Application")
--!MESSAGE "dig - Win32 Debug" (based on "Win32 (x86) Console Application")
--!MESSAGE
--
--# Begin Project
--# PROP AllowPerConfigDependencies 0
--# PROP Scc_ProjName ""
--# PROP Scc_LocalPath ""
--CPP=cl.exe
--RSC=rc.exe
--
--!IF "$(CFG)" == "dig - Win32 Release"
--
--# PROP BASE Use_MFC 0
--# PROP BASE Use_Debug_Libraries 0
--# PROP BASE Output_Dir "Release"
--# PROP BASE Intermediate_Dir "Release"
--# PROP BASE Target_Dir ""
--# PROP Use_MFC 0
--# PROP Use_Debug_Libraries 0
--# PROP Output_Dir "Release"
--# PROP Intermediate_Dir "Release"
--# PROP Ignore_Export_Lib 0
--# PROP Target_Dir ""
--# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
--# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
--# ADD BASE RSC /l 0x409 /d "NDEBUG"
--# ADD RSC /l 0x409 /d "NDEBUG"
--BSC32=bscmake.exe
--# ADD BASE BSC32 /nologo
--# ADD BSC32 /nologo
--LINK32=link.exe
--# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
--# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/dig.exe"
--
--!ELSEIF "$(CFG)" == "dig - Win32 Debug"
--
--# PROP BASE Use_MFC 0
--# PROP BASE Use_Debug_Libraries 1
--# PROP BASE Output_Dir "Debug"
--# PROP BASE Intermediate_Dir "Debug"
--# PROP BASE Target_Dir ""
--# PROP Use_MFC 0
--# PROP Use_Debug_Libraries 1
--# PROP Output_Dir "Debug"
--# PROP Intermediate_Dir "Debug"
--# PROP Ignore_Export_Lib 0
--# PROP Target_Dir ""
--# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
--# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
--# SUBTRACT CPP /X /u /YX
--# ADD BASE RSC /l 0x409 /d "_DEBUG"
--# ADD RSC /l 0x409 /d "_DEBUG"
--BSC32=bscmake.exe
--# ADD BASE BSC32 /nologo
--# ADD BSC32 /nologo
--LINK32=link.exe
--# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
--# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
--
--!ENDIF
--
--# Begin Target
--
--# Name "dig - Win32 Release"
--# Name "dig - Win32 Debug"
--# Begin Group "Source Files"
--
--# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
--# Begin Source File
--
--SOURCE=..\dig.c
--# End Source File
--# End Group
--# Begin Group "Header Files"
--
--# PROP Default_Filter "h;hpp;hxx;hm;inl"
--# Begin Source File
--
--SOURCE=..\include\dig\dig.h
--# End Source File
--# End Group
--# Begin Group "Resource Files"
--
--# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
--# End Group
--# End Target
--# End Project
+++ /dev/null
--# Microsoft Developer Studio Generated NMAKE File, Based on dig.dsp
--!IF "$(CFG)" == ""
--CFG=dig - Win32 Debug
--!MESSAGE No configuration specified. Defaulting to dig - Win32 Debug.
--!ENDIF
--
--!IF "$(CFG)" != "dig - Win32 Release" && "$(CFG)" != "dig - Win32 Debug"
--!MESSAGE Invalid configuration "$(CFG)" specified.
--!MESSAGE You can specify a configuration when running NMAKE
--!MESSAGE by defining the macro CFG on the command line. For example:
--!MESSAGE
--!MESSAGE NMAKE /f "dig.mak" CFG="dig - Win32 Debug"
--!MESSAGE
--!MESSAGE Possible choices for configuration are:
--!MESSAGE
--!MESSAGE "dig - Win32 Release" (based on "Win32 (x86) Console Application")
--!MESSAGE "dig - Win32 Debug" (based on "Win32 (x86) Console Application")
--!MESSAGE
--!ERROR An invalid configuration is specified.
--!ENDIF
--
--!IF "$(OS)" == "Windows_NT"
--NULL=
--!ELSE
--NULL=nul
--!ENDIF
--
--CPP=cl.exe
--RSC=rc.exe
--
--!IF "$(CFG)" == "dig - Win32 Release"
--_VC_MANIFEST_INC=0
--_VC_MANIFEST_BASENAME=__VC80
--!ELSE
--_VC_MANIFEST_INC=1
--_VC_MANIFEST_BASENAME=__VC80.Debug
--!ENDIF
--
--####################################################
--# Specifying name of temporary resource file used only in incremental builds:
--
--!if "$(_VC_MANIFEST_INC)" == "1"
--_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
--!else
--_VC_MANIFEST_AUTO_RES=
--!endif
--
--####################################################
--# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
--
--!if "$(_VC_MANIFEST_INC)" == "1"
--
--#MT_SPECIAL_RETURN=1090650113
--#MT_SPECIAL_SWITCH=-notify_resource_update
--MT_SPECIAL_RETURN=0
--MT_SPECIAL_SWITCH=
--_VC_MANIFEST_EMBED_EXE= \
--if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
--if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
--rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
--link $** /out:$@ $(LFLAGS)
--
--!else
--
--_VC_MANIFEST_EMBED_EXE= \
--if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
--
--!endif
--
--####################################################
--# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
--
--!if "$(_VC_MANIFEST_INC)" == "1"
--
--#MT_SPECIAL_RETURN=1090650113
--#MT_SPECIAL_SWITCH=-notify_resource_update
--MT_SPECIAL_RETURN=0
--MT_SPECIAL_SWITCH=
--_VC_MANIFEST_EMBED_EXE= \
--if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
--if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
--rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
--link $** /out:$@ $(LFLAGS)
--
--!else
--
--_VC_MANIFEST_EMBED_EXE= \
--if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
--
--!endif
--####################################################
--# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
--
--!if "$(_VC_MANIFEST_INC)" == "1"
--
--_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-- $(_VC_MANIFEST_BASENAME).auto.rc \
-- $(_VC_MANIFEST_BASENAME).auto.manifest
--
--!else
--
--_VC_MANIFEST_CLEAN=
--
--!endif
--
--!IF "$(CFG)" == "dig - Win32 Release"
--
--OUTDIR=.\Release
--INTDIR=.\Release
--
--!IF "$(RECURSE)" == "0"
--
--ALL : "..\..\..\Build\Release\dig.exe"
--
--!ELSE
--
--ALL : "liblwres - Win32 Release" "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\dig.exe"
--
--!ENDIF
--
--!IF "$(RECURSE)" == "1"
--CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" "liblwres - Win32 ReleaseCLEAN"
--!ELSE
--CLEAN :
--!ENDIF
-- -@erase "$(INTDIR)\dig.obj"
-- -@erase "$(INTDIR)\dighost.obj"
-- -@erase "$(INTDIR)\vc60.idb"
-- -@erase "..\..\..\Build\Release\dig.exe"
-- -@$(_VC_MANIFEST_CLEAN)
--
--"$(OUTDIR)" :
-- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
--
--CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\dig.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
--BSC32=bscmake.exe
--BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc"
--BSC32_SBRS= \
--
--LINK32=link.exe
--LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\dig.pdb" /machine:I386 /out:"../../../Build/Release/dig.exe"
--LINK32_OBJS= \
-- "$(INTDIR)\dig.obj" \
-- "$(INTDIR)\dighost.obj" \
-- "..\..\..\lib\dns\win32\Release\libdns.lib" \
-- "..\..\..\lib\isc\win32\Release\libisc.lib" \
-- "..\..\..\lib\bind9\win32\Release\libbind9.lib" \
-- "..\..\..\lib\lwres\win32\Release\liblwres.lib"
--
--"..\..\..\Build\Release\dig.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-- $(LINK32) @<<
-- $(LINK32_FLAGS) $(LINK32_OBJS)
--<<
-- $(_VC_MANIFEST_EMBED_EXE)
--
--!ELSEIF "$(CFG)" == "dig - Win32 Debug"
--
--OUTDIR=.\Debug
--INTDIR=.\Debug
--# Begin Custom Macros
--OutDir=.\Debug
--# End Custom Macros
--
--!IF "$(RECURSE)" == "0"
--
--ALL : "..\..\..\Build\Debug\dig.exe" "$(OUTDIR)\dig.bsc"
--
--!ELSE
--
--ALL : "liblwres - Win32 Debug" "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\dig.exe" "$(OUTDIR)\dig.bsc"
--
--!ENDIF
--
--!IF "$(RECURSE)" == "1"
--CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" "liblwres - Win32 DebugCLEAN"
--!ELSE
--CLEAN :
--!ENDIF
-- -@erase "$(INTDIR)\dig.obj"
-- -@erase "$(INTDIR)\dig.sbr"
-- -@erase "$(INTDIR)\dighost.obj"
-- -@erase "$(INTDIR)\dighost.sbr"
-- -@erase "$(INTDIR)\vc60.idb"
-- -@erase "$(INTDIR)\vc60.pdb"
-- -@erase "$(OUTDIR)\dig.bsc"
-- -@erase "$(OUTDIR)\dig.pdb"
-- -@erase "..\..\..\Build\Debug\dig.exe"
-- -@erase "..\..\..\Build\Debug\dig.ilk"
-- -@$(_VC_MANIFEST_CLEAN)
--
--"$(OUTDIR)" :
-- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
--
--CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
--BSC32=bscmake.exe
--BSC32_FLAGS=/nologo /o"$(OUTDIR)\dig.bsc"
--BSC32_SBRS= \
-- "$(INTDIR)\dig.sbr" \
-- "$(INTDIR)\dighost.sbr"
--
--"$(OUTDIR)\dig.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-- $(BSC32) @<<
-- $(BSC32_FLAGS) $(BSC32_SBRS)
--<<
--
--LINK32=link.exe
--LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\dig.pdb" /debug /machine:I386 /out:"../../../Build/Debug/dig.exe" /pdbtype:sept
--LINK32_OBJS= \
-- "$(INTDIR)\dig.obj" \
-- "$(INTDIR)\dighost.obj" \
-- "..\..\..\lib\dns\win32\Debug\libdns.lib" \
-- "..\..\..\lib\isc\win32\Debug\libisc.lib" \
-- "..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
-- "..\..\..\lib\lwres\win32\Debug\liblwres.lib"
--
--"..\..\..\Build\Debug\dig.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-- $(LINK32) @<<
-- $(LINK32_FLAGS) $(LINK32_OBJS)
--<<
-- $(_VC_MANIFEST_EMBED_EXE)
--
--!ENDIF
--
--.c{$(INTDIR)}.obj::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.cpp{$(INTDIR)}.obj::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.cxx{$(INTDIR)}.obj::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.c{$(INTDIR)}.sbr::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.cpp{$(INTDIR)}.sbr::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.cxx{$(INTDIR)}.sbr::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--
--!IF "$(NO_EXTERNAL_DEPS)" != "1"
--!IF EXISTS("dig.dep")
--!INCLUDE "dig.dep"
--!ELSE
--!MESSAGE Warning: cannot find "dig.dep"
--!ENDIF
--!ENDIF
--
--
--!IF "$(CFG)" == "dig - Win32 Release" || "$(CFG)" == "dig - Win32 Debug"
--SOURCE=..\dig.c
--
--!IF "$(CFG)" == "dig - Win32 Release"
--
--
--"$(INTDIR)\dig.obj" : $(SOURCE) "$(INTDIR)"
-- $(CPP) $(CPP_PROJ) $(SOURCE)
--
--
--!ELSEIF "$(CFG)" == "dig - Win32 Debug"
--
--
--"$(INTDIR)\dig.obj" "$(INTDIR)\dig.sbr" : $(SOURCE) "$(INTDIR)"
-- $(CPP) $(CPP_PROJ) $(SOURCE)
--
--
--!ENDIF
--
--SOURCE=..\dighost.c
--
--!IF "$(CFG)" == "dig - Win32 Release"
--
--
--"$(INTDIR)\dighost.obj" : $(SOURCE) "$(INTDIR)"
-- $(CPP) $(CPP_PROJ) $(SOURCE)
--
--
--!ELSEIF "$(CFG)" == "dig - Win32 Debug"
--
--
--"$(INTDIR)\dighost.obj" "$(INTDIR)\dighost.sbr" : $(SOURCE) "$(INTDIR)"
-- $(CPP) $(CPP_PROJ) $(SOURCE)
--
--
--!ENDIF
--
--!IF "$(CFG)" == "dig - Win32 Release"
--
--"libdns - Win32 Release" :
-- cd "..\..\..\lib\dns\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release"
-- cd "..\..\..\bin\dig\win32"
--
--"libdns - Win32 ReleaseCLEAN" :
-- cd "..\..\..\lib\dns\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ELSEIF "$(CFG)" == "dig - Win32 Debug"
--
--"libdns - Win32 Debug" :
-- cd "..\..\..\lib\dns\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug"
-- cd "..\..\..\bin\dig\win32"
--
--"libdns - Win32 DebugCLEAN" :
-- cd "..\..\..\lib\dns\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ENDIF
--
--!IF "$(CFG)" == "dig - Win32 Release"
--
--"libisc - Win32 Release" :
-- cd "..\..\..\lib\isc\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release"
-- cd "..\..\..\bin\dig\win32"
--
--"libisc - Win32 ReleaseCLEAN" :
-- cd "..\..\..\lib\isc\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ELSEIF "$(CFG)" == "dig - Win32 Debug"
--
--"libisc - Win32 Debug" :
-- cd "..\..\..\lib\isc\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug"
-- cd "..\..\..\bin\dig\win32"
--
--"libisc - Win32 DebugCLEAN" :
-- cd "..\..\..\lib\isc\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ENDIF
--
--!IF "$(CFG)" == "dig - Win32 Release"
--
--"libbind9 - Win32 Release" :
-- cd "..\..\..\lib\bind9\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release"
-- cd "..\..\..\bin\dig\win32"
--
--"libbind9 - Win32 ReleaseCLEAN" :
-- cd "..\..\..\lib\bind9\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ELSEIF "$(CFG)" == "dig - Win32 Debug"
--
--"libbind9 - Win32 Debug" :
-- cd "..\..\..\lib\bind9\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug"
-- cd "..\..\..\bin\dig\win32"
--
--"libbind9 - Win32 DebugCLEAN" :
-- cd "..\..\..\lib\bind9\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ENDIF
--
--!IF "$(CFG)" == "dig - Win32 Release"
--
--"liblwres - Win32 Release" :
-- cd "..\..\..\lib\lwres\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release"
-- cd "..\..\..\bin\dig\win32"
--
--"liblwres - Win32 ReleaseCLEAN" :
-- cd "..\..\..\lib\lwres\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ELSEIF "$(CFG)" == "dig - Win32 Debug"
--
--"liblwres - Win32 Debug" :
-- cd "..\..\..\lib\lwres\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug"
-- cd "..\..\..\bin\dig\win32"
--
--"liblwres - Win32 DebugCLEAN" :
-- cd "..\..\..\lib\lwres\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ENDIF
--
--
--!ENDIF
--
--####################################################
--# Commands to generate initial empty manifest file and the RC file
--# that references it, and for generating the .res file:
--
--$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
--
--$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-- type <<$@
--#include <winuser.h>
--1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
--<< KEEP
--
--$(_VC_MANIFEST_BASENAME).auto.manifest :
-- type <<$@
--<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
--<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
--</assembly>
--<< KEEP
+++ /dev/null
--# Microsoft Developer Studio Project File - Name="dighost" - Package Owner=<4>
--# Microsoft Developer Studio Generated Build File, Format Version 6.00
--# ** DO NOT EDIT **
--
--# TARGTYPE "Win32 (x86) Static-Link Library" 0x0104
--
--CFG=dighost - Win32 Debug
--!MESSAGE This is not a valid makefile. To build this project using NMAKE,
--!MESSAGE use the Export Makefile command and run
--!MESSAGE
--!MESSAGE NMAKE /f "dighost.mak".
--!MESSAGE
--!MESSAGE You can specify a configuration when running NMAKE
--!MESSAGE by defining the macro CFG on the command line. For example:
--!MESSAGE
--!MESSAGE NMAKE /f "dighost.mak" CFG="dighost - Win32 Debug"
--!MESSAGE
--!MESSAGE Possible choices for configuration are:
--!MESSAGE
--!MESSAGE "dighost - Win32 Release" (based on "Win32 (x86) Static-Link Library")
--!MESSAGE "dighost - Win32 Debug" (based on "Win32 (x86) Static-Link Library")
--!MESSAGE
--
--# Begin Project
--# PROP AllowPerConfigDependencies 0
--# PROP Scc_ProjName ""
--# PROP Scc_LocalPath ""
--CPP=cl.exe
--MTL=midl.exe
--RSC=rc.exe
--
--!IF "$(CFG)" == "dighost - Win32 Release"
--
--# PROP BASE Use_MFC 0
--# PROP BASE Use_Debug_Libraries 0
--# PROP BASE Output_Dir "Release"
--# PROP BASE Intermediate_Dir "Release"
--# PROP BASE Target_Dir ""
--# PROP Use_MFC 0
--# PROP Use_Debug_Libraries 0
--# PROP Output_Dir "Release"
--# PROP Intermediate_Dir "Release"
--# PROP Ignore_Export_Lib 0
--# PROP Target_Dir ""
--# ADD BASE CPP /nologo /MT /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_WINDOWS" /D "_MBCS" /D "_USRDLL" /YX /FD /c
--# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "NDEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /YX /FD /c /Fddighost
--# SUBTRACT CPP /X
--# ADD BASE MTL /nologo /D "NDEBUG" /mktyplib203 /win32
--# ADD MTL /nologo /D "NDEBUG" /mktyplib203 /win32
--# ADD BASE RSC /l 0x409 /d "NDEBUG"
--# ADD RSC /l 0x409 /d "NDEBUG"
--BSC32=bscmake.exe
--# ADD BASE BSC32 /nologo
--# ADD BSC32 /nologo
--LINK32=link.exe
--# ADD BASE LINK32
--# ADD LINK32 /out:"Release/dighost.lib"
--
--!ELSEIF "$(CFG)" == "dighost - Win32 Debug"
--
--# PROP BASE Use_MFC 0
--# PROP BASE Use_Debug_Libraries 1
--# PROP BASE Output_Dir "Debug"
--# PROP BASE Intermediate_Dir "Debug"
--# PROP BASE Target_Dir ""
--# PROP Use_MFC 0
--# PROP Use_Debug_Libraries 1
--# PROP Output_Dir "Debug"
--# PROP Intermediate_Dir "Debug"
--# PROP Ignore_Export_Lib 0
--# PROP Target_Dir ""
--# ADD BASE CPP /nologo /MTd /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_WINDOWS" /D "_MBCS" /YX /FD /GZ /c
--# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /D "_DEBUG" /D "WIN32" /D "_WINDOWS" /D "__STDC__" /D "_MBCS" /FR /YX /FD /GZ /c /Fddighost
--# SUBTRACT CPP /X
--# ADD BASE MTL /nologo /D "_DEBUG" /mktyplib203 /win32
--# ADD MTL /nologo /D "_DEBUG" /mktyplib203 /win32
--# ADD BASE RSC /l 0x409 /d "_DEBUG"
--# ADD RSC /l 0x409 /d "_DEBUG"
--BSC32=bscmake.exe
--# ADD BASE BSC32 /nologo
--# ADD BSC32 /nologo
--LINK32=link.exe
--# ADD BASE LINK32
--# ADD LINK32 /debug out:"Debug/dighost.lib"
--
--!ENDIF
--
--# Begin Target
--
--# Name "dighost - Win32 Release"
--# Name "dighost - Win32 Debug"
--# Begin Group "Source Files"
--
--# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
--# End Group
--# Begin Group "Header Files"
--
--# PROP Default_Filter "h;hpp;hxx;hm;inl"
--# End Group
--# Begin Group "Resource Files"
--
--# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
--# End Group
--# Begin Group "Main Dns Lib"
--
--# PROP Default_Filter "c"
--# Begin Source File
--
--SOURCE=..\dighost.c
--# End Source File
--# End Group
--# End Target
--# End Project
+++ /dev/null
--# Microsoft Developer Studio Project File - Name="host" - Package Owner=<4>
--# Microsoft Developer Studio Generated Build File, Format Version 6.00
--# ** DO NOT EDIT **
--
--# TARGTYPE "Win32 (x86) Console Application" 0x0103
--
--CFG=host - Win32 Debug
--!MESSAGE This is not a valid makefile. To build this project using NMAKE,
--!MESSAGE use the Export Makefile command and run
--!MESSAGE
--!MESSAGE NMAKE /f "host.mak".
--!MESSAGE
--!MESSAGE You can specify a configuration when running NMAKE
--!MESSAGE by defining the macro CFG on the command line. For example:
--!MESSAGE
--!MESSAGE NMAKE /f "host.mak" CFG="host - Win32 Debug"
--!MESSAGE
--!MESSAGE Possible choices for configuration are:
--!MESSAGE
--!MESSAGE "host - Win32 Release" (based on "Win32 (x86) Console Application")
--!MESSAGE "host - Win32 Debug" (based on "Win32 (x86) Console Application")
--!MESSAGE
--
--# Begin Project
--# PROP AllowPerConfigDependencies 0
--# PROP Scc_ProjName ""
--# PROP Scc_LocalPath ""
--CPP=cl.exe
--RSC=rc.exe
--
--!IF "$(CFG)" == "host - Win32 Release"
--
--# PROP BASE Use_MFC 0
--# PROP BASE Use_Debug_Libraries 0
--# PROP BASE Output_Dir "Release"
--# PROP BASE Intermediate_Dir "Release"
--# PROP BASE Target_Dir ""
--# PROP Use_MFC 0
--# PROP Use_Debug_Libraries 0
--# PROP Output_Dir "Release"
--# PROP Intermediate_Dir "Release"
--# PROP Ignore_Export_Lib 0
--# PROP Target_Dir ""
--# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
--# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
--# ADD BASE RSC /l 0x409 /d "NDEBUG"
--# ADD RSC /l 0x409 /d "NDEBUG"
--BSC32=bscmake.exe
--# ADD BASE BSC32 /nologo
--# ADD BSC32 /nologo
--LINK32=link.exe
--# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
--# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Release/dighost.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/host.exe"
--
--!ELSEIF "$(CFG)" == "host - Win32 Debug"
--
--# PROP BASE Use_MFC 0
--# PROP BASE Use_Debug_Libraries 1
--# PROP BASE Output_Dir "Debug"
--# PROP BASE Intermediate_Dir "Debug"
--# PROP BASE Target_Dir ""
--# PROP Use_MFC 0
--# PROP Use_Debug_Libraries 1
--# PROP Output_Dir "Debug"
--# PROP Intermediate_Dir "Debug"
--# PROP Ignore_Export_Lib 0
--# PROP Target_Dir ""
--# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
--# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
--# SUBTRACT CPP /X /u /YX
--# ADD BASE RSC /l 0x409 /d "_DEBUG"
--# ADD RSC /l 0x409 /d "_DEBUG"
--BSC32=bscmake.exe
--# ADD BASE BSC32 /nologo
--# ADD BSC32 /nologo
--LINK32=link.exe
--# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
--# ADD LINK32 user32.lib advapi32.lib ws2_32.lib Debug/dighost.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept
--
--!ENDIF
--
--# Begin Target
--
--# Name "host - Win32 Release"
--# Name "host - Win32 Debug"
--# Begin Group "Source Files"
--
--# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
--# Begin Source File
--
--SOURCE=..\host.c
--# End Source File
--# End Group
--# Begin Group "Header Files"
--
--# PROP Default_Filter "h;hpp;hxx;hm;inl"
--# End Group
--# Begin Group "Resource Files"
--
--# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
--# End Group
--# End Target
--# End Project
+++ /dev/null
--# Microsoft Developer Studio Generated NMAKE File, Based on host.dsp
--!IF "$(CFG)" == ""
--CFG=host - Win32 Debug
--!MESSAGE No configuration specified. Defaulting to host - Win32 Debug.
--!ENDIF
--
--!IF "$(CFG)" != "host - Win32 Release" && "$(CFG)" != "host - Win32 Debug"
--!MESSAGE Invalid configuration "$(CFG)" specified.
--!MESSAGE You can specify a configuration when running NMAKE
--!MESSAGE by defining the macro CFG on the command line. For example:
--!MESSAGE
--!MESSAGE NMAKE /f "host.mak" CFG="host - Win32 Debug"
--!MESSAGE
--!MESSAGE Possible choices for configuration are:
--!MESSAGE
--!MESSAGE "host - Win32 Release" (based on "Win32 (x86) Console Application")
--!MESSAGE "host - Win32 Debug" (based on "Win32 (x86) Console Application")
--!MESSAGE
--!ERROR An invalid configuration is specified.
--!ENDIF
--
--!IF "$(OS)" == "Windows_NT"
--NULL=
--!ELSE
--NULL=nul
--!ENDIF
--
--CPP=cl.exe
--RSC=rc.exe
--
--!IF "$(CFG)" == "host - Win32 Release"
--_VC_MANIFEST_INC=0
--_VC_MANIFEST_BASENAME=__VC80
--!ELSE
--_VC_MANIFEST_INC=1
--_VC_MANIFEST_BASENAME=__VC80.Debug
--!ENDIF
--
--####################################################
--# Specifying name of temporary resource file used only in incremental builds:
--
--!if "$(_VC_MANIFEST_INC)" == "1"
--_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
--!else
--_VC_MANIFEST_AUTO_RES=
--!endif
--
--####################################################
--# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
--
--!if "$(_VC_MANIFEST_INC)" == "1"
--
--#MT_SPECIAL_RETURN=1090650113
--#MT_SPECIAL_SWITCH=-notify_resource_update
--MT_SPECIAL_RETURN=0
--MT_SPECIAL_SWITCH=
--_VC_MANIFEST_EMBED_EXE= \
--if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
--if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
--rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
--link $** /out:$@ $(LFLAGS)
--
--!else
--
--_VC_MANIFEST_EMBED_EXE= \
--if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
--
--!endif
--
--####################################################
--# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
--
--!if "$(_VC_MANIFEST_INC)" == "1"
--
--#MT_SPECIAL_RETURN=1090650113
--#MT_SPECIAL_SWITCH=-notify_resource_update
--MT_SPECIAL_RETURN=0
--MT_SPECIAL_SWITCH=
--_VC_MANIFEST_EMBED_EXE= \
--if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
--if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
--rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
--link $** /out:$@ $(LFLAGS)
--
--!else
--
--_VC_MANIFEST_EMBED_EXE= \
--if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
--
--!endif
--####################################################
--# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
--
--!if "$(_VC_MANIFEST_INC)" == "1"
--
--_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-- $(_VC_MANIFEST_BASENAME).auto.rc \
-- $(_VC_MANIFEST_BASENAME).auto.manifest
--
--!else
--
--_VC_MANIFEST_CLEAN=
--
--!endif
--
--!IF "$(CFG)" == "host - Win32 Release"
--
--OUTDIR=.\Release
--INTDIR=.\Release
--
--!IF "$(RECURSE)" == "0"
--
--ALL : "..\..\..\Build\Release\host.exe"
--
--!ELSE
--
--ALL : "liblwres - Win32 Release" "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\host.exe"
--
--!ENDIF
--
--!IF "$(RECURSE)" == "1"
--CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" "liblwres - Win32 ReleaseCLEAN"
--!ELSE
--CLEAN :
--!ENDIF
-- -@erase "$(INTDIR)\dighost.obj"
-- -@erase "$(INTDIR)\host.obj"
-- -@erase "$(INTDIR)\vc60.idb"
-- -@erase "..\..\..\Build\Release\host.exe"
-- -@$(_VC_MANIFEST_CLEAN)
--
--"$(OUTDIR)" :
-- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
--
--CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\host.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
--BSC32=bscmake.exe
--BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc"
--BSC32_SBRS= \
--
--LINK32=link.exe
--LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\host.pdb" /machine:I386 /out:"../../../Build/Release/host.exe"
--LINK32_OBJS= \
-- "$(INTDIR)\dighost.obj" \
-- "$(INTDIR)\host.obj" \
-- "..\..\..\lib\dns\win32\Release\libdns.lib" \
-- "..\..\..\lib\isc\win32\Release\libisc.lib" \
-- "..\..\..\lib\bind9\win32\Release\libbind9.lib" \
-- "..\..\..\lib\lwres\win32\Release\liblwres.lib"
--
--"..\..\..\Build\Release\host.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-- $(LINK32) @<<
-- $(LINK32_FLAGS) $(LINK32_OBJS)
--<<
-- $(_VC_MANIFEST_EMBED_EXE)
--
--!ELSEIF "$(CFG)" == "host - Win32 Debug"
--
--OUTDIR=.\Debug
--INTDIR=.\Debug
--# Begin Custom Macros
--OutDir=.\Debug
--# End Custom Macros
--
--!IF "$(RECURSE)" == "0"
--
--ALL : "..\..\..\Build\Debug\host.exe" "$(OUTDIR)\host.bsc"
--
--!ELSE
--
--ALL : "liblwres - Win32 Debug" "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\host.exe" "$(OUTDIR)\host.bsc"
--
--!ENDIF
--
--!IF "$(RECURSE)" == "1"
--CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" "liblwres - Win32 DebugCLEAN"
--!ELSE
--CLEAN :
--!ENDIF
-- -@erase "$(INTDIR)\dighost.obj"
-- -@erase "$(INTDIR)\dighost.sbr"
-- -@erase "$(INTDIR)\host.obj"
-- -@erase "$(INTDIR)\host.sbr"
-- -@erase "$(INTDIR)\vc60.idb"
-- -@erase "$(INTDIR)\vc60.pdb"
-- -@erase "$(OUTDIR)\host.bsc"
-- -@erase "$(OUTDIR)\host.pdb"
-- -@erase "..\..\..\Build\Debug\host.exe"
-- -@erase "..\..\..\Build\Debug\host.ilk"
-- -@$(_VC_MANIFEST_CLEAN)
--
--"$(OUTDIR)" :
-- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
--
--CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
--BSC32=bscmake.exe
--BSC32_FLAGS=/nologo /o"$(OUTDIR)\host.bsc"
--BSC32_SBRS= \
-- "$(INTDIR)\dighost.sbr" \
-- "$(INTDIR)\host.sbr"
--
--"$(OUTDIR)\host.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-- $(BSC32) @<<
-- $(BSC32_FLAGS) $(BSC32_SBRS)
--<<
--
--LINK32=link.exe
--LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\host.pdb" /debug /machine:I386 /out:"../../../Build/Debug/host.exe" /pdbtype:sept
--LINK32_OBJS= \
-- "$(INTDIR)\dighost.obj" \
-- "$(INTDIR)\host.obj" \
-- "..\..\..\lib\dns\win32\Debug\libdns.lib" \
-- "..\..\..\lib\isc\win32\Debug\libisc.lib" \
-- "..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
-- "..\..\..\lib\lwres\win32\Debug\liblwres.lib"
--
--"..\..\..\Build\Debug\host.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-- $(LINK32) @<<
-- $(LINK32_FLAGS) $(LINK32_OBJS)
--<<
-- $(_VC_MANIFEST_EMBED_EXE)
--
--!ENDIF
--
--.c{$(INTDIR)}.obj::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.cpp{$(INTDIR)}.obj::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.cxx{$(INTDIR)}.obj::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.c{$(INTDIR)}.sbr::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.cpp{$(INTDIR)}.sbr::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.cxx{$(INTDIR)}.sbr::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--
--!IF "$(NO_EXTERNAL_DEPS)" != "1"
--!IF EXISTS("host.dep")
--!INCLUDE "host.dep"
--!ELSE
--!MESSAGE Warning: cannot find "host.dep"
--!ENDIF
--!ENDIF
--
--
--!IF "$(CFG)" == "host - Win32 Release" || "$(CFG)" == "host - Win32 Debug"
--SOURCE=..\dighost.c
--
--!IF "$(CFG)" == "host - Win32 Release"
--
--
--"$(INTDIR)\dighost.obj" : $(SOURCE) "$(INTDIR)"
-- $(CPP) $(CPP_PROJ) $(SOURCE)
--
--
--!ELSEIF "$(CFG)" == "host - Win32 Debug"
--
--
--"$(INTDIR)\dighost.obj" "$(INTDIR)\dighost.sbr" : $(SOURCE) "$(INTDIR)"
-- $(CPP) $(CPP_PROJ) $(SOURCE)
--
--
--!ENDIF
--
--SOURCE=..\host.c
--
--!IF "$(CFG)" == "host - Win32 Release"
--
--
--"$(INTDIR)\host.obj" : $(SOURCE) "$(INTDIR)"
-- $(CPP) $(CPP_PROJ) $(SOURCE)
--
--
--!ELSEIF "$(CFG)" == "host - Win32 Debug"
--
--
--"$(INTDIR)\host.obj" "$(INTDIR)\host.sbr" : $(SOURCE) "$(INTDIR)"
-- $(CPP) $(CPP_PROJ) $(SOURCE)
--
--
--!ENDIF
--
--!IF "$(CFG)" == "host - Win32 Release"
--
--"libdns - Win32 Release" :
-- cd "..\..\..\lib\dns\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release"
-- cd "..\..\..\bin\dig\win32"
--
--"libdns - Win32 ReleaseCLEAN" :
-- cd "..\..\..\lib\dns\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ELSEIF "$(CFG)" == "host - Win32 Debug"
--
--"libdns - Win32 Debug" :
-- cd "..\..\..\lib\dns\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug"
-- cd "..\..\..\bin\dig\win32"
--
--"libdns - Win32 DebugCLEAN" :
-- cd "..\..\..\lib\dns\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ENDIF
--
--!IF "$(CFG)" == "host - Win32 Release"
--
--"libisc - Win32 Release" :
-- cd "..\..\..\lib\isc\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release"
-- cd "..\..\..\bin\dig\win32"
--
--"libisc - Win32 ReleaseCLEAN" :
-- cd "..\..\..\lib\isc\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ELSEIF "$(CFG)" == "host - Win32 Debug"
--
--"libisc - Win32 Debug" :
-- cd "..\..\..\lib\isc\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug"
-- cd "..\..\..\bin\dig\win32"
--
--"libisc - Win32 DebugCLEAN" :
-- cd "..\..\..\lib\isc\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ENDIF
--
--!IF "$(CFG)" == "host - Win32 Release"
--
--"libbind9 - Win32 Release" :
-- cd "..\..\..\lib\bind9\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release"
-- cd "..\..\..\bin\dig\win32"
--
--"libbind9 - Win32 ReleaseCLEAN" :
-- cd "..\..\..\lib\bind9\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ELSEIF "$(CFG)" == "host - Win32 Debug"
--
--"libbind9 - Win32 Debug" :
-- cd "..\..\..\lib\bind9\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug"
-- cd "..\..\..\bin\dig\win32"
--
--"libbind9 - Win32 DebugCLEAN" :
-- cd "..\..\..\lib\bind9\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ENDIF
--
--!IF "$(CFG)" == "host - Win32 Release"
--
--"liblwres - Win32 Release" :
-- cd "..\..\..\lib\lwres\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release"
-- cd "..\..\..\bin\dig\win32"
--
--"liblwres - Win32 ReleaseCLEAN" :
-- cd "..\..\..\lib\lwres\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ELSEIF "$(CFG)" == "host - Win32 Debug"
--
--"liblwres - Win32 Debug" :
-- cd "..\..\..\lib\lwres\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug"
-- cd "..\..\..\bin\dig\win32"
--
--"liblwres - Win32 DebugCLEAN" :
-- cd "..\..\..\lib\lwres\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ENDIF
--
--
--!ENDIF
--
--####################################################
--# Commands to generate initial empty manifest file and the RC file
--# that references it, and for generating the .res file:
--
--$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
--
--$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-- type <<$@
--#include <winuser.h>
--1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
--<< KEEP
--
--$(_VC_MANIFEST_BASENAME).auto.manifest :
-- type <<$@
--<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
--<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
--</assembly>
--<< KEEP
+++ /dev/null
--# Microsoft Developer Studio Project File - Name="nslookup" - Package Owner=<4>
--# Microsoft Developer Studio Generated Build File, Format Version 6.00
--# ** DO NOT EDIT **
--
--# TARGTYPE "Win32 (x86) Console Application" 0x0103
--
--CFG=nslookup - Win32 Debug
--!MESSAGE This is not a valid makefile. To build this project using NMAKE,
--!MESSAGE use the Export Makefile command and run
--!MESSAGE
--!MESSAGE NMAKE /f "nslookup.mak".
--!MESSAGE
--!MESSAGE You can specify a configuration when running NMAKE
--!MESSAGE by defining the macro CFG on the command line. For example:
--!MESSAGE
--!MESSAGE NMAKE /f "nslookup.mak" CFG="nslookup - Win32 Debug"
--!MESSAGE
--!MESSAGE Possible choices for configuration are:
--!MESSAGE
--!MESSAGE "nslookup - Win32 Release" (based on "Win32 (x86) Console Application")
--!MESSAGE "nslookup - Win32 Debug" (based on "Win32 (x86) Console Application")
--!MESSAGE
--
--# Begin Project
--# PROP AllowPerConfigDependencies 0
--# PROP Scc_ProjName ""
--# PROP Scc_LocalPath ""
--CPP=cl.exe
--RSC=rc.exe
--
--!IF "$(CFG)" == "nslookup - Win32 Release"
--
--# PROP BASE Use_MFC 0
--# PROP BASE Use_Debug_Libraries 0
--# PROP BASE Output_Dir "Release"
--# PROP BASE Intermediate_Dir "Release"
--# PROP BASE Target_Dir ""
--# PROP Use_MFC 0
--# PROP Use_Debug_Libraries 0
--# PROP Output_Dir "Release"
--# PROP Intermediate_Dir "Release"
--# PROP Ignore_Export_Lib 0
--# PROP Target_Dir ""
--# ADD BASE CPP /nologo /W3 /GX /O2 /D "WIN32" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
--# ADD CPP /nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /c
--# ADD BASE RSC /l 0x409 /d "NDEBUG"
--# ADD RSC /l 0x409 /d "NDEBUG"
--BSC32=bscmake.exe
--# ADD BASE BSC32 /nologo
--# ADD BSC32 /nologo
--LINK32=link.exe
--# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /machine:I386
--# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /machine:I386 /out:"../../../Build/Release/nslookup.exe"
--
--!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
--
--# PROP BASE Use_MFC 0
--# PROP BASE Use_Debug_Libraries 1
--# PROP BASE Output_Dir "Debug"
--# PROP BASE Intermediate_Dir "Debug"
--# PROP BASE Target_Dir ""
--# PROP Use_MFC 0
--# PROP Use_Debug_Libraries 1
--# PROP Output_Dir "Debug"
--# PROP Intermediate_Dir "Debug"
--# PROP Ignore_Export_Lib 0
--# PROP Target_Dir ""
--# ADD BASE CPP /nologo /W3 /Gm /GX /ZI /Od /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /YX /FD /GZ /c
--# ADD CPP /nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR /FD /GZ /c
--# SUBTRACT CPP /X /u /YX
--# ADD BASE RSC /l 0x409 /d "_DEBUG"
--# ADD RSC /l 0x409 /d "_DEBUG"
--BSC32=bscmake.exe
--# ADD BASE BSC32 /nologo
--# ADD BSC32 /nologo
--LINK32=link.exe
--# ADD BASE LINK32 kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib kernel32.lib user32.lib gdi32.lib winspool.lib comdlg32.lib advapi32.lib shell32.lib ole32.lib oleaut32.lib uuid.lib odbc32.lib odbccp32.lib /nologo /subsystem:console /debug /machine:I386 /pdbtype:sept
--# ADD LINK32 user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept
--
--!ENDIF
--
--# Begin Target
--
--# Name "nslookup - Win32 Release"
--# Name "nslookup - Win32 Debug"
--# Begin Group "Source Files"
--
--# PROP Default_Filter "cpp;c;cxx;rc;def;r;odl;idl;hpj;bat"
--# Begin Source File
--
--SOURCE=..\dighost.c
--# End Source File
--# Begin Source File
--
--SOURCE=..\nslookup.c
--# End Source File
--# End Group
--# Begin Group "Header Files"
--
--# PROP Default_Filter "h;hpp;hxx;hm;inl"
--# End Group
--# Begin Group "Resource Files"
--
--# PROP Default_Filter "ico;cur;bmp;dlg;rc2;rct;bin;rgs;gif;jpg;jpeg;jpe"
--# End Group
--# End Target
--# End Project
+++ /dev/null
--# Microsoft Developer Studio Generated NMAKE File, Based on nslookup.dsp
--!IF "$(CFG)" == ""
--CFG=nslookup - Win32 Debug
--!MESSAGE No configuration specified. Defaulting to nslookup - Win32 Debug.
--!ENDIF
--
--!IF "$(CFG)" != "nslookup - Win32 Release" && "$(CFG)" != "nslookup - Win32 Debug"
--!MESSAGE Invalid configuration "$(CFG)" specified.
--!MESSAGE You can specify a configuration when running NMAKE
--!MESSAGE by defining the macro CFG on the command line. For example:
--!MESSAGE
--!MESSAGE NMAKE /f "nslookup.mak" CFG="nslookup - Win32 Debug"
--!MESSAGE
--!MESSAGE Possible choices for configuration are:
--!MESSAGE
--!MESSAGE "nslookup - Win32 Release" (based on "Win32 (x86) Console Application")
--!MESSAGE "nslookup - Win32 Debug" (based on "Win32 (x86) Console Application")
--!MESSAGE
--!ERROR An invalid configuration is specified.
--!ENDIF
--
--!IF "$(OS)" == "Windows_NT"
--NULL=
--!ELSE
--NULL=nul
--!ENDIF
--
--CPP=cl.exe
--RSC=rc.exe
--
--!IF "$(CFG)" == "nslookup - Win32 Release"
--_VC_MANIFEST_INC=0
--_VC_MANIFEST_BASENAME=__VC80
--!ELSE
--_VC_MANIFEST_INC=1
--_VC_MANIFEST_BASENAME=__VC80.Debug
--!ENDIF
--
--####################################################
--# Specifying name of temporary resource file used only in incremental builds:
--
--!if "$(_VC_MANIFEST_INC)" == "1"
--_VC_MANIFEST_AUTO_RES=$(_VC_MANIFEST_BASENAME).auto.res
--!else
--_VC_MANIFEST_AUTO_RES=
--!endif
--
--####################################################
--# _VC_MANIFEST_EMBED_EXE - command to embed manifest in EXE:
--
--!if "$(_VC_MANIFEST_INC)" == "1"
--
--#MT_SPECIAL_RETURN=1090650113
--#MT_SPECIAL_SWITCH=-notify_resource_update
--MT_SPECIAL_RETURN=0
--MT_SPECIAL_SWITCH=
--_VC_MANIFEST_EMBED_EXE= \
--if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
--if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
--rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
--link $** /out:$@ $(LFLAGS)
--
--!else
--
--_VC_MANIFEST_EMBED_EXE= \
--if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;1
--
--!endif
--
--####################################################
--# _VC_MANIFEST_EMBED_DLL - command to embed manifest in DLL:
--
--!if "$(_VC_MANIFEST_INC)" == "1"
--
--#MT_SPECIAL_RETURN=1090650113
--#MT_SPECIAL_SWITCH=-notify_resource_update
--MT_SPECIAL_RETURN=0
--MT_SPECIAL_SWITCH=
--_VC_MANIFEST_EMBED_EXE= \
--if exist $@.manifest mt.exe -manifest $@.manifest -out:$(_VC_MANIFEST_BASENAME).auto.manifest $(MT_SPECIAL_SWITCH) & \
--if "%ERRORLEVEL%" == "$(MT_SPECIAL_RETURN)" \
--rc /r $(_VC_MANIFEST_BASENAME).auto.rc & \
--link $** /out:$@ $(LFLAGS)
--
--!else
--
--_VC_MANIFEST_EMBED_EXE= \
--if exist $@.manifest mt.exe -manifest $@.manifest -outputresource:$@;2
--
--!endif
--####################################################
--# _VC_MANIFEST_CLEAN - command to clean resources files generated temporarily:
--
--!if "$(_VC_MANIFEST_INC)" == "1"
--
--_VC_MANIFEST_CLEAN=-del $(_VC_MANIFEST_BASENAME).auto.res \
-- $(_VC_MANIFEST_BASENAME).auto.rc \
-- $(_VC_MANIFEST_BASENAME).auto.manifest
--
--!else
--
--_VC_MANIFEST_CLEAN=
--
--!endif
--
--!IF "$(CFG)" == "nslookup - Win32 Release"
--
--OUTDIR=.\Release
--INTDIR=.\Release
--
--!IF "$(RECURSE)" == "0"
--
--ALL : "..\..\..\Build\Release\nslookup.exe"
--
--!ELSE
--
--ALL : "liblwres - Win32 Release" "libbind9 - Win32 Release" "libisc - Win32 Release" "libdns - Win32 Release" "..\..\..\Build\Release\nslookup.exe"
--
--!ENDIF
--
--!IF "$(RECURSE)" == "1"
--CLEAN :"libdns - Win32 ReleaseCLEAN" "libisc - Win32 ReleaseCLEAN" "libbind9 - Win32 ReleaseCLEAN" "liblwres - Win32 ReleaseCLEAN"
--!ELSE
--CLEAN :
--!ENDIF
-- -@erase "$(INTDIR)\dighost.obj"
-- -@erase "$(INTDIR)\nslookup.obj"
-- -@erase "$(INTDIR)\vc60.idb"
-- -@erase "..\..\..\Build\Release\nslookup.exe"
-- -@$(_VC_MANIFEST_CLEAN)
--
--"$(OUTDIR)" :
-- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
--
--CPP_PROJ=/nologo /MD /W3 /GX /O2 /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "__STDC__" /D "NDEBUG" /D "_CONSOLE" /D "_MBCS" /Fp"$(INTDIR)\nslookup.pch" /YX /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /c
--BSC32=bscmake.exe
--BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc"
--BSC32_SBRS= \
--
--LINK32=link.exe
--LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Release/libisc.lib ../../../lib/dns/win32/Release/libdns.lib ../../../lib/bind9/win32/Release/libbind9.lib ../../../lib/lwres/win32/Release/liblwres.lib /nologo /subsystem:console /incremental:no /pdb:"$(OUTDIR)\nslookup.pdb" /machine:I386 /out:"../../../Build/Release/nslookup.exe"
--LINK32_OBJS= \
-- "$(INTDIR)\dighost.obj" \
-- "$(INTDIR)\nslookup.obj" \
-- "..\..\..\lib\dns\win32\Release\libdns.lib" \
-- "..\..\..\lib\isc\win32\Release\libisc.lib" \
-- "..\..\..\lib\bind9\win32\Release\libbind9.lib" \
-- "..\..\..\lib\lwres\win32\Release\liblwres.lib"
--
--"..\..\..\Build\Release\nslookup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-- $(LINK32) @<<
-- $(LINK32_FLAGS) $(LINK32_OBJS)
--<<
-- $(_VC_MANIFEST_EMBED_EXE)
--
--!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
--
--OUTDIR=.\Debug
--INTDIR=.\Debug
--# Begin Custom Macros
--OutDir=.\Debug
--# End Custom Macros
--
--!IF "$(RECURSE)" == "0"
--
--ALL : "..\..\..\Build\Debug\nslookup.exe" "$(OUTDIR)\nslookup.bsc"
--
--!ELSE
--
--ALL : "liblwres - Win32 Debug" "libbind9 - Win32 Debug" "libisc - Win32 Debug" "libdns - Win32 Debug" "..\..\..\Build\Debug\nslookup.exe" "$(OUTDIR)\nslookup.bsc"
--
--!ENDIF
--
--!IF "$(RECURSE)" == "1"
--CLEAN :"libdns - Win32 DebugCLEAN" "libisc - Win32 DebugCLEAN" "libbind9 - Win32 DebugCLEAN" "liblwres - Win32 DebugCLEAN"
--!ELSE
--CLEAN :
--!ENDIF
-- -@erase "$(INTDIR)\dighost.obj"
-- -@erase "$(INTDIR)\dighost.sbr"
-- -@erase "$(INTDIR)\nslookup.obj"
-- -@erase "$(INTDIR)\nslookup.sbr"
-- -@erase "$(INTDIR)\vc60.idb"
-- -@erase "$(INTDIR)\vc60.pdb"
-- -@erase "$(OUTDIR)\nslookup.bsc"
-- -@erase "$(OUTDIR)\nslookup.pdb"
-- -@erase "..\..\..\Build\Debug\nslookup.exe"
-- -@erase "..\..\..\Build\Debug\nslookup.ilk"
-- -@$(_VC_MANIFEST_CLEAN)
--
--"$(OUTDIR)" :
-- if not exist "$(OUTDIR)/$(NULL)" mkdir "$(OUTDIR)"
--
--CPP_PROJ=/nologo /MDd /W3 /Gm /GX /ZI /Od /I "./" /I "../include" /I "../../../" /I "../../../../libxml2-2.7.3/include" /I "../../../lib/isc/win32" /I "../../../lib/isc/win32/include" /I "../../../lib/isc/include" /I "../../../lib/isc/noatomic/include" /I "../../../lib/dns/include" /I "../../../lib/bind9/include" /I "../../../lib/lwres/win32/include" /I "../../../lib/lwres/include" /D "WIN32" /D "_DEBUG" /D "_CONSOLE" /D "_MBCS" /FR"$(INTDIR)\\" /Fo"$(INTDIR)\\" /Fd"$(INTDIR)\\" /FD /GZ /c
--BSC32=bscmake.exe
--BSC32_FLAGS=/nologo /o"$(OUTDIR)\nslookup.bsc"
--BSC32_SBRS= \
-- "$(INTDIR)\dighost.sbr" \
-- "$(INTDIR)\nslookup.sbr"
--
--"$(OUTDIR)\nslookup.bsc" : "$(OUTDIR)" $(BSC32_SBRS)
-- $(BSC32) @<<
-- $(BSC32_FLAGS) $(BSC32_SBRS)
--<<
--
--LINK32=link.exe
--LINK32_FLAGS=user32.lib advapi32.lib ws2_32.lib ../../../lib/isc/win32/Debug/libisc.lib ../../../lib/dns/win32/Debug/libdns.lib ../../../lib/bind9/win32/Debug/libbind9.lib ../../../lib/lwres/win32/Debug/liblwres.lib /nologo /subsystem:console /incremental:yes /pdb:"$(OUTDIR)\nslookup.pdb" /debug /machine:I386 /out:"../../../Build/Debug/nslookup.exe" /pdbtype:sept
--LINK32_OBJS= \
-- "$(INTDIR)\dighost.obj" \
-- "$(INTDIR)\nslookup.obj" \
-- "..\..\..\lib\dns\win32\Debug\libdns.lib" \
-- "..\..\..\lib\isc\win32\Debug\libisc.lib" \
-- "..\..\..\lib\bind9\win32\Debug\libbind9.lib" \
-- "..\..\..\lib\lwres\win32\Debug\liblwres.lib"
--
--"..\..\..\Build\Debug\nslookup.exe" : "$(OUTDIR)" $(DEF_FILE) $(LINK32_OBJS)
-- $(LINK32) @<<
-- $(LINK32_FLAGS) $(LINK32_OBJS)
--<<
-- $(_VC_MANIFEST_EMBED_EXE)
--
--!ENDIF
--
--.c{$(INTDIR)}.obj::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.cpp{$(INTDIR)}.obj::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.cxx{$(INTDIR)}.obj::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.c{$(INTDIR)}.sbr::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.cpp{$(INTDIR)}.sbr::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--.cxx{$(INTDIR)}.sbr::
-- $(CPP) @<<
-- $(CPP_PROJ) $<
--<<
--
--
--!IF "$(NO_EXTERNAL_DEPS)" != "1"
--!IF EXISTS("nslookup.dep")
--!INCLUDE "nslookup.dep"
--!ELSE
--!MESSAGE Warning: cannot find "nslookup.dep"
--!ENDIF
--!ENDIF
--
--
--!IF "$(CFG)" == "nslookup - Win32 Release" || "$(CFG)" == "nslookup - Win32 Debug"
--SOURCE=..\dighost.c
--
--!IF "$(CFG)" == "nslookup - Win32 Release"
--
--
--"$(INTDIR)\dighost.obj" : $(SOURCE) "$(INTDIR)"
-- $(CPP) $(CPP_PROJ) $(SOURCE)
--
--
--!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
--
--
--"$(INTDIR)\dighost.obj" "$(INTDIR)\dighost.sbr" : $(SOURCE) "$(INTDIR)"
-- $(CPP) $(CPP_PROJ) $(SOURCE)
--
--
--!ENDIF
--
--SOURCE=..\nslookup.c
--
--!IF "$(CFG)" == "nslookup - Win32 Release"
--
--
--"$(INTDIR)\nslookup.obj" : $(SOURCE) "$(INTDIR)"
-- $(CPP) $(CPP_PROJ) $(SOURCE)
--
--
--!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
--
--
--"$(INTDIR)\nslookup.obj" "$(INTDIR)\nslookup.sbr" : $(SOURCE) "$(INTDIR)"
-- $(CPP) $(CPP_PROJ) $(SOURCE)
--
--
--!ENDIF
--
--!IF "$(CFG)" == "nslookup - Win32 Release"
--
--"libdns - Win32 Release" :
-- cd "..\..\..\lib\dns\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release"
-- cd "..\..\..\bin\dig\win32"
--
--"libdns - Win32 ReleaseCLEAN" :
-- cd "..\..\..\lib\dns\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Release" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
--
--"libdns - Win32 Debug" :
-- cd "..\..\..\lib\dns\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug"
-- cd "..\..\..\bin\dig\win32"
--
--"libdns - Win32 DebugCLEAN" :
-- cd "..\..\..\lib\dns\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libdns.mak" CFG="libdns - Win32 Debug" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ENDIF
--
--!IF "$(CFG)" == "nslookup - Win32 Release"
--
--"libisc - Win32 Release" :
-- cd "..\..\..\lib\isc\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release"
-- cd "..\..\..\bin\dig\win32"
--
--"libisc - Win32 ReleaseCLEAN" :
-- cd "..\..\..\lib\isc\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Release" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
--
--"libisc - Win32 Debug" :
-- cd "..\..\..\lib\isc\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug"
-- cd "..\..\..\bin\dig\win32"
--
--"libisc - Win32 DebugCLEAN" :
-- cd "..\..\..\lib\isc\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libisc.mak" CFG="libisc - Win32 Debug" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ENDIF
--
--!IF "$(CFG)" == "nslookup - Win32 Release"
--
--"libbind9 - Win32 Release" :
-- cd "..\..\..\lib\bind9\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release"
-- cd "..\..\..\bin\dig\win32"
--
--"libbind9 - Win32 ReleaseCLEAN" :
-- cd "..\..\..\lib\bind9\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Release" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
--
--"libbind9 - Win32 Debug" :
-- cd "..\..\..\lib\bind9\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug"
-- cd "..\..\..\bin\dig\win32"
--
--"libbind9 - Win32 DebugCLEAN" :
-- cd "..\..\..\lib\bind9\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\libbind9.mak" CFG="libbind9 - Win32 Debug" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ENDIF
--
--!IF "$(CFG)" == "nslookup - Win32 Release"
--
--"liblwres - Win32 Release" :
-- cd "..\..\..\lib\lwres\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release"
-- cd "..\..\..\bin\dig\win32"
--
--"liblwres - Win32 ReleaseCLEAN" :
-- cd "..\..\..\lib\lwres\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Release" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ELSEIF "$(CFG)" == "nslookup - Win32 Debug"
--
--"liblwres - Win32 Debug" :
-- cd "..\..\..\lib\lwres\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug"
-- cd "..\..\..\bin\dig\win32"
--
--"liblwres - Win32 DebugCLEAN" :
-- cd "..\..\..\lib\lwres\win32"
-- $(MAKE) /$(MAKEFLAGS) /F ".\liblwres.mak" CFG="liblwres - Win32 Debug" RECURSE=1 CLEAN
-- cd "..\..\..\bin\dig\win32"
--
--!ENDIF
--
--
--!ENDIF
--
--####################################################
--# Commands to generate initial empty manifest file and the RC file
--# that references it, and for generating the .res file:
--
--$(_VC_MANIFEST_BASENAME).auto.res : $(_VC_MANIFEST_BASENAME).auto.rc
--
--$(_VC_MANIFEST_BASENAME).auto.rc : $(_VC_MANIFEST_BASENAME).auto.manifest
-- type <<$@
--#include <winuser.h>
--1RT_MANIFEST"$(_VC_MANIFEST_BASENAME).auto.manifest"
--<< KEEP
--
--$(_VC_MANIFEST_BASENAME).auto.manifest :
-- type <<$@
--<?xml version='1.0' encoding='UTF-8' standalone='yes'?>
--<assembly xmlns='urn:schemas-microsoft-com:asm.v1' manifestVersion='1.0'>
--</assembly>
--<< KEEP
+++ /dev/null
--/*
-- * Portions Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
-- * Portions Copyright (C) 1999-2003 Internet Software Consortium.
-- *
-- * Permission to use, copy, modify, and/or distribute this software for any
-- * purpose with or without fee is hereby granted, provided that the above
-- * copyright notice and this permission notice appear in all copies.
-- *
-- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
-- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
-- * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
-- * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-- * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-- *
-- * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
-- *
-- * Permission to use, copy, modify, and/or distribute this software for any
-- * purpose with or without fee is hereby granted, provided that the above
-- * copyright notice and this permission notice appear in all copies.
-- *
-- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
-- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
-- * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
-- * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-- * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-- */
--
- /* $Id: dnssec-signzone.c,v 1.232 2009/09/23 16:01:56 each Exp $ */
-/* $Id: dnssec-signzone.c,v 1.229 2009/09/02 06:29:00 each Exp $ */
--
--/*! \file */
--
--#include <config.h>
--
--#include <stdlib.h>
--#include <time.h>
--
--#include <isc/app.h>
--#include <isc/base32.h>
--#include <isc/commandline.h>
--#include <isc/entropy.h>
--#include <isc/event.h>
--#include <isc/file.h>
--#include <isc/hash.h>
--#include <isc/hex.h>
--#include <isc/mem.h>
--#include <isc/mutex.h>
--#include <isc/os.h>
--#include <isc/print.h>
--#include <isc/random.h>
--#include <isc/rwlock.h>
--#include <isc/serial.h>
--#include <isc/stdio.h>
--#include <isc/stdlib.h>
--#include <isc/string.h>
--#include <isc/task.h>
--#include <isc/time.h>
--#include <isc/util.h>
--
--#include <dns/db.h>
--#include <dns/dbiterator.h>
--#include <dns/diff.h>
--#include <dns/dnssec.h>
--#include <dns/ds.h>
--#include <dns/fixedname.h>
--#include <dns/keyvalues.h>
--#include <dns/log.h>
--#include <dns/master.h>
--#include <dns/masterdump.h>
--#include <dns/nsec.h>
--#include <dns/nsec3.h>
--#include <dns/rdata.h>
--#include <dns/rdatalist.h>
--#include <dns/rdataset.h>
--#include <dns/rdataclass.h>
--#include <dns/rdatasetiter.h>
--#include <dns/rdatastruct.h>
--#include <dns/rdatatype.h>
--#include <dns/result.h>
--#include <dns/soa.h>
--#include <dns/time.h>
--
--#include <dst/dst.h>
--
--#include "dnssectool.h"
--
--#ifndef PATH_MAX
--#define PATH_MAX 1024 /* AIX, WIN32, and others don't define this. */
--#endif
--
--const char *program = "dnssec-signzone";
--int verbose;
--
--typedef struct hashlist hashlist_t;
--
--static int nsec_datatype = dns_rdatatype_nsec;
--
--#define IS_NSEC3 (nsec_datatype == dns_rdatatype_nsec3)
--#define OPTOUT(x) (((x) & DNS_NSEC3FLAG_OPTOUT) != 0)
--
--#define BUFSIZE 2048
--#define MAXDSKEYS 8
--
--#define SIGNER_EVENTCLASS ISC_EVENTCLASS(0x4453)
--#define SIGNER_EVENT_WRITE (SIGNER_EVENTCLASS + 0)
--#define SIGNER_EVENT_WORK (SIGNER_EVENTCLASS + 1)
--
--#define SOA_SERIAL_KEEP 0
--#define SOA_SERIAL_INCREMENT 1
--#define SOA_SERIAL_UNIXTIME 2
--
--typedef struct signer_event sevent_t;
--struct signer_event {
-- ISC_EVENT_COMMON(sevent_t);
-- dns_fixedname_t *fname;
-- dns_dbnode_t *node;
--};
--
--static dns_dnsseckeylist_t keylist;
--static unsigned int keycount = 0;
--isc_rwlock_t keylist_lock;
--static isc_stdtime_t starttime = 0, endtime = 0, now;
--static int cycle = -1;
--static int jitter = 0;
--static isc_boolean_t tryverify = ISC_FALSE;
--static isc_boolean_t printstats = ISC_FALSE;
--static isc_mem_t *mctx = NULL;
--static isc_entropy_t *ectx = NULL;
--static dns_ttl_t zone_soa_min_ttl;
--static dns_ttl_t soa_ttl;
--static FILE *fp;
--static char *tempfile = NULL;
--static const dns_master_style_t *masterstyle;
--static dns_masterformat_t inputformat = dns_masterformat_text;
--static dns_masterformat_t outputformat = dns_masterformat_text;
--static unsigned int nsigned = 0, nretained = 0, ndropped = 0;
--static unsigned int nverified = 0, nverifyfailed = 0;
--static const char *directory = NULL, *dsdir = NULL;
--static isc_mutex_t namelock, statslock;
--static isc_taskmgr_t *taskmgr = NULL;
--static dns_db_t *gdb; /* The database */
--static dns_dbversion_t *gversion; /* The database version */
--static dns_dbiterator_t *gdbiter; /* The database iterator */
--static dns_rdataclass_t gclass; /* The class */
--static dns_name_t *gorigin; /* The database origin */
--static int nsec3flags = 0;
--static isc_task_t *master = NULL;
--static unsigned int ntasks = 0;
--static isc_boolean_t shuttingdown = ISC_FALSE, finished = ISC_FALSE;
--static isc_boolean_t nokeys = ISC_FALSE;
--static isc_boolean_t removefile = ISC_FALSE;
--static isc_boolean_t generateds = ISC_FALSE;
--static isc_boolean_t ignore_kskflag = ISC_FALSE;
--static dns_name_t *dlv = NULL;
--static dns_fixedname_t dlv_fixed;
--static dns_master_style_t *dsstyle = NULL;
--static unsigned int serialformat = SOA_SERIAL_KEEP;
--static unsigned int hash_length = 0;
--static isc_boolean_t unknownalg = ISC_FALSE;
--static isc_boolean_t disable_zone_check = ISC_FALSE;
--static isc_boolean_t set_keyttl = ISC_FALSE;
--static dns_ttl_t keyttl;
--
--#define INCSTAT(counter) \
-- if (printstats) { \
-- LOCK(&statslock); \
-- counter++; \
-- UNLOCK(&statslock); \
-- }
--
--static void
--sign(isc_task_t *task, isc_event_t *event);
--
- #define check_dns_dbiterator_current(result) \
- check_result((result == DNS_R_NEWORIGIN) ? ISC_R_SUCCESS : result, \
- "dns_dbiterator_current()")
-static isc_boolean_t
-nsec3only(dns_dbnode_t *node);
--
--static void
--dumpnode(dns_name_t *name, dns_dbnode_t *node) {
-- isc_result_t result;
--
-- if (outputformat != dns_masterformat_text)
-- return;
-- result = dns_master_dumpnodetostream(mctx, gdb, gversion, node, name,
-- masterstyle, fp);
-- check_result(result, "dns_master_dumpnodetostream");
--}
--
--/*%
-- * Sign the given RRset with given key, and add the signature record to the
-- * given tuple.
-- */
--static void
--signwithkey(dns_name_t *name, dns_rdataset_t *rdataset, dst_key_t *key,
-- dns_ttl_t ttl, dns_diff_t *add, const char *logmsg)
--{
-- isc_result_t result;
-- isc_stdtime_t jendtime;
-- char keystr[KEY_FORMATSIZE];
-- dns_rdata_t trdata = DNS_RDATA_INIT;
-- unsigned char array[BUFSIZE];
-- isc_buffer_t b;
-- dns_difftuple_t *tuple;
--
-- key_format(key, keystr, sizeof(keystr));
-- vbprintf(1, "\t%s %s\n", logmsg, keystr);
--
-- jendtime = (jitter != 0) ? isc_random_jitter(endtime, jitter) : endtime;
-- isc_buffer_init(&b, array, sizeof(array));
-- result = dns_dnssec_sign(name, rdataset, key, &starttime, &jendtime,
-- mctx, &b, &trdata);
-- isc_entropy_stopcallbacksources(ectx);
-- if (result != ISC_R_SUCCESS) {
-- char keystr[KEY_FORMATSIZE];
-- key_format(key, keystr, sizeof(keystr));
-- fatal("dnskey '%s' failed to sign data: %s",
-- keystr, isc_result_totext(result));
-- }
-- INCSTAT(nsigned);
--
-- if (tryverify) {
-- result = dns_dnssec_verify(name, rdataset, key,
-- ISC_TRUE, mctx, &trdata);
-- if (result == ISC_R_SUCCESS) {
-- vbprintf(3, "\tsignature verified\n");
-- INCSTAT(nverified);
-- } else {
-- vbprintf(3, "\tsignature failed to verify\n");
-- INCSTAT(nverifyfailed);
-- }
-- }
--
-- tuple = NULL;
-- result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name, ttl, &trdata,
-- &tuple);
-- check_result(result, "dns_difftuple_create");
-- dns_diff_append(add, &tuple);
--}
--
--static inline isc_boolean_t
--issigningkey(dns_dnsseckey_t *key) {
-- return (key->force_sign || key->hint_sign);
--}
--
--static inline isc_boolean_t
--iszonekey(dns_dnsseckey_t *key) {
-- return (ISC_TF(dns_name_equal(dst_key_name(key->key), gorigin) &&
-- dst_key_iszonekey(key->key)));
--}
--
--static inline isc_boolean_t
--isksk(dns_dnsseckey_t *key) {
-- return (key->ksk);
--}
--
--static inline isc_boolean_t
--iszsk(dns_dnsseckey_t *key) {
-- return (ignore_kskflag || !key->ksk);
--}
--
--/*%
-- * Find the key that generated an RRSIG, if it is in the key list. If
-- * so, return a pointer to it, otherwise return NULL.
-- *
-- * No locking is performed here, this must be done by the caller.
-- */
--static dns_dnsseckey_t *
--keythatsigned_unlocked(dns_rdata_rrsig_t *rrsig) {
-- dns_dnsseckey_t *key;
--
- for (key = ISC_LIST_HEAD(keylist);
- key != NULL;
- key = ISC_LIST_NEXT(key, link)) {
- key = ISC_LIST_HEAD(keylist);
- while (key != NULL) {
-- if (rrsig->keyid == dst_key_id(key->key) &&
-- rrsig->algorithm == dst_key_alg(key->key) &&
-- dns_name_equal(&rrsig->signer, dst_key_name(key->key)))
-- return (key);
- key = ISC_LIST_NEXT(key, link);
-- }
-- return (NULL);
--}
--
--/*%
-- * Finds the key that generated a RRSIG, if possible. First look at the keys
-- * that we've loaded already, and then see if there's a key on disk.
-- */
--static dns_dnsseckey_t *
--keythatsigned(dns_rdata_rrsig_t *rrsig) {
-- isc_result_t result;
-- dst_key_t *pubkey = NULL, *privkey = NULL;
-- dns_dnsseckey_t *key = NULL;
--
-- isc_rwlock_lock(&keylist_lock, isc_rwlocktype_read);
-- key = keythatsigned_unlocked(rrsig);
-- isc_rwlock_unlock(&keylist_lock, isc_rwlocktype_read);
-- if (key != NULL)
-- return (key);
--
-- /*
-- * We did not find the key in our list. Get a write lock now, since
-- * we may be modifying the bits. We could do the tryupgrade() dance,
-- * but instead just get a write lock and check once again to see if
-- * it is on our list. It's possible someone else may have added it
-- * after all.
-- */
-- isc_rwlock_lock(&keylist_lock, isc_rwlocktype_write);
-- key = keythatsigned_unlocked(rrsig);
-- if (key != NULL) {
-- isc_rwlock_unlock(&keylist_lock, isc_rwlocktype_write);
-- return (key);
-- }
--
-- result = dst_key_fromfile(&rrsig->signer, rrsig->keyid,
-- rrsig->algorithm, DST_TYPE_PUBLIC,
-- directory, mctx, &pubkey);
-- if (result != ISC_R_SUCCESS) {
-- isc_rwlock_unlock(&keylist_lock, isc_rwlocktype_write);
-- return (NULL);
-- }
--
-- result = dst_key_fromfile(&rrsig->signer, rrsig->keyid,
-- rrsig->algorithm,
-- DST_TYPE_PUBLIC | DST_TYPE_PRIVATE,
-- directory, mctx, &privkey);
-- if (result == ISC_R_SUCCESS) {
-- dst_key_free(&pubkey);
-- dns_dnsseckey_create(mctx, &privkey, &key);
- key->force_publish = ISC_TRUE;
- key->force_sign = ISC_FALSE;
-- } else {
-- dns_dnsseckey_create(mctx, &pubkey, &key);
- key->force_publish = ISC_TRUE;
- key->force_sign = ISC_FALSE;
-- }
- key->force_publish = ISC_TRUE;
- key->force_sign = ISC_FALSE;
-- ISC_LIST_APPEND(keylist, key, link);
--
-- isc_rwlock_unlock(&keylist_lock, isc_rwlocktype_write);
-- return (key);
--}
--
--/*%
-- * Check to see if we expect to find a key at this name. If we see a RRSIG
-- * and can't find the signing key that we expect to find, we drop the rrsig.
-- * I'm not sure if this is completely correct, but it seems to work.
-- */
--static isc_boolean_t
--expecttofindkey(dns_name_t *name) {
-- unsigned int options = DNS_DBFIND_NOWILD;
-- dns_fixedname_t fname;
-- isc_result_t result;
-- char namestr[DNS_NAME_FORMATSIZE];
--
-- dns_fixedname_init(&fname);
-- result = dns_db_find(gdb, name, gversion, dns_rdatatype_dnskey, options,
-- 0, NULL, dns_fixedname_name(&fname), NULL, NULL);
-- switch (result) {
-- case ISC_R_SUCCESS:
-- case DNS_R_NXDOMAIN:
-- case DNS_R_NXRRSET:
-- return (ISC_TRUE);
-- case DNS_R_DELEGATION:
-- case DNS_R_CNAME:
-- case DNS_R_DNAME:
-- return (ISC_FALSE);
-- }
-- dns_name_format(name, namestr, sizeof(namestr));
-- fatal("failure looking for '%s DNSKEY' in database: %s",
-- namestr, isc_result_totext(result));
-- return (ISC_FALSE); /* removes a warning */
--}
--
--static inline isc_boolean_t
- setverifies(dns_name_t *name, dns_rdataset_t *set, dst_key_t *key,
-setverifies(dns_name_t *name, dns_rdataset_t *set, dns_dnsseckey_t *key,
-- dns_rdata_t *rrsig)
--{
-- isc_result_t result;
- result = dns_dnssec_verify(name, set, key, ISC_FALSE, mctx, rrsig);
- result = dns_dnssec_verify(name, set, key->key, ISC_FALSE, mctx, rrsig);
-- if (result == ISC_R_SUCCESS) {
-- INCSTAT(nverified);
-- return (ISC_TRUE);
-- } else {
-- INCSTAT(nverifyfailed);
-- return (ISC_FALSE);
-- }
--}
--
--/*%
-- * Signs a set. Goes through contortions to decide if each RRSIG should
-- * be dropped or retained, and then determines if any new SIGs need to
-- * be generated.
-- */
--static void
--signset(dns_diff_t *del, dns_diff_t *add, dns_dbnode_t *node, dns_name_t *name,
-- dns_rdataset_t *set)
--{
-- dns_rdataset_t sigset;
-- dns_rdata_t sigrdata = DNS_RDATA_INIT;
-- dns_rdata_rrsig_t rrsig;
-- dns_dnsseckey_t *key;
-- isc_result_t result;
-- isc_boolean_t nosigs = ISC_FALSE;
-- isc_boolean_t *wassignedby, *nowsignedby;
-- int arraysize;
-- dns_difftuple_t *tuple;
-- dns_ttl_t ttl;
-- int i;
-- char namestr[DNS_NAME_FORMATSIZE];
-- char typestr[TYPE_FORMATSIZE];
-- char sigstr[SIG_FORMATSIZE];
--
-- dns_name_format(name, namestr, sizeof(namestr));
-- type_format(set->type, typestr, sizeof(typestr));
--
-- ttl = ISC_MIN(set->ttl, endtime - starttime);
--
-- dns_rdataset_init(&sigset);
-- result = dns_db_findrdataset(gdb, node, gversion, dns_rdatatype_rrsig,
-- set->type, 0, &sigset, NULL);
-- if (result == ISC_R_NOTFOUND) {
-- result = ISC_R_SUCCESS;
-- nosigs = ISC_TRUE;
-- }
-- if (result != ISC_R_SUCCESS)
-- fatal("failed while looking for '%s RRSIG %s': %s",
-- namestr, typestr, isc_result_totext(result));
--
-- vbprintf(1, "%s/%s:\n", namestr, typestr);
--
-- arraysize = keycount;
-- if (!nosigs)
-- arraysize += dns_rdataset_count(&sigset);
-- wassignedby = isc_mem_get(mctx, arraysize * sizeof(isc_boolean_t));
-- nowsignedby = isc_mem_get(mctx, arraysize * sizeof(isc_boolean_t));
-- if (wassignedby == NULL || nowsignedby == NULL)
-- fatal("out of memory");
--
-- for (i = 0; i < arraysize; i++)
-- wassignedby[i] = nowsignedby[i] = ISC_FALSE;
--
-- if (nosigs)
-- result = ISC_R_NOMORE;
-- else
-- result = dns_rdataset_first(&sigset);
--
-- while (result == ISC_R_SUCCESS) {
-- isc_boolean_t expired, future;
-- isc_boolean_t keep = ISC_FALSE, resign = ISC_FALSE;
--
-- dns_rdataset_current(&sigset, &sigrdata);
--
-- result = dns_rdata_tostruct(&sigrdata, &rrsig, NULL);
-- check_result(result, "dns_rdata_tostruct");
--
-- future = isc_serial_lt(now, rrsig.timesigned);
--
-- key = keythatsigned(&rrsig);
-- sig_format(&rrsig, sigstr, sizeof(sigstr));
-- if (key != NULL && issigningkey(key))
-- expired = isc_serial_gt(now + cycle, rrsig.timeexpire);
-- else
-- expired = isc_serial_gt(now, rrsig.timeexpire);
--
-- if (isc_serial_gt(rrsig.timesigned, rrsig.timeexpire)) {
-- /* rrsig is dropped and not replaced */
-- vbprintf(2, "\trrsig by %s dropped - "
-- "invalid validity period\n",
-- sigstr);
-- } else if (key == NULL && !future &&
-- expecttofindkey(&rrsig.signer)) {
-- /* rrsig is dropped and not replaced */
-- vbprintf(2, "\trrsig by %s dropped - "
-- "private dnskey not found\n",
-- sigstr);
-- } else if (key == NULL || future) {
-- vbprintf(2, "\trrsig by %s %s - dnskey not found\n",
-- expired ? "retained" : "dropped", sigstr);
-- if (!expired)
-- keep = ISC_TRUE;
-- } else if (issigningkey(key)) {
- if (!expired && setverifies(name, set, key->key,
- &sigrdata)) {
- if (!expired && setverifies(name, set, key, &sigrdata))
- {
-- vbprintf(2, "\trrsig by %s retained\n", sigstr);
-- keep = ISC_TRUE;
-- wassignedby[key->index] = ISC_TRUE;
-- nowsignedby[key->index] = ISC_TRUE;
-- } else {
-- vbprintf(2, "\trrsig by %s dropped - %s\n",
-- sigstr,
-- expired ? "expired" :
-- "failed to verify");
-- wassignedby[key->index] = ISC_TRUE;
-- resign = ISC_TRUE;
-- }
-- } else if (iszonekey(key)) {
- if (!expired && setverifies(name, set, key->key,
- &sigrdata)) {
- if (!expired && setverifies(name, set, key, &sigrdata))
- {
-- vbprintf(2, "\trrsig by %s retained\n", sigstr);
-- keep = ISC_TRUE;
-- wassignedby[key->index] = ISC_TRUE;
-- nowsignedby[key->index] = ISC_TRUE;
-- } else {
-- vbprintf(2, "\trrsig by %s dropped - %s\n",
-- sigstr,
-- expired ? "expired" :
-- "failed to verify");
-- wassignedby[key->index] = ISC_TRUE;
-- }
-- } else if (!expired) {
-- vbprintf(2, "\trrsig by %s retained\n", sigstr);
-- keep = ISC_TRUE;
-- } else {
-- vbprintf(2, "\trrsig by %s expired\n", sigstr);
-- }
--
-- if (keep) {
-- nowsignedby[key->index] = ISC_TRUE;
-- INCSTAT(nretained);
-- if (sigset.ttl != ttl) {
-- vbprintf(2, "\tfixing ttl %s\n", sigstr);
-- tuple = NULL;
-- result = dns_difftuple_create(mctx,
-- DNS_DIFFOP_DEL,
-- name, sigset.ttl,
-- &sigrdata,
-- &tuple);
-- check_result(result, "dns_difftuple_create");
-- dns_diff_append(del, &tuple);
-- result = dns_difftuple_create(mctx,
-- DNS_DIFFOP_ADD,
-- name, ttl,
-- &sigrdata,
-- &tuple);
-- check_result(result, "dns_difftuple_create");
-- dns_diff_append(add, &tuple);
-- }
-- } else {
-- tuple = NULL;
-- result = dns_difftuple_create(mctx, DNS_DIFFOP_DEL,
-- name, sigset.ttl,
-- &sigrdata, &tuple);
-- check_result(result, "dns_difftuple_create");
-- dns_diff_append(del, &tuple);
-- INCSTAT(ndropped);
-- }
--
-- if (resign) {
-- INSIST(!keep);
--
-- signwithkey(name, set, key->key, ttl, add,
-- "resigning with dnskey");
-- nowsignedby[key->index] = ISC_TRUE;
-- }
--
-- dns_rdata_reset(&sigrdata);
-- dns_rdata_freestruct(&rrsig);
-- result = dns_rdataset_next(&sigset);
-- }
-- if (result == ISC_R_NOMORE)
-- result = ISC_R_SUCCESS;
--
-- check_result(result, "dns_rdataset_first/next");
-- if (dns_rdataset_isassociated(&sigset))
-- dns_rdataset_disassociate(&sigset);
--
-- for (key = ISC_LIST_HEAD(keylist);
-- key != NULL;
-- key = ISC_LIST_NEXT(key, link))
-- {
-- if (nowsignedby[key->index])
-- continue;
--
-- if (!issigningkey(key))
-- continue;
--
-- if (iszsk(key) ||
-- (isksk(key) && set->type == dns_rdatatype_dnskey &&
-- dns_name_equal(name, gorigin))) {
-- signwithkey(name, set, key->key, ttl, add,
-- "signing with dnskey");
-- }
-- }
--
-- isc_mem_put(mctx, wassignedby, arraysize * sizeof(isc_boolean_t));
-- isc_mem_put(mctx, nowsignedby, arraysize * sizeof(isc_boolean_t));
--}
--
--struct hashlist {
-- unsigned char *hashbuf;
-- size_t entries;
-- size_t size;
-- size_t length;
--};
--
--static void
--hashlist_init(hashlist_t *l, unsigned int nodes, unsigned int length) {
--
-- l->entries = 0;
-- l->length = length + 1;
--
-- if (nodes != 0) {
-- l->size = nodes;
-- l->hashbuf = malloc(l->size * l->length);
-- if (l->hashbuf == NULL)
-- l->size = 0;
-- } else {
-- l->size = 0;
-- l->hashbuf = NULL;
-- }
--}
--
--static void
--hashlist_add(hashlist_t *l, const unsigned char *hash, size_t len)
--{
--
-- REQUIRE(len <= l->length);
--
-- if (l->entries == l->size) {
-- l->size = l->size * 2 + 100;
-- l->hashbuf = realloc(l->hashbuf, l->size * l->length);
-- }
-- memset(l->hashbuf + l->entries * l->length, 0, l->length);
-- memcpy(l->hashbuf + l->entries * l->length, hash, len);
-- l->entries++;
--}
--
--static void
--hashlist_add_dns_name(hashlist_t *l, /*const*/ dns_name_t *name,
-- unsigned int hashalg, unsigned int iterations,
-- const unsigned char *salt, size_t salt_length,
-- isc_boolean_t speculative)
--{
-- char nametext[DNS_NAME_FORMATSIZE];
-- unsigned char hash[NSEC3_MAX_HASH_LENGTH + 1];
-- unsigned int len;
-- size_t i;
--
-- len = isc_iterated_hash(hash, hashalg, iterations, salt, salt_length,
-- name->ndata, name->length);
-- if (verbose) {
-- dns_name_format(name, nametext, sizeof nametext);
-- for (i = 0 ; i < len; i++)
-- fprintf(stderr, "%02x", hash[i]);
-- fprintf(stderr, " %s\n", nametext);
-- }
-- hash[len++] = speculative ? 1 : 0;
-- hashlist_add(l, hash, len);
--}
--
--static int
--hashlist_comp(const void *a, const void *b) {
-- return (memcmp(a, b, hash_length + 1));
--}
--
--static void
--hashlist_sort(hashlist_t *l) {
-- qsort(l->hashbuf, l->entries, l->length, hashlist_comp);
--}
--
--static isc_boolean_t
--hashlist_hasdup(hashlist_t *l) {
-- unsigned char *current;
-- unsigned char *next = l->hashbuf;
-- size_t entries = l->entries;
--
-- /*
-- * Skip initial speculative wild card hashs.
-- */
-- while (entries > 0U && next[l->length-1] != 0U) {
-- next += l->length;
-- entries--;
-- }
--
-- current = next;
-- while (entries-- > 1U) {
-- next += l->length;
-- if (next[l->length-1] != 0)
-- continue;
-- if (memcmp(current, next, l->length - 1) == 0)
-- return (ISC_TRUE);
-- current = next;
-- }
-- return (ISC_FALSE);
--}
--
--static const unsigned char *
--hashlist_findnext(const hashlist_t *l,
-- const unsigned char hash[NSEC3_MAX_HASH_LENGTH])
--{
-- unsigned int entries = l->entries;
-- const unsigned char *next = bsearch(hash, l->hashbuf, l->entries,
-- l->length, hashlist_comp);
-- INSIST(next != NULL);
--
-- do {
-- if (next < l->hashbuf + (l->entries - 1) * l->length)
-- next += l->length;
-- else
-- next = l->hashbuf;
-- if (next[l->length - 1] == 0)
-- break;
-- } while (entries-- > 1);
-- INSIST(entries != 0);
-- return (next);
--}
--
--static isc_boolean_t
--hashlist_exists(const hashlist_t *l,
-- const unsigned char hash[NSEC3_MAX_HASH_LENGTH])
--{
-- if (bsearch(hash, l->hashbuf, l->entries, l->length, hashlist_comp))
-- return (ISC_TRUE);
-- else
-- return (ISC_FALSE);
--}
--
--static void
--addnowildcardhash(hashlist_t *l, /*const*/ dns_name_t *name,
-- unsigned int hashalg, unsigned int iterations,
-- const unsigned char *salt, size_t salt_length)
--{
-- dns_fixedname_t fixed;
-- dns_name_t *wild;
-- dns_dbnode_t *node = NULL;
-- isc_result_t result;
-- char namestr[DNS_NAME_FORMATSIZE];
--
-- dns_fixedname_init(&fixed);
-- wild = dns_fixedname_name(&fixed);
--
-- result = dns_name_concatenate(dns_wildcardname, name, wild, NULL);
-- if (result == ISC_R_NOSPACE)
-- return;
-- check_result(result,"addnowildcardhash: dns_name_concatenate()");
--
-- result = dns_db_findnode(gdb, wild, ISC_FALSE, &node);
-- if (result == ISC_R_SUCCESS) {
-- dns_db_detachnode(gdb, &node);
-- return;
-- }
--
-- if (verbose) {
-- dns_name_format(wild, namestr, sizeof(namestr));
-- fprintf(stderr, "adding no-wildcardhash for %s\n", namestr);
-- }
--
-- hashlist_add_dns_name(l, wild, hashalg, iterations, salt, salt_length,
-- ISC_TRUE);
--}
--
--static void
--opendb(const char *prefix, dns_name_t *name, dns_rdataclass_t rdclass,
-- dns_db_t **dbp)
--{
-- char filename[PATH_MAX];
-- isc_buffer_t b;
-- isc_result_t result;
--
-- isc_buffer_init(&b, filename, sizeof(filename));
-- if (dsdir != NULL) {
-- /* allow room for a trailing slash */
-- if (strlen(dsdir) >= isc_buffer_availablelength(&b))
-- fatal("path '%s' is too long", dsdir);
-- isc_buffer_putstr(&b, dsdir);
-- if (dsdir[strlen(dsdir) - 1] != '/')
-- isc_buffer_putstr(&b, "/");
-- }
-- if (strlen(prefix) > isc_buffer_availablelength(&b))
-- fatal("path '%s' is too long", dsdir);
-- isc_buffer_putstr(&b, prefix);
-- result = dns_name_tofilenametext(name, ISC_FALSE, &b);
-- check_result(result, "dns_name_tofilenametext()");
-- if (isc_buffer_availablelength(&b) == 0) {
-- char namestr[DNS_NAME_FORMATSIZE];
-- dns_name_format(name, namestr, sizeof(namestr));
-- fatal("name '%s' is too long", namestr);
-- }
-- isc_buffer_putuint8(&b, 0);
--
-- result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
-- rdclass, 0, NULL, dbp);
-- check_result(result, "dns_db_create()");
--
-- result = dns_db_load3(*dbp, filename, inputformat, DNS_MASTER_HINT);
-- if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
-- dns_db_detach(dbp);
--}
--
--/*%
-- * Load the DS set for a child zone, if a dsset-* file can be found.
-- * If not, try to find a keyset-* file from an earlier version of
-- * dnssec-signzone, and build DS records from that.
-- */
--static isc_result_t
--loadds(dns_name_t *name, isc_uint32_t ttl, dns_rdataset_t *dsset) {
-- dns_db_t *db = NULL;
-- dns_dbversion_t *ver = NULL;
-- dns_dbnode_t *node = NULL;
-- isc_result_t result;
-- dns_rdataset_t keyset;
-- dns_rdata_t key, ds;
-- unsigned char dsbuf[DNS_DS_BUFFERSIZE];
-- dns_diff_t diff;
-- dns_difftuple_t *tuple = NULL;
--
-- opendb("dsset-", name, gclass, &db);
-- if (db != NULL) {
-- result = dns_db_findnode(db, name, ISC_FALSE, &node);
-- if (result == ISC_R_SUCCESS) {
-- dns_rdataset_init(dsset);
-- result = dns_db_findrdataset(db, node, NULL,
-- dns_rdatatype_ds, 0, 0,
-- dsset, NULL);
-- dns_db_detachnode(db, &node);
-- if (result == ISC_R_SUCCESS) {
-- vbprintf(2, "found DS records\n");
-- dsset->ttl = ttl;
-- dns_db_detach(&db);
-- return (result);
-- }
-- }
-- dns_db_detach(&db);
-- }
--
-- /* No DS records found; try again, looking for DNSKEY records */
-- opendb("keyset-", name, gclass, &db);
-- if (db == NULL) {
-- return (ISC_R_NOTFOUND);
-- }
--
-- result = dns_db_findnode(db, name, ISC_FALSE, &node);
-- if (result != ISC_R_SUCCESS) {
-- dns_db_detach(&db);
-- return (result);
-- }
--
-- dns_rdataset_init(&keyset);
-- result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_dnskey, 0, 0,
-- &keyset, NULL);
-- if (result != ISC_R_SUCCESS) {
-- dns_db_detachnode(db, &node);
-- dns_db_detach(&db);
-- return (result);
-- }
-- vbprintf(2, "found DNSKEY records\n");
--
-- result = dns_db_newversion(db, &ver);
-- check_result(result, "dns_db_newversion");
-- dns_diff_init(mctx, &diff);
--
-- for (result = dns_rdataset_first(&keyset);
-- result == ISC_R_SUCCESS;
-- result = dns_rdataset_next(&keyset))
-- {
-- dns_rdata_init(&key);
-- dns_rdata_init(&ds);
-- dns_rdataset_current(&keyset, &key);
-- result = dns_ds_buildrdata(name, &key, DNS_DSDIGEST_SHA1,
-- dsbuf, &ds);
-- check_result(result, "dns_ds_buildrdata");
--
-- result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name,
-- ttl, &ds, &tuple);
-- check_result(result, "dns_difftuple_create");
-- dns_diff_append(&diff, &tuple);
--
-- dns_rdata_reset(&ds);
-- result = dns_ds_buildrdata(name, &key, DNS_DSDIGEST_SHA256,
-- dsbuf, &ds);
-- check_result(result, "dns_ds_buildrdata");
--
-- result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD, name,
-- ttl, &ds, &tuple);
-- check_result(result, "dns_difftuple_create");
-- dns_diff_append(&diff, &tuple);
-- }
--
-- result = dns_diff_apply(&diff, db, ver);
-- check_result(result, "dns_diff_apply");
-- dns_diff_clear(&diff);
--
-- dns_db_closeversion(db, &ver, ISC_TRUE);
--
-- result = dns_db_findrdataset(db, node, NULL, dns_rdatatype_ds, 0, 0,
-- dsset, NULL);
-- check_result(result, "dns_db_findrdataset");
--
-- dns_rdataset_disassociate(&keyset);
-- dns_db_detachnode(db, &node);
-- dns_db_detach(&db);
-- return (result);
--}
--
--static isc_boolean_t
--delegation(dns_name_t *name, dns_dbnode_t *node, isc_uint32_t *ttlp) {
-- dns_rdataset_t nsset;
-- isc_result_t result;
--
-- if (dns_name_equal(name, gorigin))
-- return (ISC_FALSE);
--
-- dns_rdataset_init(&nsset);
-- result = dns_db_findrdataset(gdb, node, gversion, dns_rdatatype_ns,
-- 0, 0, &nsset, NULL);
-- if (dns_rdataset_isassociated(&nsset)) {
-- if (ttlp != NULL)
-- *ttlp = nsset.ttl;
-- dns_rdataset_disassociate(&nsset);
-- }
--
-- return (ISC_TF(result == ISC_R_SUCCESS));
--}
--
--static isc_boolean_t
--secure(dns_name_t *name, dns_dbnode_t *node) {
-- dns_rdataset_t dsset;
-- isc_result_t result;
--
-- if (dns_name_equal(name, gorigin))
-- return (ISC_FALSE);
--
-- dns_rdataset_init(&dsset);
-- result = dns_db_findrdataset(gdb, node, gversion, dns_rdatatype_ds,
-- 0, 0, &dsset, NULL);
-- if (dns_rdataset_isassociated(&dsset))
-- dns_rdataset_disassociate(&dsset);
--
-- return (ISC_TF(result == ISC_R_SUCCESS));
--}
--
--/*%
-- * Signs all records at a name.
-- */
--static void
--signname(dns_dbnode_t *node, dns_name_t *name) {
-- isc_result_t result;
-- dns_rdataset_t rdataset;
-- dns_rdatasetiter_t *rdsiter;
-- isc_boolean_t isdelegation = ISC_FALSE;
-- dns_diff_t del, add;
-- char namestr[DNS_NAME_FORMATSIZE];
--
-- dns_rdataset_init(&rdataset);
-- dns_name_format(name, namestr, sizeof(namestr));
--
-- /*
-- * Determine if this is a delegation point.
-- */
-- if (delegation(name, node, NULL))
-- isdelegation = ISC_TRUE;
--
-- /*
-- * Now iterate through the rdatasets.
-- */
-- dns_diff_init(mctx, &del);
-- dns_diff_init(mctx, &add);
-- rdsiter = NULL;
-- result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
-- check_result(result, "dns_db_allrdatasets()");
-- result = dns_rdatasetiter_first(rdsiter);
-- while (result == ISC_R_SUCCESS) {
-- dns_rdatasetiter_current(rdsiter, &rdataset);
--
-- /* If this is a RRSIG set, skip it. */
-- if (rdataset.type == dns_rdatatype_rrsig)
-- goto skip;
--
-- /*
-- * If this name is a delegation point, skip all records
-- * except NSEC and DS sets. Otherwise check that there
-- * isn't a DS record.
-- */
-- if (isdelegation) {
-- if (rdataset.type != nsec_datatype &&
-- rdataset.type != dns_rdatatype_ds)
-- goto skip;
-- } else if (rdataset.type == dns_rdatatype_ds) {
-- char namebuf[DNS_NAME_FORMATSIZE];
-- dns_name_format(name, namebuf, sizeof(namebuf));
-- fatal("'%s': found DS RRset without NS RRset\n",
-- namebuf);
-- }
--
-- signset(&del, &add, node, name, &rdataset);
--
-- skip:
-- dns_rdataset_disassociate(&rdataset);
-- result = dns_rdatasetiter_next(rdsiter);
-- }
-- if (result != ISC_R_NOMORE)
-- fatal("rdataset iteration for name '%s' failed: %s",
-- namestr, isc_result_totext(result));
--
-- dns_rdatasetiter_destroy(&rdsiter);
--
-- result = dns_diff_applysilently(&del, gdb, gversion);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to delete SIGs at node '%s': %s",
-- namestr, isc_result_totext(result));
--
-- result = dns_diff_applysilently(&add, gdb, gversion);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to add SIGs at node '%s': %s",
-- namestr, isc_result_totext(result));
--
-- dns_diff_clear(&del);
-- dns_diff_clear(&add);
--}
--
--static inline isc_boolean_t
--active_node(dns_dbnode_t *node) {
-- dns_rdatasetiter_t *rdsiter = NULL;
-- dns_rdatasetiter_t *rdsiter2 = NULL;
-- isc_boolean_t active = ISC_FALSE;
-- isc_result_t result;
-- dns_rdataset_t rdataset;
-- dns_rdatatype_t type;
-- dns_rdatatype_t covers;
-- isc_boolean_t found;
--
-- dns_rdataset_init(&rdataset);
-- result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
-- check_result(result, "dns_db_allrdatasets()");
-- result = dns_rdatasetiter_first(rdsiter);
-- while (result == ISC_R_SUCCESS) {
-- dns_rdatasetiter_current(rdsiter, &rdataset);
-- if (rdataset.type != dns_rdatatype_nsec &&
-- rdataset.type != dns_rdatatype_nsec3 &&
-- rdataset.type != dns_rdatatype_rrsig)
-- active = ISC_TRUE;
-- dns_rdataset_disassociate(&rdataset);
-- if (!active)
-- result = dns_rdatasetiter_next(rdsiter);
-- else
-- result = ISC_R_NOMORE;
-- }
-- if (result != ISC_R_NOMORE)
-- fatal("rdataset iteration failed: %s",
-- isc_result_totext(result));
--
-- if (!active && nsec_datatype == dns_rdatatype_nsec) {
-- /*%
-- * The node is empty of everything but NSEC / RRSIG records.
-- */
-- for (result = dns_rdatasetiter_first(rdsiter);
-- result == ISC_R_SUCCESS;
-- result = dns_rdatasetiter_next(rdsiter)) {
-- dns_rdatasetiter_current(rdsiter, &rdataset);
-- result = dns_db_deleterdataset(gdb, node, gversion,
-- rdataset.type,
-- rdataset.covers);
-- check_result(result, "dns_db_deleterdataset()");
-- dns_rdataset_disassociate(&rdataset);
-- }
-- if (result != ISC_R_NOMORE)
-- fatal("rdataset iteration failed: %s",
-- isc_result_totext(result));
-- } else {
-- /*
-- * Delete RRSIGs for types that no longer exist.
-- */
-- result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter2);
-- check_result(result, "dns_db_allrdatasets()");
-- for (result = dns_rdatasetiter_first(rdsiter);
-- result == ISC_R_SUCCESS;
-- result = dns_rdatasetiter_next(rdsiter)) {
-- dns_rdatasetiter_current(rdsiter, &rdataset);
-- type = rdataset.type;
-- covers = rdataset.covers;
-- dns_rdataset_disassociate(&rdataset);
- /*
- * Delete the NSEC chain if we are signing with
- * NSEC3.
- */
- if (nsec_datatype == dns_rdatatype_nsec3 &&
- (type == dns_rdatatype_nsec ||
- covers == dns_rdatatype_nsec)) {
- result = dns_db_deleterdataset(gdb, node,
- gversion, type,
- covers);
- check_result(result,
- "dns_db_deleterdataset(nsec/rrsig)");
- continue;
- }
-- if (type != dns_rdatatype_rrsig)
-- continue;
-- found = ISC_FALSE;
-- for (result = dns_rdatasetiter_first(rdsiter2);
-- !found && result == ISC_R_SUCCESS;
-- result = dns_rdatasetiter_next(rdsiter2)) {
-- dns_rdatasetiter_current(rdsiter2, &rdataset);
-- if (rdataset.type == covers)
-- found = ISC_TRUE;
-- dns_rdataset_disassociate(&rdataset);
-- }
-- if (!found) {
-- if (result != ISC_R_NOMORE)
-- fatal("rdataset iteration failed: %s",
-- isc_result_totext(result));
-- result = dns_db_deleterdataset(gdb, node,
-- gversion, type,
-- covers);
-- check_result(result,
-- "dns_db_deleterdataset(rrsig)");
-- } else if (result != ISC_R_NOMORE &&
-- result != ISC_R_SUCCESS)
-- fatal("rdataset iteration failed: %s",
-- isc_result_totext(result));
-- }
-- if (result != ISC_R_NOMORE)
-- fatal("rdataset iteration failed: %s",
-- isc_result_totext(result));
-- dns_rdatasetiter_destroy(&rdsiter2);
-
-#if 0
- /*
- * Delete all NSEC records and RRSIG(NSEC) if we are in
- * NSEC3 mode and vica versa.
- */
- for (result = dns_rdatasetiter_first(rdsiter2);
- result == ISC_R_SUCCESS;
- result = dns_rdatasetiter_next(rdsiter2)) {
- dns_rdatasetiter_current(rdsiter, &rdataset);
- type = rdataset.type;
- covers = rdataset.covers;
- if (type == dns_rdatatype_rrsig)
- type = covers;
- dns_rdataset_disassociate(&rdataset);
- if (type == nsec_datatype ||
- (type != dns_rdatatype_nsec &&
- type != dns_rdatatype_nsec3))
- continue;
- if (covers != 0)
- type = dns_rdatatype_rrsig;
- result = dns_db_deleterdataset(gdb, node, gversion,
- type, covers);
- check_result(result, "dns_db_deleterdataset()");
- }
-#endif
-- }
-- dns_rdatasetiter_destroy(&rdsiter);
--
-- return (active);
--}
--
--/*%
-- * Extracts the minimum TTL from the SOA record, and the SOA record's TTL.
-- */
--static void
--get_soa_ttls(void) {
-- dns_rdataset_t soaset;
-- dns_fixedname_t fname;
-- dns_name_t *name;
-- isc_result_t result;
-- dns_rdata_t rdata = DNS_RDATA_INIT;
--
-- dns_fixedname_init(&fname);
-- name = dns_fixedname_name(&fname);
-- dns_rdataset_init(&soaset);
-- result = dns_db_find(gdb, gorigin, gversion, dns_rdatatype_soa,
-- 0, 0, NULL, name, &soaset, NULL);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to find an SOA at the zone apex: %s",
-- isc_result_totext(result));
--
-- result = dns_rdataset_first(&soaset);
-- check_result(result, "dns_rdataset_first");
-- dns_rdataset_current(&soaset, &rdata);
-- zone_soa_min_ttl = dns_soa_getminimum(&rdata);
-- soa_ttl = soaset.ttl;
-- dns_rdataset_disassociate(&soaset);
--}
--
--/*%
-- * Increment (or set if nonzero) the SOA serial
-- */
--static isc_result_t
--setsoaserial(isc_uint32_t serial) {
-- isc_result_t result;
-- dns_dbnode_t *node = NULL;
-- dns_rdataset_t rdataset;
-- dns_rdata_t rdata = DNS_RDATA_INIT;
-- isc_uint32_t old_serial, new_serial;
--
-- result = dns_db_getoriginnode(gdb, &node);
-- if (result != ISC_R_SUCCESS)
-- return result;
--
-- dns_rdataset_init(&rdataset);
--
-- result = dns_db_findrdataset(gdb, node, gversion,
-- dns_rdatatype_soa, 0,
-- 0, &rdataset, NULL);
-- if (result != ISC_R_SUCCESS)
-- goto cleanup;
--
-- result = dns_rdataset_first(&rdataset);
-- RUNTIME_CHECK(result == ISC_R_SUCCESS);
--
-- dns_rdataset_current(&rdataset, &rdata);
--
-- old_serial = dns_soa_getserial(&rdata);
--
-- if (serial) {
-- /* Set SOA serial to the value provided. */
-- new_serial = serial;
-- } else {
-- /* Increment SOA serial using RFC 1982 arithmetics */
-- new_serial = (old_serial + 1) & 0xFFFFFFFF;
-- if (new_serial == 0)
-- new_serial = 1;
-- }
--
-- /* If the new serial is not likely to cause a zone transfer
-- * (a/ixfr) from servers having the old serial, warn the user.
-- *
-- * RFC1982 section 7 defines the maximum increment to be
-- * (2^(32-1))-1. Using u_int32_t arithmetic, we can do a single
-- * comparison. (5 - 6 == (2^32)-1, not negative-one)
-- */
-- if (new_serial == old_serial ||
-- (new_serial - old_serial) > 0x7fffffffU)
-- fprintf(stderr, "%s: warning: Serial number not advanced, "
-- "zone may not transfer\n", program);
--
-- dns_soa_setserial(new_serial, &rdata);
--
-- result = dns_db_deleterdataset(gdb, node, gversion,
-- dns_rdatatype_soa, 0);
-- check_result(result, "dns_db_deleterdataset");
-- if (result != ISC_R_SUCCESS)
-- goto cleanup;
--
-- result = dns_db_addrdataset(gdb, node, gversion,
-- 0, &rdataset, 0, NULL);
-- check_result(result, "dns_db_addrdataset");
-- if (result != ISC_R_SUCCESS)
-- goto cleanup;
--
--cleanup:
-- dns_rdataset_disassociate(&rdataset);
-- if (node != NULL)
-- dns_db_detachnode(gdb, &node);
-- dns_rdata_reset(&rdata);
--
-- return (result);
--}
--
--/*%
-- * Delete any RRSIG records at a node.
-- */
--static void
--cleannode(dns_db_t *db, dns_dbversion_t *version, dns_dbnode_t *node) {
-- dns_rdatasetiter_t *rdsiter = NULL;
-- dns_rdataset_t set;
-- isc_result_t result, dresult;
--
-- if (outputformat != dns_masterformat_text || !disable_zone_check)
-- return;
--
-- dns_rdataset_init(&set);
-- result = dns_db_allrdatasets(db, node, version, 0, &rdsiter);
-- check_result(result, "dns_db_allrdatasets");
-- result = dns_rdatasetiter_first(rdsiter);
-- while (result == ISC_R_SUCCESS) {
-- isc_boolean_t destroy = ISC_FALSE;
-- dns_rdatatype_t covers = 0;
-- dns_rdatasetiter_current(rdsiter, &set);
-- if (set.type == dns_rdatatype_rrsig) {
-- covers = set.covers;
-- destroy = ISC_TRUE;
-- }
-- dns_rdataset_disassociate(&set);
-- result = dns_rdatasetiter_next(rdsiter);
-- if (destroy) {
-- dresult = dns_db_deleterdataset(db, node, version,
-- dns_rdatatype_rrsig,
-- covers);
-- check_result(dresult, "dns_db_deleterdataset");
-- }
-- }
-- if (result != ISC_R_NOMORE)
-- fatal("rdataset iteration failed: %s",
-- isc_result_totext(result));
-- dns_rdatasetiter_destroy(&rdsiter);
--}
--
--/*%
-- * Set up the iterator and global state before starting the tasks.
-- */
--static void
--presign(void) {
-- isc_result_t result;
--
-- gdbiter = NULL;
-- result = dns_db_createiterator(gdb, 0, &gdbiter);
-- check_result(result, "dns_db_createiterator()");
--}
--
--/*%
-- * Clean up the iterator and global state after the tasks complete.
-- */
--static void
--postsign(void) {
-- dns_dbiterator_destroy(&gdbiter);
--}
--
--static isc_boolean_t
--goodsig(dns_rdata_t *sigrdata, dns_name_t *name, dns_rdataset_t *keyrdataset,
-- dns_rdataset_t *rdataset)
--{
-- dns_rdata_dnskey_t key;
-- dns_rdata_rrsig_t sig;
-- dst_key_t *dstkey = NULL;
-- isc_result_t result;
--
-- dns_rdata_tostruct(sigrdata, &sig, NULL);
--
-- for (result = dns_rdataset_first(keyrdataset);
-- result == ISC_R_SUCCESS;
-- result = dns_rdataset_next(keyrdataset)) {
-- dns_rdata_t rdata = DNS_RDATA_INIT;
-- dns_rdataset_current(keyrdataset, &rdata);
-- dns_rdata_tostruct(&rdata, &key, NULL);
-- result = dns_dnssec_keyfromrdata(gorigin, &rdata, mctx,
-- &dstkey);
-- if (result != ISC_R_SUCCESS)
-- return (ISC_FALSE);
-- if (sig.algorithm != key.algorithm ||
-- sig.keyid != dst_key_id(dstkey) ||
-- !dns_name_equal(&sig.signer, gorigin)) {
-- dst_key_free(&dstkey);
-- continue;
-- }
-- result = dns_dnssec_verify(name, rdataset, dstkey, ISC_FALSE,
-- mctx, sigrdata);
-- dst_key_free(&dstkey);
-- if (result == ISC_R_SUCCESS)
-- return(ISC_TRUE);
-- }
-- return (ISC_FALSE);
--}
--
--static void
--verifyset(dns_rdataset_t *rdataset, dns_name_t *name, dns_dbnode_t *node,
-- dns_rdataset_t *keyrdataset, unsigned char *ksk_algorithms,
-- unsigned char *bad_algorithms)
--{
-- unsigned char set_algorithms[256];
-- char namebuf[DNS_NAME_FORMATSIZE];
-- char algbuf[80];
-- char typebuf[80];
-- dns_rdataset_t sigrdataset;
-- dns_rdatasetiter_t *rdsiter = NULL;
-- isc_result_t result;
-- int i;
--
-- dns_rdataset_init(&sigrdataset);
-- result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
-- check_result(result, "dns_db_allrdatasets()");
-- for (result = dns_rdatasetiter_first(rdsiter);
-- result == ISC_R_SUCCESS;
-- result = dns_rdatasetiter_next(rdsiter)) {
-- dns_rdatasetiter_current(rdsiter, &sigrdataset);
-- if (sigrdataset.type == dns_rdatatype_rrsig &&
-- sigrdataset.covers == rdataset->type)
-- break;
-- dns_rdataset_disassociate(&sigrdataset);
-- }
-- if (result != ISC_R_SUCCESS) {
-- dns_name_format(name, namebuf, sizeof(namebuf));
-- type_format(rdataset->type, typebuf, sizeof(typebuf));
-- fprintf(stderr, "no signatures for %s/%s\n", namebuf, typebuf);
-- for (i = 0; i < 256; i++)
-- if (ksk_algorithms[i] != 0)
-- bad_algorithms[i] = 1;
-- return;
-- }
--
-- memset(set_algorithms, 0, sizeof(set_algorithms));
-- for (result = dns_rdataset_first(&sigrdataset);
-- result == ISC_R_SUCCESS;
-- result = dns_rdataset_next(&sigrdataset)) {
-- dns_rdata_t rdata = DNS_RDATA_INIT;
-- dns_rdata_rrsig_t sig;
--
-- dns_rdataset_current(&sigrdataset, &rdata);
-- dns_rdata_tostruct(&rdata, &sig, NULL);
-- if ((set_algorithms[sig.algorithm] != 0) ||
-- (ksk_algorithms[sig.algorithm] == 0))
-- continue;
-- if (goodsig(&rdata, name, keyrdataset, rdataset))
-- set_algorithms[sig.algorithm] = 1;
-- }
-- dns_rdatasetiter_destroy(&rdsiter);
-- if (memcmp(set_algorithms, ksk_algorithms, sizeof(set_algorithms))) {
-- dns_name_format(name, namebuf, sizeof(namebuf));
-- type_format(rdataset->type, typebuf, sizeof(typebuf));
-- for (i = 0; i < 256; i++)
-- if ((ksk_algorithms[i] != 0) &&
-- (set_algorithms[i] == 0)) {
-- alg_format(i, algbuf, sizeof(algbuf));
-- fprintf(stderr, "Missing %s signature for "
-- "%s %s\n", algbuf, namebuf, typebuf);
-- bad_algorithms[i] = 1;
-- }
-- }
-- dns_rdataset_disassociate(&sigrdataset);
--}
--
--static void
--verifynode(dns_name_t *name, dns_dbnode_t *node, isc_boolean_t delegation,
-- dns_rdataset_t *keyrdataset, unsigned char *ksk_algorithms,
-- unsigned char *bad_algorithms)
--{
-- dns_rdataset_t rdataset;
-- dns_rdatasetiter_t *rdsiter = NULL;
-- isc_result_t result;
--
-- result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
-- check_result(result, "dns_db_allrdatasets()");
-- result = dns_rdatasetiter_first(rdsiter);
-- dns_rdataset_init(&rdataset);
-- while (result == ISC_R_SUCCESS) {
-- dns_rdatasetiter_current(rdsiter, &rdataset);
-- if (rdataset.type != dns_rdatatype_rrsig &&
-- rdataset.type != dns_rdatatype_dnskey &&
-- (!delegation || rdataset.type == dns_rdatatype_ds ||
-- rdataset.type == dns_rdatatype_nsec)) {
-- verifyset(&rdataset, name, node, keyrdataset,
-- ksk_algorithms, bad_algorithms);
-- }
-- dns_rdataset_disassociate(&rdataset);
-- result = dns_rdatasetiter_next(rdsiter);
-- }
-- if (result != ISC_R_NOMORE)
-- fatal("rdataset iteration failed: %s",
-- isc_result_totext(result));
-- dns_rdatasetiter_destroy(&rdsiter);
--}
--
--/*%
-- * Verify that certain things are sane:
-- *
-- * The apex has a DNSKEY record with at least one KSK and at least
-- * one ZSK.
-- *
-- * The DNSKEY record was signed with at least one of the KSKs in this
-- * set.
-- *
-- * The rest of the zone was signed with at least one of the ZSKs
-- * present in the DNSKEY RRSET.
-- */
--static void
--verifyzone(void) {
-- char algbuf[80];
-- dns_dbiterator_t *dbiter = NULL;
-- dns_dbnode_t *node = NULL, *nextnode = NULL;
-- dns_fixedname_t fname, fnextname, fzonecut;
-- dns_name_t *name, *nextname, *zonecut;
-- dns_rdata_dnskey_t dnskey;
-- dns_rdata_t rdata = DNS_RDATA_INIT;
-- dns_rdataset_t rdataset;
-- dns_rdataset_t sigrdataset;
-- int i;
-- isc_boolean_t done = ISC_FALSE;
-- isc_boolean_t first = ISC_TRUE;
-- isc_boolean_t goodksk = ISC_FALSE;
-- isc_boolean_t goodzsk = ISC_FALSE;
-- isc_result_t result;
- unsigned char revoked_ksk[256];
- unsigned char revoked_zsk[256];
- unsigned char standby_ksk[256];
- unsigned char standby_zsk[256];
- unsigned char revoked[256];
- unsigned char standby[256];
-- unsigned char ksk_algorithms[256];
-- unsigned char zsk_algorithms[256];
-- unsigned char bad_algorithms[256];
--#ifdef ALLOW_KSKLESS_ZONES
-- isc_boolean_t allzsksigned = ISC_TRUE;
-- unsigned char self_algorithms[256];
--#endif
--
-- if (disable_zone_check)
-- return;
--
-- result = dns_db_findnode(gdb, gorigin, ISC_FALSE, &node);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to find the zone's origin: %s",
-- isc_result_totext(result));
--
-- dns_rdataset_init(&rdataset);
-- dns_rdataset_init(&sigrdataset);
-- result = dns_db_findrdataset(gdb, node, gversion,
-- dns_rdatatype_dnskey,
-- 0, 0, &rdataset, &sigrdataset);
-- dns_db_detachnode(gdb, &node);
-- if (result != ISC_R_SUCCESS)
-- fatal("cannot find DNSKEY rrset\n");
--
-- if (!dns_rdataset_isassociated(&sigrdataset))
-- fatal("cannot find DNSKEY RRSIGs\n");
--
- memset(revoked_ksk, 0, sizeof(revoked_ksk));
- memset(revoked_zsk, 0, sizeof(revoked_zsk));
- memset(standby_ksk, 0, sizeof(standby_ksk));
- memset(standby_zsk, 0, sizeof(standby_zsk));
- memset(revoked, 0, sizeof(revoked));
- memset(standby, 0, sizeof(revoked));
-- memset(ksk_algorithms, 0, sizeof(ksk_algorithms));
-- memset(zsk_algorithms, 0, sizeof(zsk_algorithms));
-- memset(bad_algorithms, 0, sizeof(bad_algorithms));
--#ifdef ALLOW_KSKLESS_ZONES
-- memset(self_algorithms, 0, sizeof(self_algorithms));
--#endif
--
-- /*
-- * Check that the DNSKEY RR has at least one self signing KSK and
-- * one ZSK per algorithm in it.
-- */
-- for (result = dns_rdataset_first(&rdataset);
-- result == ISC_R_SUCCESS;
-- result = dns_rdataset_next(&rdataset)) {
-- dns_rdataset_current(&rdataset, &rdata);
-- result = dns_rdata_tostruct(&rdata, &dnskey, NULL);
-- check_result(result, "dns_rdata_tostruct");
--
-- if ((dnskey.flags & DNS_KEYOWNER_ZONE) == 0)
-- ;
-- else if ((dnskey.flags & DNS_KEYFLAG_REVOKE) != 0) {
-- if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0 &&
-- !dns_dnssec_selfsigns(&rdata, gorigin, &rdataset,
-- &sigrdataset, ISC_FALSE,
-- mctx)) {
-- char namebuf[DNS_NAME_FORMATSIZE];
-- char buffer[1024];
-- isc_buffer_t buf;
--
-- dns_name_format(gorigin, namebuf,
-- sizeof(namebuf));
-- isc_buffer_init(&buf, buffer, sizeof(buffer));
-- result = dns_rdata_totext(&rdata, NULL, &buf);
-- check_result(result, "dns_rdata_totext");
-- fatal("revoked KSK is not self signed:\n"
-- "%s DNSKEY %.*s", namebuf,
-- (int)isc_buffer_usedlength(&buf), buffer);
-- }
-- if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0 &&
- revoked_ksk[dnskey.algorithm] != 255)
- revoked_ksk[dnskey.algorithm]++;
- else if ((dnskey.flags & DNS_KEYFLAG_KSK) == 0 &&
- revoked_zsk[dnskey.algorithm] != 255)
- revoked_zsk[dnskey.algorithm]++;
- revoked[dnskey.algorithm] != 255)
- revoked[dnskey.algorithm]++;
-- } else if ((dnskey.flags & DNS_KEYFLAG_KSK) != 0) {
-- if (dns_dnssec_selfsigns(&rdata, gorigin, &rdataset,
-- &sigrdataset, ISC_FALSE, mctx)) {
-- if (ksk_algorithms[dnskey.algorithm] != 255)
-- ksk_algorithms[dnskey.algorithm]++;
-- goodksk = ISC_TRUE;
-- } else {
- if (standby_ksk[dnskey.algorithm] != 255)
- standby_ksk[dnskey.algorithm]++;
- if (standby[dnskey.algorithm] != 255)
- standby[dnskey.algorithm]++;
-- }
-- } else if (dns_dnssec_selfsigns(&rdata, gorigin, &rdataset,
-- &sigrdataset, ISC_FALSE,
-- mctx)) {
--#ifdef ALLOW_KSKLESS_ZONES
-- if (self_algorithms[dnskey.algorithm] != 255)
-- self_algorithms[dnskey.algorithm]++;
--#endif
-- if (zsk_algorithms[dnskey.algorithm] != 255)
-- zsk_algorithms[dnskey.algorithm]++;
-- goodzsk = ISC_TRUE;
-- } else {
- if (standby_zsk[dnskey.algorithm] != 255)
- standby_zsk[dnskey.algorithm]++;
- if (zsk_algorithms[dnskey.algorithm] != 255)
- zsk_algorithms[dnskey.algorithm]++;
--#ifdef ALLOW_KSKLESS_ZONES
-- allzsksigned = ISC_FALSE;
--#endif
-- }
-- dns_rdata_freestruct(&dnskey);
-- dns_rdata_reset(&rdata);
-- }
-- dns_rdataset_disassociate(&sigrdataset);
--
-- if (!goodksk) {
--#ifdef ALLOW_KSKLESS_ZONES
-- if (!goodzsk)
-- fatal("no self signing keys found");
-- fprintf(stderr, "No self signing KSK found. Using self signed "
-- "ZSK's for active algorithm list.\n");
-- memcpy(ksk_algorithms, self_algorithms, sizeof(ksk_algorithms));
-- if (!allzsksigned)
-- fprintf(stderr, "warning: not all ZSK's are self "
-- "signed.\n");
--#else
-- fatal("no self signed KSK's found");
--#endif
-- }
--
-- fprintf(stderr, "Verifying the zone using the following algorithms:");
-- for (i = 0; i < 256; i++) {
-- if (ksk_algorithms[i] != 0) {
-- alg_format(i, algbuf, sizeof(algbuf));
-- fprintf(stderr, " %s", algbuf);
-- }
-- }
-- fprintf(stderr, ".\n");
--
-- for (i = 0; i < 256; i++) {
-- /*
-- * The counts should both be zero or both be non-zero.
-- * Mark the algorithm as bad if this is not met.
-- */
-- if ((ksk_algorithms[i] != 0) == (zsk_algorithms[i] != 0))
-- continue;
-- alg_format(i, algbuf, sizeof(algbuf));
-- fprintf(stderr, "Missing %s for algorithm %s\n",
-- (ksk_algorithms[i] != 0) ? "ZSK" : "self signing KSK",
-- algbuf);
-- bad_algorithms[i] = 1;
-- }
--
-- /*
-- * Check that all the other records were signed by keys that are
-- * present in the DNSKEY RRSET.
-- */
--
-- dns_fixedname_init(&fname);
-- name = dns_fixedname_name(&fname);
-- dns_fixedname_init(&fnextname);
-- nextname = dns_fixedname_name(&fnextname);
-- dns_fixedname_init(&fzonecut);
-- zonecut = NULL;
--
-- result = dns_db_createiterator(gdb, DNS_DB_NONSEC3, &dbiter);
-- check_result(result, "dns_db_createiterator()");
--
-- result = dns_dbiterator_first(dbiter);
-- check_result(result, "dns_dbiterator_first()");
--
-- while (!done) {
-- isc_boolean_t isdelegation = ISC_FALSE;
--
- result = dns_dbiterator_current(dbiter, &node, name);
- check_dns_dbiterator_current(result);
- dns_dbiterator_current(dbiter, &node, name);
-- if (delegation(name, node, NULL)) {
-- zonecut = dns_fixedname_name(&fzonecut);
-- dns_name_copy(name, zonecut, NULL);
-- isdelegation = ISC_TRUE;
-- }
-- verifynode(name, node, isdelegation, &rdataset,
-- ksk_algorithms, bad_algorithms);
-- result = dns_dbiterator_next(dbiter);
-- nextnode = NULL;
-- while (result == ISC_R_SUCCESS) {
-- result = dns_dbiterator_current(dbiter, &nextnode,
-- nextname);
- check_dns_dbiterator_current(result);
- if (result != ISC_R_SUCCESS)
- break;
-- if (!dns_name_issubdomain(nextname, gorigin) ||
-- (zonecut != NULL &&
-- dns_name_issubdomain(nextname, zonecut)))
-- {
-- dns_db_detachnode(gdb, &nextnode);
-- result = dns_dbiterator_next(dbiter);
-- continue;
-- }
-- dns_db_detachnode(gdb, &nextnode);
-- break;
-- }
-- if (result == ISC_R_NOMORE) {
-- done = ISC_TRUE;
-- } else if (result != ISC_R_SUCCESS)
-- fatal("iterating through the database failed: %s",
-- isc_result_totext(result));
-- dns_db_detachnode(gdb, &node);
-- }
--
-- dns_dbiterator_destroy(&dbiter);
--
-- result = dns_db_createiterator(gdb, DNS_DB_NSEC3ONLY, &dbiter);
-- check_result(result, "dns_db_createiterator()");
--
-- for (result = dns_dbiterator_first(dbiter);
-- result == ISC_R_SUCCESS;
-- result = dns_dbiterator_next(dbiter) ) {
- result = dns_dbiterator_current(dbiter, &node, name);
- check_dns_dbiterator_current(result);
- dns_dbiterator_current(dbiter, &node, name);
-- verifynode(name, node, ISC_FALSE, &rdataset,
-- ksk_algorithms, bad_algorithms);
-- dns_db_detachnode(gdb, &node);
-- }
-- dns_dbiterator_destroy(&dbiter);
--
-- dns_rdataset_disassociate(&rdataset);
--
-- /*
-- * If we made it this far, we have what we consider a properly signed
-- * zone. Set the good flag.
-- */
-- for (i = 0; i < 256; i++) {
-- if (bad_algorithms[i] != 0) {
-- if (first)
-- fprintf(stderr, "The zone is not fully signed "
-- "for the following algorithms:");
-- alg_format(i, algbuf, sizeof(algbuf));
-- fprintf(stderr, " %s", algbuf);
-- first = ISC_FALSE;
-- }
-- }
-- if (!first) {
-- fprintf(stderr, ".\n");
-- fatal("DNSSEC completeness test failed.");
-- }
--
-- if (goodksk) {
-- /*
-- * Print the success summary.
-- */
-- fprintf(stderr, "Zone signing complete:\n");
-- for (i = 0; i < 256; i++) {
-- if ((zsk_algorithms[i] != 0) ||
-- (ksk_algorithms[i] != 0) ||
- (standby_zsk[i] != 0) || (standby_ksk[i] != 0) ||
- (revoked_ksk[i] != 0) || (revoked_zsk[i] != 0)) {
- (revoked[i] != 0) || (standby[i] != 0)) {
-- alg_format(i, algbuf, sizeof(algbuf));
- fprintf(stderr, "Algorithm: %s: KSKs: "
- "%u active, %u stand-by, %u revoked\n",
- algbuf, ksk_algorithms[i],
- standby_ksk[i], revoked_ksk[i]);
- fprintf(stderr, "%*sZSKs: "
- "%u active, %u stand-by, %u revoked\n",
- (int) strlen(algbuf) + 13, "",
- zsk_algorithms[i],
- standby_zsk[i], revoked_zsk[i]);
- fprintf(stderr, "Algorithm: %s: ZSKs: %u, "
- "KSKs: %u active, %u revoked, %u "
- "stand-by\n", algbuf,
- zsk_algorithms[i], ksk_algorithms[i],
- revoked[i], standby[i]);
-- }
-- }
-- }
--}
--
--/*%
-- * Sign the apex of the zone.
-- * Note the origin may not be the first node if there are out of zone
-- * records.
-- */
--static void
--signapex(void) {
-- dns_dbnode_t *node = NULL;
-- dns_fixedname_t fixed;
-- dns_name_t *name;
-- isc_result_t result;
--
-- dns_fixedname_init(&fixed);
-- name = dns_fixedname_name(&fixed);
-- result = dns_dbiterator_seek(gdbiter, gorigin);
-- check_result(result, "dns_dbiterator_seek()");
-- result = dns_dbiterator_current(gdbiter, &node, name);
- check_dns_dbiterator_current(result);
- check_result(result, "dns_dbiterator_current()");
-- signname(node, name);
-- dumpnode(name, node);
-- cleannode(gdb, gversion, node);
-- dns_db_detachnode(gdb, &node);
-- result = dns_dbiterator_first(gdbiter);
-- if (result == ISC_R_NOMORE)
-- finished = ISC_TRUE;
-- else if (result != ISC_R_SUCCESS)
-- fatal("failure iterating database: %s",
-- isc_result_totext(result));
--}
--
--/*%
-- * Assigns a node to a worker thread. This is protected by the master task's
-- * lock.
-- */
--static void
--assignwork(isc_task_t *task, isc_task_t *worker) {
-- dns_fixedname_t *fname;
-- dns_name_t *name;
-- dns_dbnode_t *node;
-- sevent_t *sevent;
-- dns_rdataset_t nsec;
-- isc_boolean_t found;
-- isc_result_t result;
-- static dns_name_t *zonecut = NULL; /* Protected by namelock. */
-- static dns_fixedname_t fzonecut; /* Protected by namelock. */
-- static unsigned int ended = 0; /* Protected by namelock. */
--
-- if (shuttingdown)
-- return;
--
-- LOCK(&namelock);
-- if (finished) {
-- ended++;
-- if (ended == ntasks) {
-- isc_task_detach(&task);
-- isc_app_shutdown();
-- }
-- goto unlock;
-- }
--
-- fname = isc_mem_get(mctx, sizeof(dns_fixedname_t));
-- if (fname == NULL)
-- fatal("out of memory");
-- dns_fixedname_init(fname);
-- name = dns_fixedname_name(fname);
-- node = NULL;
-- found = ISC_FALSE;
-- while (!found) {
-- result = dns_dbiterator_current(gdbiter, &node, name);
- check_dns_dbiterator_current(result);
- if (result != ISC_R_SUCCESS)
- fatal("failure iterating database: %s",
- isc_result_totext(result));
-- /*
-- * The origin was handled by signapex().
-- */
-- if (dns_name_equal(name, gorigin)) {
-- dns_db_detachnode(gdb, &node);
-- goto next;
-- }
-- /*
-- * Sort the zone data from the glue and out-of-zone data.
-- * For NSEC zones nodes with zone data have NSEC records.
-- * For NSEC3 zones the NSEC3 nodes are zone data but
-- * outside of the zone name space. For the rest we need
-- * to track the bottom of zone cuts.
-- * Nodes which don't need to be signed are dumped here.
-- */
-- dns_rdataset_init(&nsec);
-- result = dns_db_findrdataset(gdb, node, gversion,
-- nsec_datatype, 0, 0,
-- &nsec, NULL);
-- if (dns_rdataset_isassociated(&nsec))
-- dns_rdataset_disassociate(&nsec);
-- if (result == ISC_R_SUCCESS) {
-- found = ISC_TRUE;
-- } else if (nsec_datatype == dns_rdatatype_nsec3) {
-- if (dns_name_issubdomain(name, gorigin) &&
-- (zonecut == NULL ||
-- !dns_name_issubdomain(name, zonecut))) {
-- if (delegation(name, node, NULL)) {
-- dns_fixedname_init(&fzonecut);
-- zonecut = dns_fixedname_name(&fzonecut);
-- dns_name_copy(name, zonecut, NULL);
-- if (!OPTOUT(nsec3flags) ||
-- secure(name, node))
-- found = ISC_TRUE;
-- } else
-- found = ISC_TRUE;
-- }
-- }
--
-- if (!found) {
-- dumpnode(name, node);
-- dns_db_detachnode(gdb, &node);
-- }
--
-- next:
-- result = dns_dbiterator_next(gdbiter);
-- if (result == ISC_R_NOMORE) {
-- finished = ISC_TRUE;
-- break;
-- } else if (result != ISC_R_SUCCESS)
-- fatal("failure iterating database: %s",
-- isc_result_totext(result));
-- }
-- if (!found) {
-- ended++;
-- if (ended == ntasks) {
-- isc_task_detach(&task);
-- isc_app_shutdown();
-- }
-- isc_mem_put(mctx, fname, sizeof(dns_fixedname_t));
-- goto unlock;
-- }
-- sevent = (sevent_t *)
-- isc_event_allocate(mctx, task, SIGNER_EVENT_WORK,
-- sign, NULL, sizeof(sevent_t));
-- if (sevent == NULL)
-- fatal("failed to allocate event\n");
--
-- sevent->node = node;
-- sevent->fname = fname;
-- isc_task_send(worker, ISC_EVENT_PTR(&sevent));
-- unlock:
-- UNLOCK(&namelock);
--}
--
--/*%
-- * Start a worker task
-- */
--static void
--startworker(isc_task_t *task, isc_event_t *event) {
-- isc_task_t *worker;
--
-- worker = (isc_task_t *)event->ev_arg;
-- assignwork(task, worker);
-- isc_event_free(&event);
--}
--
--/*%
-- * Write a node to the output file, and restart the worker task.
-- */
--static void
--writenode(isc_task_t *task, isc_event_t *event) {
-- isc_task_t *worker;
-- sevent_t *sevent = (sevent_t *)event;
--
-- worker = (isc_task_t *)event->ev_sender;
-- dumpnode(dns_fixedname_name(sevent->fname), sevent->node);
-- cleannode(gdb, gversion, sevent->node);
-- dns_db_detachnode(gdb, &sevent->node);
-- isc_mem_put(mctx, sevent->fname, sizeof(dns_fixedname_t));
-- assignwork(task, worker);
-- isc_event_free(&event);
--}
--
--/*%
-- * Sign a database node.
-- */
--static void
--sign(isc_task_t *task, isc_event_t *event) {
-- dns_fixedname_t *fname;
-- dns_dbnode_t *node;
-- sevent_t *sevent, *wevent;
--
-- sevent = (sevent_t *)event;
-- node = sevent->node;
-- fname = sevent->fname;
-- isc_event_free(&event);
--
-- signname(node, dns_fixedname_name(fname));
-- wevent = (sevent_t *)
-- isc_event_allocate(mctx, task, SIGNER_EVENT_WRITE,
-- writenode, NULL, sizeof(sevent_t));
-- if (wevent == NULL)
-- fatal("failed to allocate event\n");
-- wevent->node = node;
-- wevent->fname = fname;
-- isc_task_send(master, ISC_EVENT_PTR(&wevent));
--}
--
--/*%
-- * Update / remove the DS RRset. Preserve RRSIG(DS) if possible.
-- */
--static void
--add_ds(dns_name_t *name, dns_dbnode_t *node, isc_uint32_t nsttl) {
-- dns_rdataset_t dsset;
-- dns_rdataset_t sigdsset;
-- isc_result_t result;
--
-- dns_rdataset_init(&dsset);
-- dns_rdataset_init(&sigdsset);
-- result = dns_db_findrdataset(gdb, node, gversion,
-- dns_rdatatype_ds,
-- 0, 0, &dsset, &sigdsset);
-- if (result == ISC_R_SUCCESS) {
-- dns_rdataset_disassociate(&dsset);
-- result = dns_db_deleterdataset(gdb, node, gversion,
-- dns_rdatatype_ds, 0);
-- check_result(result, "dns_db_deleterdataset");
-- }
--
-- result = loadds(name, nsttl, &dsset);
-- if (result == ISC_R_SUCCESS) {
-- result = dns_db_addrdataset(gdb, node, gversion, 0,
-- &dsset, 0, NULL);
-- check_result(result, "dns_db_addrdataset");
-- dns_rdataset_disassociate(&dsset);
-- if (dns_rdataset_isassociated(&sigdsset))
-- dns_rdataset_disassociate(&sigdsset);
-- } else if (dns_rdataset_isassociated(&sigdsset)) {
-- result = dns_db_deleterdataset(gdb, node, gversion,
-- dns_rdatatype_rrsig,
-- dns_rdatatype_ds);
-- check_result(result, "dns_db_deleterdataset");
-- dns_rdataset_disassociate(&sigdsset);
-- }
--}
--
--/*%
- * Generate NSEC records for the zone and remove NSEC3/NSEC3PARAM records
- * Generate NSEC records for the zone.
-- */
--static void
--nsecify(void) {
-- dns_dbiterator_t *dbiter = NULL;
-- dns_dbnode_t *node = NULL, *nextnode = NULL;
-- dns_fixedname_t fname, fnextname, fzonecut;
-- dns_name_t *name, *nextname, *zonecut;
- dns_rdataset_t rdataset;
- dns_rdatasetiter_t *rdsiter = NULL;
- dns_rdatatype_t type, covers;
-- isc_boolean_t done = ISC_FALSE;
-- isc_result_t result;
-- isc_uint32_t nsttl = 0;
--
- dns_rdataset_init(&rdataset);
-- dns_fixedname_init(&fname);
-- name = dns_fixedname_name(&fname);
-- dns_fixedname_init(&fnextname);
-- nextname = dns_fixedname_name(&fnextname);
-- dns_fixedname_init(&fzonecut);
-- zonecut = NULL;
--
- /*
- * Remove any NSEC3 chains.
- */
- result = dns_db_createiterator(gdb, DNS_DB_NSEC3ONLY, &dbiter);
- check_result(result, "dns_db_createiterator()");
- for (result = dns_dbiterator_first(dbiter);
- result == ISC_R_SUCCESS;
- result = dns_dbiterator_next(dbiter)) {
- result = dns_dbiterator_current(dbiter, &node, name);
- check_dns_dbiterator_current(result);
- result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
- check_result(result, "dns_db_allrdatasets()");
- for (result = dns_rdatasetiter_first(rdsiter);
- result == ISC_R_SUCCESS;
- result = dns_rdatasetiter_next(rdsiter)) {
- dns_rdatasetiter_current(rdsiter, &rdataset);
- type = rdataset.type;
- covers = rdataset.covers;
- dns_rdataset_disassociate(&rdataset);
- result = dns_db_deleterdataset(gdb, node, gversion, type,
- covers);
- check_result(result,
- "dns_db_deleterdataset(nsec3param/rrsig)");
- }
- dns_rdatasetiter_destroy(&rdsiter);
- dns_db_detachnode(gdb, &node);
- }
- dns_dbiterator_destroy(&dbiter);
-
-- result = dns_db_createiterator(gdb, DNS_DB_NONSEC3, &dbiter);
-- check_result(result, "dns_db_createiterator()");
--
-- result = dns_dbiterator_first(dbiter);
-- check_result(result, "dns_dbiterator_first()");
-
- result = dns_dbiterator_current(dbiter, &node, name);
- check_dns_dbiterator_current(result);
- /*
- * Delete any NSEC3PARAM records at the apex.
- */
- result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
- check_result(result, "dns_db_allrdatasets()");
- for (result = dns_rdatasetiter_first(rdsiter);
- result == ISC_R_SUCCESS;
- result = dns_rdatasetiter_next(rdsiter)) {
- dns_rdatasetiter_current(rdsiter, &rdataset);
- type = rdataset.type;
- covers = rdataset.covers;
- dns_rdataset_disassociate(&rdataset);
- if (type == dns_rdatatype_nsec3param ||
- covers == dns_rdatatype_nsec3param) {
- result = dns_db_deleterdataset(gdb, node, gversion,
- type, covers);
- check_result(result,
- "dns_db_deleterdataset(nsec3param/rrsig)");
- continue;
- }
- }
- dns_rdatasetiter_destroy(&rdsiter);
- dns_db_detachnode(gdb, &node);
--
-- while (!done) {
- result = dns_dbiterator_current(dbiter, &node, name);
- check_dns_dbiterator_current(result);
- dns_dbiterator_current(dbiter, &node, name);
-- if (delegation(name, node, &nsttl)) {
-- zonecut = dns_fixedname_name(&fzonecut);
-- dns_name_copy(name, zonecut, NULL);
-- if (generateds)
-- add_ds(name, node, nsttl);
-- }
-- result = dns_dbiterator_next(dbiter);
-- nextnode = NULL;
-- while (result == ISC_R_SUCCESS) {
-- isc_boolean_t active = ISC_FALSE;
-- result = dns_dbiterator_current(dbiter, &nextnode,
-- nextname);
- check_dns_dbiterator_current(result);
- if (result != ISC_R_SUCCESS)
- break;
-- active = active_node(nextnode);
-- if (!active) {
-- dns_db_detachnode(gdb, &nextnode);
-- result = dns_dbiterator_next(dbiter);
-- continue;
-- }
-- if (!dns_name_issubdomain(nextname, gorigin) ||
-- (zonecut != NULL &&
-- dns_name_issubdomain(nextname, zonecut)))
-- {
-- dns_db_detachnode(gdb, &nextnode);
-- result = dns_dbiterator_next(dbiter);
-- continue;
-- }
-- dns_db_detachnode(gdb, &nextnode);
-- break;
-- }
-- if (result == ISC_R_NOMORE) {
-- dns_name_clone(gorigin, nextname);
-- done = ISC_TRUE;
-- } else if (result != ISC_R_SUCCESS)
-- fatal("iterating through the database failed: %s",
-- isc_result_totext(result));
-- result = dns_nsec_build(gdb, gversion, node, nextname,
-- zone_soa_min_ttl);
-- check_result(result, "dns_nsec_build()");
-- dns_db_detachnode(gdb, &node);
-- }
--
-- dns_dbiterator_destroy(&dbiter);
-}
-
-/*%
- * Does this node only contain NSEC3 records or RRSIG records or is empty.
- */
-static isc_boolean_t
-nsec3only(dns_dbnode_t *node) {
- dns_rdatasetiter_t *rdsiter = NULL;
- isc_result_t result;
- dns_rdataset_t rdataset;
- isc_boolean_t answer = ISC_TRUE;
-
- dns_rdataset_init(&rdataset);
- result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
- check_result(result, "dns_db_allrdatasets()");
- result = dns_rdatasetiter_first(rdsiter);
- while (result == ISC_R_SUCCESS) {
- dns_rdatasetiter_current(rdsiter, &rdataset);
- if (rdataset.type != dns_rdatatype_nsec3 &&
- rdataset.type != dns_rdatatype_rrsig) {
- answer = ISC_FALSE;
- result = ISC_R_NOMORE;
- } else
- result = dns_rdatasetiter_next(rdsiter);
- dns_rdataset_disassociate(&rdataset);
- }
- if (result != ISC_R_NOMORE)
- fatal("rdataset iteration failed: %s",
- isc_result_totext(result));
- dns_rdatasetiter_destroy(&rdsiter);
- return (answer);
--}
--
--static void
--addnsec3param(const unsigned char *salt, size_t salt_length,
-- unsigned int iterations)
--{
-- dns_dbnode_t *node = NULL;
-- dns_rdata_nsec3param_t nsec3param;
-- unsigned char nsec3parambuf[5 + 255];
-- dns_rdatalist_t rdatalist;
-- dns_rdataset_t rdataset;
-- dns_rdata_t rdata = DNS_RDATA_INIT;
-- isc_buffer_t b;
-- isc_result_t result;
--
-- dns_rdataset_init(&rdataset);
--
-- nsec3param.common.rdclass = gclass;
-- nsec3param.common.rdtype = dns_rdatatype_nsec3param;
-- ISC_LINK_INIT(&nsec3param.common, link);
-- nsec3param.mctx = NULL;
-- nsec3param.flags = 0;
-- nsec3param.hash = unknownalg ? DNS_NSEC3_UNKNOWNALG : dns_hash_sha1;
-- nsec3param.iterations = iterations;
-- nsec3param.salt_length = salt_length;
-- DE_CONST(salt, nsec3param.salt);
--
-- isc_buffer_init(&b, nsec3parambuf, sizeof(nsec3parambuf));
-- result = dns_rdata_fromstruct(&rdata, gclass,
-- dns_rdatatype_nsec3param,
-- &nsec3param, &b);
-- rdatalist.rdclass = rdata.rdclass;
-- rdatalist.type = rdata.type;
-- rdatalist.covers = 0;
-- rdatalist.ttl = 0;
-- ISC_LIST_INIT(rdatalist.rdata);
-- ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
-- result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
-- check_result(result, "dns_rdatalist_tordataset()");
--
-- result = dns_db_findnode(gdb, gorigin, ISC_TRUE, &node);
-- check_result(result, "dns_db_find(gorigin)");
-
- /*
- * Delete any current NSEC3PARAM records.
- */
- result = dns_db_deleterdataset(gdb, node, gversion,
- dns_rdatatype_nsec3param, 0);
- if (result == DNS_R_UNCHANGED)
- result = ISC_R_SUCCESS;
- check_result(result, "dddnsec3param: dns_db_deleterdataset()");
-
-- result = dns_db_addrdataset(gdb, node, gversion, 0, &rdataset,
-- DNS_DBADD_MERGE, NULL);
-- if (result == DNS_R_UNCHANGED)
-- result = ISC_R_SUCCESS;
-- check_result(result, "addnsec3param: dns_db_addrdataset()");
-- dns_db_detachnode(gdb, &node);
--}
--
--static void
--addnsec3(dns_name_t *name, dns_dbnode_t *node,
-- const unsigned char *salt, size_t salt_length,
-- unsigned int iterations, hashlist_t *hashlist,
-- dns_ttl_t ttl)
--{
-- unsigned char hash[NSEC3_MAX_HASH_LENGTH];
-- const unsigned char *nexthash;
-- unsigned char nsec3buffer[DNS_NSEC3_BUFFERSIZE];
-- dns_fixedname_t hashname;
-- dns_rdatalist_t rdatalist;
-- dns_rdataset_t rdataset;
-- dns_rdata_t rdata = DNS_RDATA_INIT;
-- isc_result_t result;
-- dns_dbnode_t *nsec3node = NULL;
-- char namebuf[DNS_NAME_FORMATSIZE];
-- size_t hash_length;
--
-- dns_name_format(name, namebuf, sizeof(namebuf));
--
-- dns_fixedname_init(&hashname);
-- dns_rdataset_init(&rdataset);
--
-- dns_name_downcase(name, name, NULL);
-- result = dns_nsec3_hashname(&hashname, hash, &hash_length,
-- name, gorigin, dns_hash_sha1, iterations,
-- salt, salt_length);
-- check_result(result, "addnsec3: dns_nsec3_hashname()");
-- nexthash = hashlist_findnext(hashlist, hash);
-- result = dns_nsec3_buildrdata(gdb, gversion, node,
-- unknownalg ?
-- DNS_NSEC3_UNKNOWNALG : dns_hash_sha1,
-- nsec3flags, iterations,
-- salt, salt_length,
-- nexthash, ISC_SHA1_DIGESTLENGTH,
-- nsec3buffer, &rdata);
-- check_result(result, "addnsec3: dns_nsec3_buildrdata()");
-- rdatalist.rdclass = rdata.rdclass;
-- rdatalist.type = rdata.type;
-- rdatalist.covers = 0;
-- rdatalist.ttl = ttl;
-- ISC_LIST_INIT(rdatalist.rdata);
-- ISC_LIST_APPEND(rdatalist.rdata, &rdata, link);
-- result = dns_rdatalist_tordataset(&rdatalist, &rdataset);
-- check_result(result, "dns_rdatalist_tordataset()");
-- result = dns_db_findnsec3node(gdb, dns_fixedname_name(&hashname),
-- ISC_TRUE, &nsec3node);
-- check_result(result, "addnsec3: dns_db_findnode()");
-- result = dns_db_addrdataset(gdb, nsec3node, gversion, 0, &rdataset,
-- 0, NULL);
-- if (result == DNS_R_UNCHANGED)
-- result = ISC_R_SUCCESS;
-- check_result(result, "addnsec3: dns_db_addrdataset()");
-- dns_db_detachnode(gdb, &nsec3node);
--}
--
--/*%
-- * Clean out NSEC3 record and RRSIG(NSEC3) that are not in the hash list.
-- *
-- * Extract the hash from the first label of 'name' then see if it
-- * is in hashlist. If 'name' is not in the hashlist then delete the
-- * any NSEC3 records which have the same parameters as the chain we
-- * are building.
-- *
-- * XXXMPA Should we also check that it of the form <hash>.<origin>?
-- */
--static void
--nsec3clean(dns_name_t *name, dns_dbnode_t *node,
-- unsigned int hashalg, unsigned int iterations,
-- const unsigned char *salt, size_t salt_length, hashlist_t *hashlist)
--{
-- dns_label_t label;
-- dns_rdata_nsec3_t nsec3;
-- dns_rdata_t rdata, delrdata;
-- dns_rdatalist_t rdatalist;
-- dns_rdataset_t rdataset, delrdataset;
-- isc_boolean_t delete_rrsigs = ISC_FALSE;
-- isc_buffer_t target;
-- isc_result_t result;
-- unsigned char hash[NSEC3_MAX_HASH_LENGTH + 1];
- isc_boolean_t exists;
--
-- /*
-- * Get the first label.
-- */
-- dns_name_getlabel(name, 0, &label);
--
-- /*
-- * We want just the label contents.
-- */
-- isc_region_consume(&label, 1);
--
-- /*
-- * Decode base32hex string.
-- */
-- isc_buffer_init(&target, hash, sizeof(hash) - 1);
-- result = isc_base32hex_decoderegion(&label, &target);
-- if (result != ISC_R_SUCCESS)
-- return;
--
-- hash[isc_buffer_usedlength(&target)] = 0;
--
- exists = hashlist_exists(hashlist, hash);
- if (hashlist_exists(hashlist, hash))
- return;
--
-- /*
-- * Verify that the NSEC3 parameters match the current ones
-- * otherwise we are dealing with a different NSEC3 chain.
-- */
-- dns_rdataset_init(&rdataset);
-- dns_rdataset_init(&delrdataset);
--
-- result = dns_db_findrdataset(gdb, node, gversion, dns_rdatatype_nsec3,
-- 0, 0, &rdataset, NULL);
-- if (result != ISC_R_SUCCESS)
-- return;
--
-- /*
- * Delete any NSEC3 records which are not part of the current
- * NSEC3 chain.
- * Delete any matching NSEC3 records which have parameters that
- * match the NSEC3 chain we are building.
-- */
-- for (result = dns_rdataset_first(&rdataset);
-- result == ISC_R_SUCCESS;
-- result = dns_rdataset_next(&rdataset)) {
-- dns_rdata_init(&rdata);
-- dns_rdataset_current(&rdataset, &rdata);
-- result = dns_rdata_tostruct(&rdata, &nsec3, NULL);
-- check_result(result, "dns_rdata_tostruct");
- if (exists && nsec3.hash == hashalg &&
- if (nsec3.hash == hashalg &&
-- nsec3.iterations == iterations &&
-- nsec3.salt_length == salt_length &&
-- !memcmp(nsec3.salt, salt, salt_length))
- continue;
- break;
-- rdatalist.rdclass = rdata.rdclass;
-- rdatalist.type = rdata.type;
-- rdatalist.covers = 0;
-- rdatalist.ttl = rdataset.ttl;
-- ISC_LIST_INIT(rdatalist.rdata);
-- dns_rdata_init(&delrdata);
-- dns_rdata_clone(&rdata, &delrdata);
-- ISC_LIST_APPEND(rdatalist.rdata, &delrdata, link);
-- result = dns_rdatalist_tordataset(&rdatalist, &delrdataset);
-- check_result(result, "dns_rdatalist_tordataset()");
-- result = dns_db_subtractrdataset(gdb, node, gversion,
-- &delrdataset, 0, NULL);
-- dns_rdataset_disassociate(&delrdataset);
- if (result != ISC_R_SUCCESS && result != DNS_R_NXRRSET)
- if (result != ISC_R_SUCCESS && result != DNS_R_UNCHANGED)
-- check_result(result, "dns_db_subtractrdataset(NSEC3)");
-- delete_rrsigs = ISC_TRUE;
-- }
-- dns_rdataset_disassociate(&rdataset);
-- if (result != ISC_R_NOMORE)
-- check_result(result, "dns_rdataset_first/next");
--
-- if (!delete_rrsigs)
-- return;
-- /*
-- * Delete the NSEC3 RRSIGs
-- */
-- result = dns_db_deleterdataset(gdb, node, gversion,
-- dns_rdatatype_rrsig,
-- dns_rdatatype_nsec3);
-- if (result != ISC_R_SUCCESS && result != DNS_R_UNCHANGED)
-- check_result(result, "dns_db_deleterdataset(RRSIG(NSEC3))");
--}
--
--/*
-- * Generate NSEC3 records for the zone.
-- */
--static void
--nsec3ify(unsigned int hashalg, unsigned int iterations,
-- const unsigned char *salt, size_t salt_length, hashlist_t *hashlist)
--{
-- dns_dbiterator_t *dbiter = NULL;
-- dns_dbnode_t *node = NULL, *nextnode = NULL;
-- dns_fixedname_t fname, fnextname, fzonecut;
-- dns_name_t *name, *nextname, *zonecut;
- dns_rdataset_t rdataset;
- dns_rdatasetiter_t *rdsiter = NULL;
- dns_rdatatype_t type, covers;
- int order;
- isc_boolean_t active;
-- isc_boolean_t done = ISC_FALSE;
-- isc_result_t result;
- isc_boolean_t active;
-- isc_uint32_t nsttl = 0;
-- unsigned int count, nlabels;
- int order;
--
- dns_rdataset_init(&rdataset);
-- dns_fixedname_init(&fname);
-- name = dns_fixedname_name(&fname);
-- dns_fixedname_init(&fnextname);
-- nextname = dns_fixedname_name(&fnextname);
-- dns_fixedname_init(&fzonecut);
-- zonecut = NULL;
--
-- /*
-- * Walk the zone generating the hash names.
-- */
-- result = dns_db_createiterator(gdb, DNS_DB_NONSEC3, &dbiter);
-- check_result(result, "dns_db_createiterator()");
--
-- result = dns_dbiterator_first(dbiter);
-- check_result(result, "dns_dbiterator_first()");
-
- result = dns_dbiterator_current(dbiter, &node, name);
- check_dns_dbiterator_current(result);
- /*
- * Delete any NSEC records at the apex.
- */
- result = dns_db_allrdatasets(gdb, node, gversion, 0, &rdsiter);
- check_result(result, "dns_db_allrdatasets()");
- for (result = dns_rdatasetiter_first(rdsiter);
- result == ISC_R_SUCCESS;
- result = dns_rdatasetiter_next(rdsiter)) {
- dns_rdatasetiter_current(rdsiter, &rdataset);
- type = rdataset.type;
- covers = rdataset.covers;
- dns_rdataset_disassociate(&rdataset);
- if (type == dns_rdatatype_nsec || covers == dns_rdatatype_nsec) {
- result = dns_db_deleterdataset(gdb, node, gversion,
- type, covers);
- check_result(result,
- "dns_db_deleterdataset(nsec3param/rrsig)");
- continue;
- }
- }
- dns_rdatasetiter_destroy(&rdsiter);
- dns_db_detachnode(gdb, &node);
--
-- while (!done) {
- result = dns_dbiterator_current(dbiter, &node, name);
- check_dns_dbiterator_current(result);
- dns_dbiterator_current(dbiter, &node, name);
-- result = dns_dbiterator_next(dbiter);
-- nextnode = NULL;
-- while (result == ISC_R_SUCCESS) {
-- result = dns_dbiterator_current(dbiter, &nextnode,
-- nextname);
- check_dns_dbiterator_current(result);
- if (result != ISC_R_SUCCESS)
- break;
-- active = active_node(nextnode);
-- if (!active) {
-- dns_db_detachnode(gdb, &nextnode);
-- result = dns_dbiterator_next(dbiter);
-- continue;
-- }
-- if (!dns_name_issubdomain(nextname, gorigin) ||
-- (zonecut != NULL &&
-- dns_name_issubdomain(nextname, zonecut))) {
-- dns_db_detachnode(gdb, &nextnode);
-- result = dns_dbiterator_next(dbiter);
-- continue;
-- }
-- if (delegation(nextname, nextnode, &nsttl)) {
-- zonecut = dns_fixedname_name(&fzonecut);
-- dns_name_copy(nextname, zonecut, NULL);
-- if (generateds)
-- add_ds(nextname, nextnode, nsttl);
-- if (OPTOUT(nsec3flags) &&
-- !secure(nextname, nextnode)) {
-- dns_db_detachnode(gdb, &nextnode);
-- result = dns_dbiterator_next(dbiter);
-- continue;
-- }
-- }
-- dns_db_detachnode(gdb, &nextnode);
-- break;
-- }
-- if (result == ISC_R_NOMORE) {
-- dns_name_copy(gorigin, nextname, NULL);
-- done = ISC_TRUE;
-- } else if (result != ISC_R_SUCCESS)
-- fatal("iterating through the database failed: %s",
-- isc_result_totext(result));
-- dns_name_downcase(name, name, NULL);
-- hashlist_add_dns_name(hashlist, name, hashalg, iterations,
-- salt, salt_length, ISC_FALSE);
-- dns_db_detachnode(gdb, &node);
-- /*
-- * Add hashs for empty nodes. Use closest encloser logic.
-- * The closest encloser either has data or is a empty
-- * node for another <name,nextname> span so we don't add
-- * it here. Empty labels on nextname are within the span.
-- */
-- dns_name_downcase(nextname, nextname, NULL);
-- dns_name_fullcompare(name, nextname, &order, &nlabels);
-- addnowildcardhash(hashlist, name, hashalg, iterations,
-- salt, salt_length);
-- count = dns_name_countlabels(nextname);
-- while (count > nlabels + 1) {
-- count--;
-- dns_name_split(nextname, count, NULL, nextname);
-- hashlist_add_dns_name(hashlist, nextname, hashalg,
-- iterations, salt, salt_length,
-- ISC_FALSE);
-- addnowildcardhash(hashlist, nextname, hashalg,
-- iterations, salt, salt_length);
-- }
-- }
-- dns_dbiterator_destroy(&dbiter);
--
-- /*
-- * We have all the hashes now so we can sort them.
-- */
-- hashlist_sort(hashlist);
--
-- /*
-- * Check for duplicate hashes. If found the salt needs to
-- * be changed.
-- */
-- if (hashlist_hasdup(hashlist))
-- fatal("Duplicate hash detected. Pick a different salt.");
--
-- /*
-- * Generate the nsec3 records.
-- */
-- zonecut = NULL;
-- done = ISC_FALSE;
--
-- addnsec3param(salt, salt_length, iterations);
-
- /*
- * Clean out NSEC3 records which don't match this chain.
- */
- result = dns_db_createiterator(gdb, DNS_DB_NSEC3ONLY, &dbiter);
- check_result(result, "dns_db_createiterator()");
-
- for (result = dns_dbiterator_first(dbiter);
- result == ISC_R_SUCCESS;
- result = dns_dbiterator_next(dbiter)) {
- result = dns_dbiterator_current(dbiter, &node, name);
- check_dns_dbiterator_current(result);
- nsec3clean(name, node, hashalg, iterations, salt, salt_length,
- hashlist);
- dns_db_detachnode(gdb, &node);
- }
- dns_dbiterator_destroy(&dbiter);
--
- /*
- * Generate / complete the new chain.
- */
-- result = dns_db_createiterator(gdb, DNS_DB_NONSEC3, &dbiter);
-- check_result(result, "dns_db_createiterator()");
--
-- result = dns_dbiterator_first(dbiter);
-- check_result(result, "dns_dbiterator_first()");
--
-- while (!done) {
- result = dns_dbiterator_current(dbiter, &node, name);
- check_dns_dbiterator_current(result);
- dns_dbiterator_current(dbiter, &node, name);
-- result = dns_dbiterator_next(dbiter);
-- nextnode = NULL;
-- while (result == ISC_R_SUCCESS) {
-- result = dns_dbiterator_current(dbiter, &nextnode,
-- nextname);
- check_dns_dbiterator_current(result);
- active = active_node(nextnode);
- if (!active) {
- if (result != ISC_R_SUCCESS)
- break;
- /*
- * Cleanout NSEC3 RRsets which don't exist in the
- * hash table.
- */
- nsec3clean(nextname, nextnode, hashalg, iterations,
- salt, salt_length, hashlist);
- /*
- * Skip NSEC3 only nodes when looking for the next
- * node in the zone. Also skips now empty nodes.
- */
- if (nsec3only(nextnode)) {
-- dns_db_detachnode(gdb, &nextnode);
-- result = dns_dbiterator_next(dbiter);
-- continue;
-- }
-- if (!dns_name_issubdomain(nextname, gorigin) ||
-- (zonecut != NULL &&
-- dns_name_issubdomain(nextname, zonecut))) {
-- dns_db_detachnode(gdb, &nextnode);
-- result = dns_dbiterator_next(dbiter);
-- continue;
-- }
-- if (delegation(nextname, nextnode, NULL)) {
-- zonecut = dns_fixedname_name(&fzonecut);
-- dns_name_copy(nextname, zonecut, NULL);
-- if (OPTOUT(nsec3flags) &&
-- !secure(nextname, nextnode)) {
-- dns_db_detachnode(gdb, &nextnode);
-- result = dns_dbiterator_next(dbiter);
-- continue;
-- }
-- }
-- dns_db_detachnode(gdb, &nextnode);
-- break;
-- }
-- if (result == ISC_R_NOMORE) {
-- dns_name_copy(gorigin, nextname, NULL);
-- done = ISC_TRUE;
-- } else if (result != ISC_R_SUCCESS)
-- fatal("iterating through the database failed: %s",
-- isc_result_totext(result));
-- /*
-- * We need to pause here to release the lock on the database.
-- */
-- dns_dbiterator_pause(dbiter);
-- addnsec3(name, node, salt, salt_length, iterations,
-- hashlist, zone_soa_min_ttl);
-- dns_db_detachnode(gdb, &node);
-- /*
-- * Add NSEC3's for empty nodes. Use closest encloser logic.
-- */
-- dns_name_fullcompare(name, nextname, &order, &nlabels);
-- count = dns_name_countlabels(nextname);
-- while (count > nlabels + 1) {
-- count--;
-- dns_name_split(nextname, count, NULL, nextname);
-- addnsec3(nextname, NULL, salt, salt_length,
-- iterations, hashlist, zone_soa_min_ttl);
-- }
-- }
-- dns_dbiterator_destroy(&dbiter);
--}
--
--/*%
-- * Load the zone file from disk
-- */
--static void
--loadzone(char *file, char *origin, dns_rdataclass_t rdclass, dns_db_t **db) {
-- isc_buffer_t b;
-- int len;
-- dns_fixedname_t fname;
-- dns_name_t *name;
-- isc_result_t result;
--
-- len = strlen(origin);
-- isc_buffer_init(&b, origin, len);
-- isc_buffer_add(&b, len);
--
-- dns_fixedname_init(&fname);
-- name = dns_fixedname_name(&fname);
-- result = dns_name_fromtext(name, &b, dns_rootname, 0, NULL);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed converting name '%s' to dns format: %s",
-- origin, isc_result_totext(result));
--
-- result = dns_db_create(mctx, "rbt", name, dns_dbtype_zone,
-- rdclass, 0, NULL, db);
-- check_result(result, "dns_db_create()");
--
-- result = dns_db_load2(*db, file, inputformat);
-- if (result != ISC_R_SUCCESS && result != DNS_R_SEENINCLUDE)
-- fatal("failed loading zone from '%s': %s",
-- file, isc_result_totext(result));
--}
--
--/*%
-- * Finds all public zone keys in the zone, and attempts to load the
-- * private keys from disk.
-- */
--static void
--loadzonekeys(dns_db_t *db) {
-- dns_dbnode_t *node;
-- dns_dbversion_t *currentversion;
-- isc_result_t result;
-- dst_key_t *keys[20];
-- unsigned int nkeys, i;
-- dns_rdataset_t rdataset;
--
-- currentversion = NULL;
-- dns_db_currentversion(db, ¤tversion);
--
-- node = NULL;
-- result = dns_db_findnode(db, gorigin, ISC_FALSE, &node);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to find the zone's origin: %s",
-- isc_result_totext(result));
--
-- /* Preserve the TTL of the DNSKEY RRset, if any */
-- dns_rdataset_init(&rdataset);
-- result = dns_db_findrdataset(db, node, currentversion,
-- dns_rdatatype_dnskey, 0, 0,
-- &rdataset, NULL);
--
-- if (result == ISC_R_SUCCESS) {
-- if (set_keyttl && keyttl != rdataset.ttl) {
-- fprintf(stderr, "User-specified TTL (%d) conflicts "
-- "with existing DNSKEY RRset TTL.\n",
-- keyttl);
-- fprintf(stderr, "Imported keys will use the RRSet "
-- "TTL (%d) instead.\n",
-- rdataset.ttl);
-- }
-- keyttl = rdataset.ttl;
-- if (dns_rdataset_isassociated(&rdataset))
-- dns_rdataset_disassociate(&rdataset);
-- }
--
-- /* Load keys corresponding to the existing DNSKEY RRset */
-- result = dns_dnssec_findzonekeys2(db, currentversion, node, gorigin,
-- directory, mctx, 20, keys, &nkeys);
-- if (result == ISC_R_NOTFOUND) {
-- result = ISC_R_SUCCESS;
-- goto cleanup;
-- }
--
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to find the zone keys: %s",
-- isc_result_totext(result));
--
-- for (i = 0; i < nkeys; i++) {
-- dns_dnsseckey_t *key = NULL;
--
-- dns_dnsseckey_create(mctx, &keys[i], &key);
- if (key->legacy) {
- key->force_publish = ISC_TRUE;
- key->force_sign = dst_key_isprivate(key->key);
- }
- key->force_publish = ISC_TRUE;
- key->force_sign = dst_key_isprivate(key->key);
-- key->source = dns_keysource_zoneapex;
-- ISC_LIST_APPEND(keylist, key, link);
-- }
--
-- cleanup:
-- dns_db_detachnode(db, &node);
-- dns_db_closeversion(db, ¤tversion, ISC_FALSE);
--}
--
--/*%
-- * Finds all public zone keys in the zone.
-- */
--static void
--loadzonepubkeys(dns_db_t *db) {
-- dns_dbversion_t *currentversion = NULL;
-- dns_dbnode_t *node = NULL;
-- dns_rdataset_t rdataset;
-- dns_rdata_t rdata = DNS_RDATA_INIT;
-- dst_key_t *pubkey;
-- isc_result_t result;
--
-- dns_db_currentversion(db, ¤tversion);
--
-- result = dns_db_findnode(db, gorigin, ISC_FALSE, &node);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to find the zone's origin: %s",
-- isc_result_totext(result));
--
-- dns_rdataset_init(&rdataset);
-- result = dns_db_findrdataset(db, node, currentversion,
-- dns_rdatatype_dnskey, 0, 0, &rdataset,
-- NULL);
-- if (result != ISC_R_SUCCESS) {
-- vbprintf(2, "failed to find keys at the zone apex: %s",
-- isc_result_totext(result));
-- goto cleanup;
-- }
--
-- result = dns_rdataset_first(&rdataset);
-- check_result(result, "dns_rdataset_first");
-- while (result == ISC_R_SUCCESS) {
-- dns_dnsseckey_t *key = NULL;
-- pubkey = NULL;
-- dns_rdata_reset(&rdata);
-- dns_rdataset_current(&rdataset, &rdata);
-- result = dns_dnssec_keyfromrdata(gorigin, &rdata, mctx,
-- &pubkey);
-- if (result != ISC_R_SUCCESS)
-- goto next;
-- if (!dst_key_iszonekey(pubkey)) {
-- dst_key_free(&pubkey);
-- goto next;
-- }
--
-- dns_dnsseckey_create(mctx, &pubkey, &key);
- if (key->legacy)
- key->force_publish = ISC_TRUE;
- key->force_publish = ISC_TRUE;
- key->force_sign = ISC_FALSE;
-- ISC_LIST_APPEND(keylist, key, link);
-- next:
-- result = dns_rdataset_next(&rdataset);
-- }
--
-- cleanup:
-- if (dns_rdataset_isassociated(&rdataset))
-- dns_rdataset_disassociate(&rdataset);
-- if (node != NULL)
-- dns_db_detachnode(db, &node);
-- if (currentversion != NULL)
-- dns_db_closeversion(db, ¤tversion, ISC_FALSE);
--}
--
--static isc_result_t
--make_dnskey(dst_key_t *key, dns_rdata_t *target) {
-- isc_result_t result;
-- unsigned char data[DST_KEY_MAXSIZE];
-- isc_buffer_t b;
-- isc_region_t r;
--
-- isc_buffer_init(&b, data, sizeof(data));
-- result = dst_key_todns(key, &b);
-- check_result(result, "dst_key_todns");
--
-- dns_rdata_reset(target);
-- isc_buffer_usedregion(&b, &r);
-- dns_rdata_fromregion(target, dst_key_class(key),
-- dns_rdatatype_dnskey, &r);
-- return (ISC_R_SUCCESS);
--}
--
--static void
--build_final_keylist(dns_db_t *db, const char *directory, isc_mem_t *mctx) {
-- isc_result_t result;
-- dns_dbversion_t *ver = NULL;
-- dns_diff_t del, add;
-- dns_difftuple_t *tuple = NULL;
-- dns_rdata_t dnskey = DNS_RDATA_INIT;
-- dns_dnsseckeylist_t matchkeys;
-- dns_dnsseckey_t *key1, *key2;
-- char name[DNS_NAME_FORMATSIZE];
-- char alg[80];
--
-- dns_name_format(gorigin, name, sizeof(name));
--
-- ISC_LIST_INIT(matchkeys);
-- result = dns_dnssec_findmatchingkeys(gorigin, directory,
-- mctx, &matchkeys);
-- if (result == ISC_R_NOTFOUND)
-- result = ISC_R_SUCCESS;
-- check_result(result, "dns_dnssec_findmatchingkeys");
--
-- result = dns_db_newversion(db, &ver);
-- check_result(result, "dns_db_newversion");
--
-- dns_diff_init(mctx, &del);
-- dns_diff_init(mctx, &add);
--
-- /*
-- * For each key in matchkeys, see if it has a match in keylist.
-- * - If not, and if the metadata says it should be published:
-- * add it to keylist and to the DNSKEY set
-- * - If so, and if the metadata says it should be removed:
-- * remove it from keylist and from the DNSKEY set
-- * - Otherwise, make sure keylist has up-to-date metadata
- *
- * (XXXEACH: logic is needed to make sure revoked keys
- * can be matched correctly with nonrevoked)
-- */
--
-- key1 = ISC_LIST_HEAD(matchkeys);
-- while (key1 != NULL) {
- isc_boolean_t key_revoked = ISC_FALSE;
-- for (key2 = ISC_LIST_HEAD(keylist);
-- key2 != NULL;
-- key2 = ISC_LIST_NEXT(key2, link)) {
- if (dst_key_pubcompare(key1->key, key2->key,
- ISC_TRUE)) {
- key_revoked = ISC_TF(dst_key_flags(key1->key) !=
- dst_key_flags(key2->key));
- if (dst_key_compare(key1->key, key2->key))
-- break;
- }
-- }
--
-- /*
-- * No matching key found in keylist, so move the key
-- * we found into keylist
-- */
-- if (key2 == NULL) {
-- dns_dnsseckey_t *next;
--
-- /* move key from matchkeys to keylist */
-- next = ISC_LIST_NEXT(key1, link);
-- ISC_LIST_UNLINK(matchkeys, key1, link);
-- ISC_LIST_APPEND(keylist, key1, link);
--
-- key1 = next;
-- continue;
-- }
--
-- /* Match found: remove it or update it as needed */
-- if (key1->hint_remove) {
-- ISC_LIST_UNLINK(keylist, key2, link);
-- dns_dnsseckey_destroy(mctx, &key2);
--
-- make_dnskey(key1->key, &dnskey);
-- alg_format(dst_key_alg(key1->key), alg, sizeof(alg));
-- fprintf(stderr, "Removing expired key %d/%s from "
-- "DNSKEY RRset.\n",
-- dst_key_id(key1->key), alg);
-
- result = dns_difftuple_create(mctx, DNS_DIFFOP_DEL,
- gorigin, keyttl,
- &dnskey, &tuple);
- check_result(result, "dns_difftuple_create");
- dns_diff_append(&del, &tuple);
- } else if (key_revoked &&
- (dst_key_flags(key1->key) & DNS_KEYFLAG_REVOKE) != 0) {
- dns_dnsseckey_t *next;
-
- /*
- * A key in the DNSKEY set has been revoked in the
- * key repository. We need to remove the old
- * version and pull in the new one.
- */
- make_dnskey(key2->key, &dnskey);
- alg_format(dst_key_alg(key2->key), alg, sizeof(alg));
- fprintf(stderr, "Replacing revoked key %d/%s in "
- "DNSKEY RRset.\n",
- dst_key_id(key2->key), alg);
--
-- result = dns_difftuple_create(mctx, DNS_DIFFOP_DEL,
-- gorigin, keyttl,
-- &dnskey, &tuple);
-- check_result(result, "dns_difftuple_create");
-- dns_diff_append(&del, &tuple);
-
- ISC_LIST_UNLINK(keylist, key2, link);
- dns_dnsseckey_destroy(mctx, &key2);
-
- next = ISC_LIST_NEXT(key1, link);
- ISC_LIST_UNLINK(matchkeys, key1, link);
- ISC_LIST_APPEND(keylist, key1, link);
-
- /*
- * XXX: The revoke flag is only defined for trust
- * anchors. Setting the flag on a non-KSK is legal,
- * but not defined in any RFC. It seems reasonable
- * to treat it the same as a KSK: keep it in the
- * zone and sign the DNSKEY set with it, but not
- * sign other records with it.
- */
- if (iszsk(key1))
- key1->ksk = ISC_TRUE;
-
- key1 = next;
- continue;
-- } else {
-- key2->hint_publish = key1->hint_publish;
-- key2->hint_sign = key1->hint_sign;
-- }
--
-- key1 = ISC_LIST_NEXT(key1, link);
-- }
--
-- /*
-- * If a key was not in the zone already and needs to be published,
-- * add it now.
-- */
-- for (key1 = ISC_LIST_HEAD(keylist);
-- key1 != NULL;
-- key1 = ISC_LIST_NEXT(key1, link)) {
-- if (key1->source == dns_keysource_zoneapex)
-- continue;
--
-- if (key1->hint_publish || key1->force_publish) {
-- make_dnskey(key1->key, &dnskey);
--
-- alg_format(dst_key_alg(key1->key), alg, sizeof(alg));
-- fprintf(stderr, "Fetching %s %d/%s from key %s\n",
-- isksk(key1) ?
-- (iszsk(key1) ? "KSK/ZSK" : "KSK") :
-- "ZSK",
-- dst_key_id(key1->key), alg,
-- key1->source == dns_keysource_user ?
-- "file" :
-- "repository");
--
-- if (key1->prepublish && keyttl > key1->prepublish) {
-- char keystr[KEY_FORMATSIZE];
-- key_format(key1->key, keystr, sizeof(keystr));
-- fatal("Key %s is scheduled to\n"
-- "become active in %d seconds. "
-- "This is less than the DNSKEY TTL\n"
-- "value of %d seconds. Reduce "
-- "the TTL, or change the activation\n"
-- "date of the key using "
-- "'dnssec-settime -A'.",
-- keystr, key1->prepublish, keyttl);
-- }
--
-- /* add key to the zone */
-- result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
-- gorigin, keyttl,
-- &dnskey, &tuple);
-- check_result(result, "dns_difftuple_create");
-- dns_diff_append(&add, &tuple);
-- } else {
-- vbprintf(1, "%s %d/%s: not published.\n",
-- isksk(key1) ?
-- (iszsk(key1) ? "KSK/ZSK" : "KSK") :
-- "ZSK",
-- dst_key_id(key1->key), alg);
-- }
-- }
--
-- /* free matchkeys */
-- while (!ISC_LIST_EMPTY(matchkeys)) {
-- key1 = ISC_LIST_HEAD(matchkeys);
-- ISC_LIST_UNLINK(matchkeys, key1, link);
-- dns_dnsseckey_destroy(mctx, &key1);
-- }
--
-- result = dns_diff_applysilently(&del, db, ver);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to delete DNSKEYs at node '%s': %s",
-- name, isc_result_totext(result));
--
-- result = dns_diff_applysilently(&add, db, ver);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to add DNSKEYs at node '%s': %s",
-- name, isc_result_totext(result));
--
-- dns_db_closeversion(db, &ver, ISC_TRUE);
--
-- dns_diff_clear(&del);
-- dns_diff_clear(&add);
--}
--
--static void
--warnifallksk(dns_db_t *db) {
-- dns_dbversion_t *currentversion = NULL;
-- dns_dbnode_t *node = NULL;
-- dns_rdataset_t rdataset;
-- dns_rdata_t rdata = DNS_RDATA_INIT;
-- isc_result_t result;
-- dns_rdata_dnskey_t dnskey;
-- isc_boolean_t have_non_ksk = ISC_FALSE;
--
-- dns_db_currentversion(db, ¤tversion);
--
-- result = dns_db_findnode(db, gorigin, ISC_FALSE, &node);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to find the zone's origin: %s",
-- isc_result_totext(result));
--
-- dns_rdataset_init(&rdataset);
-- result = dns_db_findrdataset(db, node, currentversion,
-- dns_rdatatype_dnskey, 0, 0, &rdataset,
-- NULL);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to find keys at the zone apex: %s",
-- isc_result_totext(result));
-- result = dns_rdataset_first(&rdataset);
-- check_result(result, "dns_rdataset_first");
-- while (result == ISC_R_SUCCESS) {
-- dns_rdata_reset(&rdata);
-- dns_rdataset_current(&rdataset, &rdata);
-- result = dns_rdata_tostruct(&rdata, &dnskey, NULL);
-- check_result(result, "dns_rdata_tostruct");
-- if ((dnskey.flags & DNS_KEYFLAG_KSK) == 0) {
-- have_non_ksk = ISC_TRUE;
-- result = ISC_R_NOMORE;
-- } else
-- result = dns_rdataset_next(&rdataset);
-- dns_rdata_freestruct(&dnskey);
-- }
-- dns_rdataset_disassociate(&rdataset);
-- dns_db_detachnode(db, &node);
-- dns_db_closeversion(db, ¤tversion, ISC_FALSE);
-- if (!have_non_ksk && !ignore_kskflag) {
-- if (disable_zone_check)
-- fprintf(stderr, "%s: warning: No non-KSK DNSKEY found; "
-- "supply a ZSK or use '-z'.\n",
-- program);
-- else
-- fatal("No non-KSK DNSKEY found; "
-- "supply a ZSK or use '-z'.");
-- }
--}
--
--static void
--writeset(const char *prefix, dns_rdatatype_t type) {
-- char *filename;
-- char namestr[DNS_NAME_FORMATSIZE];
-- dns_db_t *db = NULL;
-- dns_dbversion_t *version = NULL;
-- dns_diff_t diff;
-- dns_difftuple_t *tuple = NULL;
-- dns_fixedname_t fixed;
-- dns_name_t *name;
-- dns_rdata_t rdata, ds;
-- isc_boolean_t have_ksk = ISC_FALSE;
-- isc_boolean_t have_non_ksk = ISC_FALSE;
-- isc_buffer_t b;
-- isc_buffer_t namebuf;
-- isc_region_t r;
-- isc_result_t result;
-- dns_dnsseckey_t *key;
-- unsigned char dsbuf[DNS_DS_BUFFERSIZE];
-- unsigned char keybuf[DST_KEY_MAXSIZE];
-- unsigned int filenamelen;
-- const dns_master_style_t *style =
-- (type == dns_rdatatype_dnskey) ? masterstyle : dsstyle;
--
-- isc_buffer_init(&namebuf, namestr, sizeof(namestr));
-- result = dns_name_tofilenametext(gorigin, ISC_FALSE, &namebuf);
-- check_result(result, "dns_name_tofilenametext");
-- isc_buffer_putuint8(&namebuf, 0);
-- filenamelen = strlen(prefix) + strlen(namestr);
-- if (dsdir != NULL)
-- filenamelen += strlen(dsdir) + 1;
-- filename = isc_mem_get(mctx, filenamelen + 1);
-- if (filename == NULL)
-- fatal("out of memory");
-- if (dsdir != NULL)
-- sprintf(filename, "%s/", dsdir);
-- else
-- filename[0] = 0;
-- strcat(filename, prefix);
-- strcat(filename, namestr);
--
-- dns_diff_init(mctx, &diff);
--
-- for (key = ISC_LIST_HEAD(keylist);
-- key != NULL;
-- key = ISC_LIST_NEXT(key, link))
-- if (!isksk(key)) {
-- have_non_ksk = ISC_TRUE;
-- break;
-- }
--
-- for (key = ISC_LIST_HEAD(keylist);
-- key != NULL;
-- key = ISC_LIST_NEXT(key, link))
-- if (isksk(key)) {
-- have_ksk = ISC_TRUE;
-- break;
-- }
--
-- if (type == dns_rdatatype_dlv) {
-- dns_name_t tname;
-- unsigned int labels;
--
-- dns_name_init(&tname, NULL);
-- dns_fixedname_init(&fixed);
-- name = dns_fixedname_name(&fixed);
-- labels = dns_name_countlabels(gorigin);
-- dns_name_getlabelsequence(gorigin, 0, labels - 1, &tname);
-- result = dns_name_concatenate(&tname, dlv, name, NULL);
-- check_result(result, "dns_name_concatenate");
-- } else
-- name = gorigin;
--
-- for (key = ISC_LIST_HEAD(keylist);
-- key != NULL;
-- key = ISC_LIST_NEXT(key, link))
-- {
-- if (have_ksk && have_non_ksk && !isksk(key))
-- continue;
-- dns_rdata_init(&rdata);
-- dns_rdata_init(&ds);
-- isc_buffer_init(&b, keybuf, sizeof(keybuf));
-- result = dst_key_todns(key->key, &b);
-- check_result(result, "dst_key_todns");
-- isc_buffer_usedregion(&b, &r);
-- dns_rdata_fromregion(&rdata, gclass, dns_rdatatype_dnskey, &r);
-- if (type != dns_rdatatype_dnskey) {
-- result = dns_ds_buildrdata(gorigin, &rdata,
-- DNS_DSDIGEST_SHA1,
-- dsbuf, &ds);
-- check_result(result, "dns_ds_buildrdata");
-- if (type == dns_rdatatype_dlv)
-- ds.type = dns_rdatatype_dlv;
-- result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
-- name, 0, &ds, &tuple);
-- check_result(result, "dns_difftuple_create");
-- dns_diff_append(&diff, &tuple);
--
-- dns_rdata_reset(&ds);
-- result = dns_ds_buildrdata(gorigin, &rdata,
-- DNS_DSDIGEST_SHA256,
-- dsbuf, &ds);
-- check_result(result, "dns_ds_buildrdata");
-- if (type == dns_rdatatype_dlv)
-- ds.type = dns_rdatatype_dlv;
-- result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
-- name, 0, &ds, &tuple);
--
-- } else
-- result = dns_difftuple_create(mctx, DNS_DIFFOP_ADD,
-- gorigin, zone_soa_min_ttl,
-- &rdata, &tuple);
-- check_result(result, "dns_difftuple_create");
-- dns_diff_append(&diff, &tuple);
-- }
--
-- result = dns_db_create(mctx, "rbt", dns_rootname, dns_dbtype_zone,
-- gclass, 0, NULL, &db);
-- check_result(result, "dns_db_create");
--
-- result = dns_db_newversion(db, &version);
-- check_result(result, "dns_db_newversion");
--
-- result = dns_diff_apply(&diff, db, version);
-- check_result(result, "dns_diff_apply");
-- dns_diff_clear(&diff);
--
-- result = dns_master_dump(mctx, db, version, style, filename);
-- check_result(result, "dns_master_dump");
--
-- isc_mem_put(mctx, filename, filenamelen + 1);
--
-- dns_db_closeversion(db, &version, ISC_FALSE);
-- dns_db_detach(&db);
--}
--
--static void
--print_time(FILE *fp) {
-- time_t currenttime;
--
-- if (outputformat != dns_masterformat_text)
-- return;
--
-- currenttime = time(NULL);
-- fprintf(fp, "; File written on %s", ctime(¤ttime));
--}
--
--static void
--print_version(FILE *fp) {
-- if (outputformat != dns_masterformat_text)
-- return;
--
-- fprintf(fp, "; dnssec_signzone version " VERSION "\n");
--}
--
--static void
--usage(void) {
-- fprintf(stderr, "Usage:\n");
-- fprintf(stderr, "\t%s [options] zonefile [keys]\n", program);
--
-- fprintf(stderr, "\n");
--
-- fprintf(stderr, "Version: %s\n", VERSION);
--
-- fprintf(stderr, "Options: (default value in parenthesis) \n");
-- fprintf(stderr, "\t-S:\tsmart signing: automatically finds key\n"
-- "\t\tfiles for the zone and determines they are to\n"
-- "\t\tbe used\n");
-- fprintf(stderr, "\t-K directory:\n");
-- fprintf(stderr, "\t\tdirectory to find key files (.)\n");
-- fprintf(stderr, "\t-d directory:\n");
-- fprintf(stderr, "\t\tdirectory to find dsset files (.)\n");
-- fprintf(stderr, "\t-g:\t");
-- fprintf(stderr, "generate dsset file, and/or include DS records\n"
-- "\t\tfrom child zones' dsset files\n");
-- fprintf(stderr, "\t-s [YYYYMMDDHHMMSS|+offset]:\n");
-- fprintf(stderr, "\t\tRRSIG start time - absolute|offset (now - 1 hour)\n");
-- fprintf(stderr, "\t-e [YYYYMMDDHHMMSS|+offset|\"now\"+offset]:\n");
-- fprintf(stderr, "\t\tRRSIG end time - absolute|from start|from now "
-- "(now + 30 days)\n");
-- fprintf(stderr, "\t-i interval:\n");
-- fprintf(stderr, "\t\tcycle interval - resign "
-- "if < interval from end ( (end-start)/4 )\n");
-- fprintf(stderr, "\t-j jitter:\n");
-- fprintf(stderr, "\t\trandomize signature end time up to jitter seconds\n");
-- fprintf(stderr, "\t-v debuglevel (0)\n");
-- fprintf(stderr, "\t-o origin:\n");
-- fprintf(stderr, "\t\tzone origin (name of zonefile)\n");
-- fprintf(stderr, "\t-f outfile:\n");
-- fprintf(stderr, "\t\tfile the signed zone is written in "
-- "(zonefile + .signed)\n");
-- fprintf(stderr, "\t-I format:\n");
-- fprintf(stderr, "\t\tfile format of input zonefile (text)\n");
-- fprintf(stderr, "\t-O format:\n");
-- fprintf(stderr, "\t\tfile format of signed zone file (text)\n");
-- fprintf(stderr, "\t-N format:\n");
-- fprintf(stderr, "\t\tsoa serial format of signed zone file (keep)\n");
-- fprintf(stderr, "\t-r randomdev:\n");
-- fprintf(stderr, "\t\ta file containing random data\n");
-- fprintf(stderr, "\t-a:\t");
-- fprintf(stderr, "verify generated signatures\n");
-- fprintf(stderr, "\t-c class (IN)\n");
-- fprintf(stderr, "\t-p:\t");
-- fprintf(stderr, "use pseudorandom data (faster but less secure)\n");
-- fprintf(stderr, "\t-P:\t");
-- fprintf(stderr, "disable post-sign verification\n");
-- fprintf(stderr, "\t-T TTL:\tTTL for newly added DNSKEYs");
-- fprintf(stderr, "\t-t:\t");
-- fprintf(stderr, "print statistics\n");
-- fprintf(stderr, "\t-C:\tgenerate a keyset file, for compatibility\n"
-- "\t\twith older versions of dnssec-signzone -g\n");
-- fprintf(stderr, "\t-n ncpus (number of cpus present)\n");
-- fprintf(stderr, "\t-k key_signing_key\n");
-- fprintf(stderr, "\t-l lookasidezone\n");
-- fprintf(stderr, "\t-3 salt (NSEC3 salt)\n");
-- fprintf(stderr, "\t-H iterations (NSEC3 iterations)\n");
-- fprintf(stderr, "\t-A (NSEC3 optout)\n");
-- fprintf(stderr, "\t-z:\t");
-- fprintf(stderr, "ignore KSK flag in DNSKEYs");
--
-- fprintf(stderr, "\n");
--
-- fprintf(stderr, "Signing Keys: ");
-- fprintf(stderr, "(default: all zone keys that have private keys)\n");
-- fprintf(stderr, "\tkeyfile (Kname+alg+tag)\n");
-- exit(0);
--}
--
--static void
--removetempfile(void) {
-- if (removefile)
-- isc_file_remove(tempfile);
--}
--
--static void
--print_stats(isc_time_t *timer_start, isc_time_t *timer_finish) {
-- isc_uint64_t runtime_us; /* Runtime in microseconds */
-- isc_uint64_t runtime_ms; /* Runtime in milliseconds */
-- isc_uint64_t sig_ms; /* Signatures per millisecond */
--
-- runtime_us = isc_time_microdiff(timer_finish, timer_start);
--
-- printf("Signatures generated: %10d\n", nsigned);
-- printf("Signatures retained: %10d\n", nretained);
-- printf("Signatures dropped: %10d\n", ndropped);
-- printf("Signatures successfully verified: %10d\n", nverified);
-- printf("Signatures unsuccessfully verified: %10d\n", nverifyfailed);
-- runtime_ms = runtime_us / 1000;
-- printf("Runtime in seconds: %7u.%03u\n",
-- (unsigned int) (runtime_ms / 1000),
-- (unsigned int) (runtime_ms % 1000));
-- if (runtime_us > 0) {
-- sig_ms = ((isc_uint64_t)nsigned * 1000000000) / runtime_us;
-- printf("Signatures per second: %7u.%03u\n",
-- (unsigned int) sig_ms / 1000,
-- (unsigned int) sig_ms % 1000);
-- }
--}
--
--int
--main(int argc, char *argv[]) {
-- int i, ch;
-- char *startstr = NULL, *endstr = NULL, *classname = NULL;
-- char *origin = NULL, *file = NULL, *output = NULL;
-- char *inputformatstr = NULL, *outputformatstr = NULL;
-- char *serialformatstr = NULL;
-- char *dskeyfile[MAXDSKEYS];
-- int ndskeys = 0;
-- char *endp;
-- isc_time_t timer_start, timer_finish;
-- dns_dnsseckey_t *key;
-- isc_result_t result;
-- isc_log_t *log = NULL;
-- isc_boolean_t pseudorandom = ISC_FALSE;
-- unsigned int eflags;
-- isc_boolean_t free_output = ISC_FALSE;
-- int tempfilelen;
-- dns_rdataclass_t rdclass;
-- isc_task_t **tasks = NULL;
-- isc_buffer_t b;
-- int len;
-- unsigned int iterations = 100U;
-- const unsigned char *salt = NULL;
-- size_t salt_length = 0;
-- unsigned char saltbuf[255];
-- hashlist_t hashlist;
-- isc_boolean_t smartsign = ISC_FALSE;
-- isc_boolean_t make_keyset = ISC_FALSE;
--
--#define CMDLINE_FLAGS "3:AaCc:Dd:e:f:FghH:i:I:j:K:k:l:m:n:N:o:O:pPr:s:ST:tUv:z"
--
-- /*
-- * Process memory debugging argument first.
-- */
-- while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
-- switch (ch) {
-- case 'm':
-- if (strcasecmp(isc_commandline_argument, "record") == 0)
-- isc_mem_debugging |= ISC_MEM_DEBUGRECORD;
-- if (strcasecmp(isc_commandline_argument, "trace") == 0)
-- isc_mem_debugging |= ISC_MEM_DEBUGTRACE;
-- if (strcasecmp(isc_commandline_argument, "usage") == 0)
-- isc_mem_debugging |= ISC_MEM_DEBUGUSAGE;
-- if (strcasecmp(isc_commandline_argument, "size") == 0)
-- isc_mem_debugging |= ISC_MEM_DEBUGSIZE;
-- if (strcasecmp(isc_commandline_argument, "mctx") == 0)
-- isc_mem_debugging |= ISC_MEM_DEBUGCTX;
-- break;
-- default:
-- break;
-- }
-- }
-- isc_commandline_reset = ISC_TRUE;
--
-- masterstyle = &dns_master_style_explicitttl;
--
-- check_result(isc_app_start(), "isc_app_start");
--
-- result = isc_mem_create(0, 0, &mctx);
-- if (result != ISC_R_SUCCESS)
-- fatal("out of memory");
--
-- dns_result_register();
--
-- isc_commandline_errprint = ISC_FALSE;
--
-- while ((ch = isc_commandline_parse(argc, argv, CMDLINE_FLAGS)) != -1) {
-- switch (ch) {
-- case '3':
-- if (strcmp(isc_commandline_argument, "-")) {
-- isc_buffer_t target;
-- char *sarg;
--
-- sarg = isc_commandline_argument;
-- isc_buffer_init(&target, saltbuf,
-- sizeof(saltbuf));
-- result = isc_hex_decodestring(sarg, &target);
-- check_result(result,
-- "isc_hex_decodestring(salt)");
-- salt = saltbuf;
-- salt_length = isc_buffer_usedlength(&target);
-- } else {
-- salt = saltbuf;
-- salt_length = 0;
-- }
-- nsec_datatype = dns_rdatatype_nsec3;
-- break;
--
-- case 'A':
-- nsec3flags |= DNS_NSEC3FLAG_OPTOUT;
-- break;
--
-- case 'a':
-- tryverify = ISC_TRUE;
-- break;
--
-- case 'C':
-- make_keyset = ISC_TRUE;
-- break;
--
-- case 'c':
-- classname = isc_commandline_argument;
-- break;
--
-- case 'd':
-- dsdir = isc_commandline_argument;
-- if (strlen(dsdir) == 0U)
-- fatal("DS directory must be non-empty string");
-- break;
--
-- case 'K':
-- directory = isc_commandline_argument;
-- break;
--
-- case 'e':
-- endstr = isc_commandline_argument;
-- break;
--
-- case 'f':
-- output = isc_commandline_argument;
-- break;
--
-- case 'g':
-- generateds = ISC_TRUE;
-- break;
--
-- case 'H':
-- iterations = strtoul(isc_commandline_argument,
-- &endp, 0);
-- if (*endp != '\0')
-- fatal("iterations must be numeric");
-- if (iterations > 0xffffU)
-- fatal("iterations too big");
-- break;
--
-- case 'h':
-- usage();
-- break;
--
-- case 'i':
-- endp = NULL;
-- cycle = strtol(isc_commandline_argument, &endp, 0);
-- if (*endp != '\0' || cycle < 0)
-- fatal("cycle period must be numeric and "
-- "positive");
-- break;
--
-- case 'I':
-- inputformatstr = isc_commandline_argument;
-- break;
--
-- case 'j':
-- endp = NULL;
-- jitter = strtol(isc_commandline_argument, &endp, 0);
-- if (*endp != '\0' || jitter < 0)
-- fatal("jitter must be numeric and positive");
-- break;
--
-- case 'k':
-- if (ndskeys == MAXDSKEYS)
-- fatal("too many key-signing keys specified");
-- dskeyfile[ndskeys++] = isc_commandline_argument;
-- break;
--
-- case 'l':
-- len = strlen(isc_commandline_argument);
-- isc_buffer_init(&b, isc_commandline_argument, len);
-- isc_buffer_add(&b, len);
--
-- dns_fixedname_init(&dlv_fixed);
-- dlv = dns_fixedname_name(&dlv_fixed);
-- result = dns_name_fromtext(dlv, &b, dns_rootname, 0,
-- NULL);
-- check_result(result, "dns_name_fromtext(dlv)");
-- break;
--
-- case 'm':
-- break;
--
-- case 'n':
-- endp = NULL;
-- ntasks = strtol(isc_commandline_argument, &endp, 0);
-- if (*endp != '\0' || ntasks > ISC_INT32_MAX)
-- fatal("number of cpus must be numeric");
-- break;
--
-- case 'N':
-- serialformatstr = isc_commandline_argument;
-- break;
--
-- case 'o':
-- origin = isc_commandline_argument;
-- break;
--
-- case 'O':
-- outputformatstr = isc_commandline_argument;
-- break;
--
-- case 'p':
-- pseudorandom = ISC_TRUE;
-- break;
--
-- case 'P':
-- disable_zone_check = ISC_TRUE;
-- break;
--
-- case 'r':
-- setup_entropy(mctx, isc_commandline_argument, &ectx);
-- break;
--
-- case 's':
-- startstr = isc_commandline_argument;
-- break;
--
-- case 'S':
-- smartsign = ISC_TRUE;
-- generateds = ISC_TRUE;
-- break;
--
-- case 'T':
-- endp = NULL;
-- set_keyttl = ISC_TRUE;
-- keyttl = strtottl(isc_commandline_argument);
-- break;
--
-- case 't':
-- printstats = ISC_TRUE;
-- break;
--
-- case 'U': /* Undocumented for testing only. */
-- unknownalg = ISC_TRUE;
-- break;
--
-- case 'v':
-- endp = NULL;
-- verbose = strtol(isc_commandline_argument, &endp, 0);
-- if (*endp != '\0')
-- fatal("verbose level must be numeric");
-- break;
--
-- case 'z':
-- ignore_kskflag = ISC_TRUE;
-- break;
--
-- case 'F':
-- /* Reserved for FIPS mode */
-- /* FALLTHROUGH */
-- case '?':
-- if (isc_commandline_option != '?')
-- fprintf(stderr, "%s: invalid argument -%c\n",
-- program, isc_commandline_option);
-- usage();
-- break;
--
-- default:
-- fprintf(stderr, "%s: unhandled option -%c\n",
-- program, isc_commandline_option);
-- exit(1);
-- }
-- }
--
-- if (ectx == NULL)
-- setup_entropy(mctx, NULL, &ectx);
-- eflags = ISC_ENTROPY_BLOCKING;
-- if (!pseudorandom)
-- eflags |= ISC_ENTROPY_GOODONLY;
--
-- result = isc_hash_create(mctx, ectx, DNS_NAME_MAXWIRE);
-- if (result != ISC_R_SUCCESS)
-- fatal("could not create hash context");
--
-- result = dst_lib_init(mctx, ectx, eflags);
-- if (result != ISC_R_SUCCESS)
-- fatal("could not initialize dst");
--
-- isc_stdtime_get(&now);
--
-- if (startstr != NULL) {
-- starttime = strtotime(startstr, now, now);
-- } else
-- starttime = now - 3600; /* Allow for some clock skew. */
--
-- if (endstr != NULL) {
-- endtime = strtotime(endstr, now, starttime);
-- } else
-- endtime = starttime + (30 * 24 * 60 * 60);
--
-- if (cycle == -1)
-- cycle = (endtime - starttime) / 4;
--
-- if (ntasks == 0)
-- ntasks = isc_os_ncpus() * 2;
-- vbprintf(4, "using %d cpus\n", ntasks);
--
-- rdclass = strtoclass(classname);
--
-- if (directory == NULL)
-- directory = ".";
--
-- setup_logging(verbose, mctx, &log);
--
-- argc -= isc_commandline_index;
-- argv += isc_commandline_index;
--
-- if (argc < 1)
-- usage();
--
-- file = argv[0];
--
-- argc -= 1;
-- argv += 1;
--
-- if (origin == NULL)
-- origin = file;
--
-- if (output == NULL) {
-- free_output = ISC_TRUE;
-- output = isc_mem_allocate(mctx,
-- strlen(file) + strlen(".signed") + 1);
-- if (output == NULL)
-- fatal("out of memory");
-- sprintf(output, "%s.signed", file);
-- }
--
-- if (inputformatstr != NULL) {
-- if (strcasecmp(inputformatstr, "text") == 0)
-- inputformat = dns_masterformat_text;
-- else if (strcasecmp(inputformatstr, "raw") == 0)
-- inputformat = dns_masterformat_raw;
-- else
-- fatal("unknown file format: %s\n", inputformatstr);
-- }
--
-- if (outputformatstr != NULL) {
-- if (strcasecmp(outputformatstr, "text") == 0)
-- outputformat = dns_masterformat_text;
-- else if (strcasecmp(outputformatstr, "raw") == 0)
-- outputformat = dns_masterformat_raw;
-- else
-- fatal("unknown file format: %s\n", outputformatstr);
-- }
--
-- if (serialformatstr != NULL) {
-- if (strcasecmp(serialformatstr, "keep") == 0)
-- serialformat = SOA_SERIAL_KEEP;
-- else if (strcasecmp(serialformatstr, "increment") == 0 ||
-- strcasecmp(serialformatstr, "incr") == 0)
-- serialformat = SOA_SERIAL_INCREMENT;
-- else if (strcasecmp(serialformatstr, "unixtime") == 0)
-- serialformat = SOA_SERIAL_UNIXTIME;
-- else
-- fatal("unknown soa serial format: %s\n", serialformatstr);
-- }
--
-- result = dns_master_stylecreate(&dsstyle, DNS_STYLEFLAG_NO_TTL,
-- 0, 24, 0, 0, 0, 8, mctx);
-- check_result(result, "dns_master_stylecreate");
--
-- gdb = NULL;
-- TIME_NOW(&timer_start);
-- loadzone(file, origin, rdclass, &gdb);
-- gorigin = dns_db_origin(gdb);
-- gclass = dns_db_class(gdb);
-- get_soa_ttls();
--
-- if (!set_keyttl)
-- keyttl = soa_ttl;
--
-- if (IS_NSEC3) {
-- isc_boolean_t answer;
-- hash_length = dns_nsec3_hashlength(dns_hash_sha1);
-- hashlist_init(&hashlist, dns_db_nodecount(gdb) * 2,
-- hash_length);
-- result = dns_nsec_nseconly(gdb, gversion, &answer);
-- check_result(result, "dns_nsec_nseconly");
-- if (answer)
-- fatal("NSEC3 generation requested with "
-- "NSEC only DNSKEY");
-- }
--
-- /*
-- * We need to do this early on, as we start messing with the list
-- * of keys rather early.
-- */
-- ISC_LIST_INIT(keylist);
-- isc_rwlock_init(&keylist_lock, 0, 0);
--
- if (argc == 0)
- if (argc == 0) {
-- loadzonekeys(gdb);
-
- for (i = 0; i < argc; i++) {
- dst_key_t *newkey = NULL;
- } else {
- for (i = 0; i < argc; i++) {
- dst_key_t *newkey = NULL;
--
- result = dst_key_fromnamedfile(argv[i], directory,
- DST_TYPE_PUBLIC |
- DST_TYPE_PRIVATE,
- mctx, &newkey);
- if (result != ISC_R_SUCCESS)
- fatal("cannot load dnskey %s: %s", argv[i],
- isc_result_totext(result));
- result = dst_key_fromnamedfile(argv[i], directory,
- DST_TYPE_PUBLIC |
- DST_TYPE_PRIVATE,
- mctx, &newkey);
- if (result != ISC_R_SUCCESS)
- fatal("cannot load dnskey %s: %s", argv[i],
- isc_result_totext(result));
--
- if (!dns_name_equal(gorigin, dst_key_name(newkey)))
- fatal("key %s not at origin\n", argv[i]);
- if (!dns_name_equal(gorigin, dst_key_name(newkey)))
- fatal("key %s not at origin\n", argv[i]);
--
- /* Skip any duplicates */
- for (key = ISC_LIST_HEAD(keylist);
- key != NULL;
- key = ISC_LIST_NEXT(key, link)) {
- dst_key_t *dkey = key->key;
- if (dst_key_id(dkey) == dst_key_id(newkey) &&
- dst_key_alg(dkey) == dst_key_alg(newkey) &&
- dns_name_equal(dst_key_name(dkey), gorigin)) {
- if (!dst_key_isprivate(dkey))
- fatal("cannot sign zone with "
- "non-private dnskey %s",
- argv[i]);
- break;
- key = ISC_LIST_HEAD(keylist);
- while (key != NULL) {
- dst_key_t *dkey = key->key;
- if (dst_key_id(dkey) == dst_key_id(newkey) &&
- dst_key_alg(dkey) == dst_key_alg(newkey) &&
- dns_name_equal(dst_key_name(dkey),
- dst_key_name(newkey)))
- {
- if (!dst_key_isprivate(dkey))
- fatal("cannot sign zone with "
- "non-private dnskey %s",
- argv[i]);
- break;
- }
- key = ISC_LIST_NEXT(key, link);
-- }
- if (key == NULL) {
- dns_dnsseckey_create(mctx, &newkey, &key);
- key->force_publish = ISC_TRUE;
- key->force_sign = ISC_TRUE;
- key->source = dns_keysource_user;
- ISC_LIST_APPEND(keylist, key, link);
- } else
- dst_key_free(&newkey);
-- }
- if (key == NULL) {
- /* We haven't seen this key before */
- dns_dnsseckey_create(mctx, &newkey, &key);
- key->force_publish = ISC_TRUE;
- key->force_sign = ISC_TRUE;
- key->source = dns_keysource_user;
- ISC_LIST_APPEND(keylist, key, link);
- } else
- dst_key_free(&newkey);
- }
--
- if (argc != 0)
-- loadzonepubkeys(gdb);
- }
--
-- for (i = 0; i < ndskeys; i++) {
-- dst_key_t *newkey = NULL;
--
-- result = dst_key_fromnamedfile(dskeyfile[i], directory,
-- DST_TYPE_PUBLIC |
-- DST_TYPE_PRIVATE,
-- mctx, &newkey);
-- if (result != ISC_R_SUCCESS)
-- fatal("cannot load dnskey %s: %s", dskeyfile[i],
-- isc_result_totext(result));
--
-- if (!dns_name_equal(gorigin, dst_key_name(newkey)))
-- fatal("key %s not at origin\n", dskeyfile[i]);
--
- /* Skip any duplicates */
- for (key = ISC_LIST_HEAD(keylist);
- key != NULL;
- key = ISC_LIST_NEXT(key, link)) {
- key = ISC_LIST_HEAD(keylist);
- while (key != NULL) {
-- dst_key_t *dkey = key->key;
-- if (dst_key_id(dkey) == dst_key_id(newkey) &&
-- dst_key_alg(dkey) == dst_key_alg(newkey) &&
- dns_name_equal(dst_key_name(dkey), gorigin)) {
- /*
- * Key was already in keylist, but we
- * must make sure it has the right
- * dnsseckey flags.
- */
- key->ksk = ISC_TRUE;
- dns_name_equal(dst_key_name(dkey),
- dst_key_name(newkey)))
- {
- /* Override key flags. */
-- key->force_publish = ISC_TRUE;
-- key->force_sign = ISC_TRUE;
-- key->source = dns_keysource_user;
- dst_key_free(&newkey);
- key->ksk = ISC_TRUE;
- dst_key_free(&dkey);
- key->key = newkey;
-- break;
-- }
- key = ISC_LIST_NEXT(key, link);
-- }
-- if (key == NULL) {
- /* We haven't seen this key before */
- /* Override dnskey flags. */
-- dns_dnsseckey_create(mctx, &newkey, &key);
- key->ksk = ISC_TRUE;
-- key->force_publish = ISC_TRUE;
-- key->force_sign = ISC_TRUE;
-- key->source = dns_keysource_user;
- key->ksk = ISC_TRUE;
-- ISC_LIST_APPEND(keylist, key, link);
-- }
-- }
--
-- /*
-- * If we're doing smart signing, look in the key repository for
-- * key files with metadata, and merge them with the keylist
-- * we have now.
-- */
-- if (smartsign)
-- build_final_keylist(gdb, directory, mctx);
--
-- /* Now enumerate the key list */
-- for (key = ISC_LIST_HEAD(keylist);
-- key != NULL;
-- key = ISC_LIST_NEXT(key, link)) {
-- key->index = keycount++;
-- }
--
-- if (keycount == 0) {
-- if (disable_zone_check)
-- fprintf(stderr, "%s: warning: No keys specified "
-- "or found\n", program);
-- else
-- fatal("No signing keys specified or found.");
-- nokeys = ISC_TRUE;
-- }
--
-- if (IS_NSEC3) {
-- unsigned int max;
-- result = dns_nsec3_maxiterations(gdb, NULL, mctx, &max);
-- check_result(result, "dns_nsec3_maxiterations()");
-- if (iterations > max)
-- fatal("NSEC3 iterations too big for weakest DNSKEY "
-- "strength. Maximum iterations allowed %u.", max);
-- }
--
-- warnifallksk(gdb);
--
-- gversion = NULL;
-- result = dns_db_newversion(gdb, &gversion);
-- check_result(result, "dns_db_newversion()");
--
-- switch (serialformat) {
-- case SOA_SERIAL_INCREMENT:
-- setsoaserial(0);
-- break;
-- case SOA_SERIAL_UNIXTIME:
-- setsoaserial(now);
-- break;
-- case SOA_SERIAL_KEEP:
-- default:
-- /* do nothing */
-- break;
-- }
--
-- if (IS_NSEC3)
-- nsec3ify(dns_hash_sha1, iterations, salt, salt_length,
-- &hashlist);
-- else
-- nsecify();
--
-- if (!nokeys) {
-- writeset("dsset-", dns_rdatatype_ds);
-- if (make_keyset)
-- writeset("keyset-", dns_rdatatype_dnskey);
-- if (dlv != NULL) {
-- writeset("dlvset-", dns_rdatatype_dlv);
-- }
-- }
--
-- tempfilelen = strlen(output) + 20;
-- tempfile = isc_mem_get(mctx, tempfilelen);
-- if (tempfile == NULL)
-- fatal("out of memory");
--
-- result = isc_file_mktemplate(output, tempfile, tempfilelen);
-- check_result(result, "isc_file_mktemplate");
--
-- fp = NULL;
-- result = isc_file_openunique(tempfile, &fp);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to open temporary output file: %s",
-- isc_result_totext(result));
-- removefile = ISC_TRUE;
-- setfatalcallback(&removetempfile);
--
-- print_time(fp);
-- print_version(fp);
--
-- result = isc_taskmgr_create(mctx, ntasks, 0, &taskmgr);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to create task manager: %s",
-- isc_result_totext(result));
--
-- master = NULL;
-- result = isc_task_create(taskmgr, 0, &master);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to create task: %s", isc_result_totext(result));
--
-- tasks = isc_mem_get(mctx, ntasks * sizeof(isc_task_t *));
-- if (tasks == NULL)
-- fatal("out of memory");
-- for (i = 0; i < (int)ntasks; i++) {
-- tasks[i] = NULL;
-- result = isc_task_create(taskmgr, 0, &tasks[i]);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to create task: %s",
-- isc_result_totext(result));
-- }
--
-- RUNTIME_CHECK(isc_mutex_init(&namelock) == ISC_R_SUCCESS);
-- if (printstats)
-- RUNTIME_CHECK(isc_mutex_init(&statslock) == ISC_R_SUCCESS);
--
-- presign();
-- signapex();
-- if (!finished) {
-- /*
-- * There is more work to do. Spread it out over multiple
-- * processors if possible.
-- */
-- for (i = 0; i < (int)ntasks; i++) {
-- result = isc_app_onrun(mctx, master, startworker,
-- tasks[i]);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to start task: %s",
-- isc_result_totext(result));
-- }
-- (void)isc_app_run();
-- if (!finished)
-- fatal("process aborted by user");
-- } else
-- isc_task_detach(&master);
-- shuttingdown = ISC_TRUE;
-- for (i = 0; i < (int)ntasks; i++)
-- isc_task_detach(&tasks[i]);
-- isc_taskmgr_destroy(&taskmgr);
-- isc_mem_put(mctx, tasks, ntasks * sizeof(isc_task_t *));
-- postsign();
-- verifyzone();
--
-- if (outputformat != dns_masterformat_text) {
-- result = dns_master_dumptostream2(mctx, gdb, gversion,
-- masterstyle, outputformat,
-- fp);
-- check_result(result, "dns_master_dumptostream2");
-- }
--
-- result = isc_stdio_close(fp);
-- check_result(result, "isc_stdio_close");
-- removefile = ISC_FALSE;
--
-- result = isc_file_rename(tempfile, output);
-- if (result != ISC_R_SUCCESS)
-- fatal("failed to rename temp file to %s: %s\n",
-- output, isc_result_totext(result));
--
-- DESTROYLOCK(&namelock);
-- if (printstats)
-- DESTROYLOCK(&statslock);
--
-- printf("%s\n", output);
--
-- dns_db_closeversion(gdb, &gversion, ISC_FALSE);
-- dns_db_detach(&gdb);
--
-- while (!ISC_LIST_EMPTY(keylist)) {
-- key = ISC_LIST_HEAD(keylist);
-- ISC_LIST_UNLINK(keylist, key, link);
-- dns_dnsseckey_destroy(mctx, &key);
-- }
--
-- isc_mem_put(mctx, tempfile, tempfilelen);
--
-- if (free_output)
-- isc_mem_free(mctx, output);
--
-- dns_master_styledestroy(&dsstyle, mctx);
--
-- cleanup_logging(&log);
-- dst_lib_destroy();
-- isc_hash_destroy();
-- cleanup_entropy(&ectx);
-- dns_name_destroy();
-- if (verbose > 10)
-- isc_mem_stats(mctx, stdout);
-- isc_mem_destroy(&mctx);
--
-- (void) isc_app_finish();
--
-- if (printstats) {
-- TIME_NOW(&timer_finish);
-- print_stats(&timer_start, &timer_finish);
-- }
--
-- return (0);
--}
+++ /dev/null
--<!DOCTYPE book PUBLIC "-//OASIS//DTD DocBook XML V4.2//EN"
-- "http://www.oasis-open.org/docbook/xml/4.2/docbookx.dtd"
-- [<!ENTITY mdash "—">]>
--<!--
-- - Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
-- - Copyright (C) 2000-2003 Internet Software Consortium.
-- -
-- - Permission to use, copy, modify, and/or distribute this software for any
-- - purpose with or without fee is hereby granted, provided that the above
-- - copyright notice and this permission notice appear in all copies.
-- -
-- - THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-- - REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-- - AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-- - INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-- - LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-- - OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-- - PERFORMANCE OF THIS SOFTWARE.
---->
--
--<!-- $Id: dnssec-signzone.docbook,v 1.36 2009/09/02 06:29:00 each Exp $ -->
--<refentry id="man.dnssec-signzone">
-- <refentryinfo>
-- <date>June 05, 2009</date>
-- </refentryinfo>
--
-- <refmeta>
-- <refentrytitle><application>dnssec-signzone</application></refentrytitle>
-- <manvolnum>8</manvolnum>
-- <refmiscinfo>BIND9</refmiscinfo>
-- </refmeta>
--
-- <refnamediv>
-- <refname><application>dnssec-signzone</application></refname>
-- <refpurpose>DNSSEC zone signing tool</refpurpose>
-- </refnamediv>
--
-- <docinfo>
-- <copyright>
-- <year>2004</year>
-- <year>2005</year>
-- <year>2006</year>
-- <year>2007</year>
-- <year>2008</year>
-- <year>2009</year>
-- <holder>Internet Systems Consortium, Inc. ("ISC")</holder>
-- </copyright>
-- <copyright>
-- <year>2000</year>
-- <year>2001</year>
-- <year>2002</year>
-- <year>2003</year>
-- <holder>Internet Software Consortium.</holder>
-- </copyright>
-- </docinfo>
--
-- <refsynopsisdiv>
-- <cmdsynopsis>
-- <command>dnssec-signzone</command>
-- <arg><option>-a</option></arg>
-- <arg><option>-c <replaceable class="parameter">class</replaceable></option></arg>
-- <arg><option>-d <replaceable class="parameter">directory</replaceable></option></arg>
-- <arg><option>-e <replaceable class="parameter">end-time</replaceable></option></arg>
-- <arg><option>-f <replaceable class="parameter">output-file</replaceable></option></arg>
-- <arg><option>-g</option></arg>
-- <arg><option>-h</option></arg>
-- <arg><option>-K <replaceable class="parameter">directory</replaceable></option></arg>
-- <arg><option>-k <replaceable class="parameter">key</replaceable></option></arg>
-- <arg><option>-l <replaceable class="parameter">domain</replaceable></option></arg>
-- <arg><option>-i <replaceable class="parameter">interval</replaceable></option></arg>
-- <arg><option>-I <replaceable class="parameter">input-format</replaceable></option></arg>
-- <arg><option>-j <replaceable class="parameter">jitter</replaceable></option></arg>
-- <arg><option>-N <replaceable class="parameter">soa-serial-format</replaceable></option></arg>
-- <arg><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
-- <arg><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
-- <arg><option>-p</option></arg>
-- <arg><option>-P</option></arg>
-- <arg><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
-- <arg><option>-S</option></arg>
-- <arg><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
-- <arg><option>-T <replaceable class="parameter">ttl</replaceable></option></arg>
-- <arg><option>-t</option></arg>
-- <arg><option>-v <replaceable class="parameter">level</replaceable></option></arg>
-- <arg><option>-z</option></arg>
-- <arg><option>-3 <replaceable class="parameter">salt</replaceable></option></arg>
-- <arg><option>-H <replaceable class="parameter">iterations</replaceable></option></arg>
-- <arg><option>-A</option></arg>
-- <arg choice="req">zonefile</arg>
-- <arg rep="repeat">key</arg>
-- </cmdsynopsis>
-- </refsynopsisdiv>
--
-- <refsect1>
-- <title>DESCRIPTION</title>
-- <para><command>dnssec-signzone</command>
-- signs a zone. It generates
-- NSEC and RRSIG records and produces a signed version of the
-- zone. The security status of delegations from the signed zone
-- (that is, whether the child zones are secure or not) is
-- determined by the presence or absence of a
-- <filename>keyset</filename> file for each child zone.
-- </para>
-- </refsect1>
--
-- <refsect1>
-- <title>OPTIONS</title>
--
-- <variablelist>
-- <varlistentry>
-- <term>-a</term>
-- <listitem>
-- <para>
-- Verify all generated signatures.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-c <replaceable class="parameter">class</replaceable></term>
-- <listitem>
-- <para>
-- Specifies the DNS class of the zone.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-C</term>
-- <listitem>
-- <para>
-- Compatibility mode: Generate a
-- <filename>keyset-<replaceable>zonename</replaceable></filename>
-- file in addition to
-- <filename>dsset-<replaceable>zonename</replaceable></filename>
-- when signing a zone, for use by older versions of
-- <command>dnssec-signzone</command>.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-d <replaceable class="parameter">directory</replaceable></term>
-- <listitem>
-- <para>
-- Look for <filename>dsset-</filename> or
-- <filename>keyset-</filename> files in <option>directory</option>.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-g</term>
-- <listitem>
-- <para>
-- Generate DS records for child zones from
-- <filename>dsset-</filename> or <filename>keyset-</filename>
-- file. Existing DS records will be removed.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-K <replaceable class="parameter">directory</replaceable></term>
-- <listitem>
-- <para>
-- Key repository: Specify a directory to search for DNSSEC keys.
-- If not specified, defaults to the current directory.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-k <replaceable class="parameter">key</replaceable></term>
-- <listitem>
-- <para>
-- Treat specified key as a key signing key ignoring any
-- key flags. This option may be specified multiple times.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-l <replaceable class="parameter">domain</replaceable></term>
-- <listitem>
-- <para>
-- Generate a DLV set in addition to the key (DNSKEY) and DS sets.
-- The domain is appended to the name of the records.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-s <replaceable class="parameter">start-time</replaceable></term>
-- <listitem>
-- <para>
-- Specify the date and time when the generated RRSIG records
-- become valid. This can be either an absolute or relative
-- time. An absolute start time is indicated by a number
-- in YYYYMMDDHHMMSS notation; 20000530144500 denotes
-- 14:45:00 UTC on May 30th, 2000. A relative start time is
-- indicated by +N, which is N seconds from the current time.
-- If no <option>start-time</option> is specified, the current
-- time minus 1 hour (to allow for clock skew) is used.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-e <replaceable class="parameter">end-time</replaceable></term>
-- <listitem>
-- <para>
-- Specify the date and time when the generated RRSIG records
-- expire. As with <option>start-time</option>, an absolute
-- time is indicated in YYYYMMDDHHMMSS notation. A time relative
-- to the start time is indicated with +N, which is N seconds from
-- the start time. A time relative to the current time is
-- indicated with now+N. If no <option>end-time</option> is
-- specified, 30 days from the start time is used as a default.
-- <option>end-time</option> must be later than
-- <option>start-time</option>.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-f <replaceable class="parameter">output-file</replaceable></term>
-- <listitem>
-- <para>
-- The name of the output file containing the signed zone. The
-- default is to append <filename>.signed</filename> to
-- the
-- input filename.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-h</term>
-- <listitem>
-- <para>
-- Prints a short summary of the options and arguments to
-- <command>dnssec-signzone</command>.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-i <replaceable class="parameter">interval</replaceable></term>
-- <listitem>
-- <para>
-- When a previously-signed zone is passed as input, records
-- may be resigned. The <option>interval</option> option
-- specifies the cycle interval as an offset from the current
-- time (in seconds). If a RRSIG record expires after the
-- cycle interval, it is retained. Otherwise, it is considered
-- to be expiring soon, and it will be replaced.
-- </para>
-- <para>
-- The default cycle interval is one quarter of the difference
-- between the signature end and start times. So if neither
-- <option>end-time</option> or <option>start-time</option>
-- are specified, <command>dnssec-signzone</command>
-- generates
-- signatures that are valid for 30 days, with a cycle
-- interval of 7.5 days. Therefore, if any existing RRSIG records
-- are due to expire in less than 7.5 days, they would be
-- replaced.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-I <replaceable class="parameter">input-format</replaceable></term>
-- <listitem>
-- <para>
-- The format of the input zone file.
-- Possible formats are <command>"text"</command> (default)
-- and <command>"raw"</command>.
-- This option is primarily intended to be used for dynamic
-- signed zones so that the dumped zone file in a non-text
-- format containing updates can be signed directly.
-- The use of this option does not make much sense for
-- non-dynamic zones.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-j <replaceable class="parameter">jitter</replaceable></term>
-- <listitem>
-- <para>
-- When signing a zone with a fixed signature lifetime, all
-- RRSIG records issued at the time of signing expires
-- simultaneously. If the zone is incrementally signed, i.e.
-- a previously-signed zone is passed as input to the signer,
-- all expired signatures have to be regenerated at about the
-- same time. The <option>jitter</option> option specifies a
-- jitter window that will be used to randomize the signature
-- expire time, thus spreading incremental signature
-- regeneration over time.
-- </para>
-- <para>
-- Signature lifetime jitter also to some extent benefits
-- validators and servers by spreading out cache expiration,
-- i.e. if large numbers of RRSIGs don't expire at the same time
-- from all caches there will be less congestion than if all
-- validators need to refetch at mostly the same time.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-n <replaceable class="parameter">ncpus</replaceable></term>
-- <listitem>
-- <para>
-- Specifies the number of threads to use. By default, one
-- thread is started for each detected CPU.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-N <replaceable class="parameter">soa-serial-format</replaceable></term>
-- <listitem>
-- <para>
-- The SOA serial number format of the signed zone.
-- Possible formats are <command>"keep"</command> (default),
-- <command>"increment"</command> and
-- <command>"unixtime"</command>.
-- </para>
--
-- <variablelist>
-- <varlistentry>
-- <term><command>"keep"</command></term>
-- <listitem>
-- <para>Do not modify the SOA serial number.</para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term><command>"increment"</command></term>
-- <listitem>
-- <para>Increment the SOA serial number using RFC 1982
-- arithmetics.</para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term><command>"unixtime"</command></term>
-- <listitem>
-- <para>Set the SOA serial number to the number of seconds
-- since epoch.</para>
-- </listitem>
-- </varlistentry>
-- </variablelist>
--
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-o <replaceable class="parameter">origin</replaceable></term>
-- <listitem>
-- <para>
-- The zone origin. If not specified, the name of the zone file
-- is assumed to be the origin.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-O <replaceable class="parameter">output-format</replaceable></term>
-- <listitem>
-- <para>
-- The format of the output file containing the signed zone.
-- Possible formats are <command>"text"</command> (default)
-- and <command>"raw"</command>.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-p</term>
-- <listitem>
-- <para>
-- Use pseudo-random data when signing the zone. This is faster,
-- but less secure, than using real random data. This option
-- may be useful when signing large zones or when the entropy
-- source is limited.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-P</term>
-- <listitem>
-- <para>
-- Disable post sign verification tests.
-- </para>
-- <para>
-- The post sign verification test ensures that for each algorithm
-- in use there is at least one non revoked self signed KSK key,
-- that all revoked KSK keys are self signed, and that all records
-- in the zone are signed by the algorithm.
-- This option skips these tests.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-r <replaceable class="parameter">randomdev</replaceable></term>
-- <listitem>
-- <para>
-- Specifies the source of randomness. If the operating
-- system does not provide a <filename>/dev/random</filename>
-- or equivalent device, the default source of randomness
-- is keyboard input. <filename>randomdev</filename>
-- specifies
-- the name of a character device or file containing random
-- data to be used instead of the default. The special value
-- <filename>keyboard</filename> indicates that keyboard
-- input should be used.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-S</term>
-- <listitem>
-- <para>
-- Smart signing: Instructs <command>dnssec-signzone</command> to
-- search the key repository for keys that match the zone being
-- signed, and to include them in the zone if appropriate.
-- </para>
-- <para>
-- When a key is found, its timing metadata is examined to
-- determine how it should be used, according to the following
-- rules. Each successive rule takes priority over the prior
-- ones:
-- </para>
-- <variablelist>
-- <varlistentry>
-- <listitem>
-- <para>
-- If no timing metadata has been set for the key, the key is
-- published in the zone and used to sign the zone.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <listitem>
-- <para>
-- If the key's publication date is set and is in the past, the
-- key is published in the zone.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <listitem>
-- <para>
-- If the key's activation date is set and in the past, the
-- key is published (regardless of publication date) and
-- used to sign the zone.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <listitem>
-- <para>
-- If the key's revocation date is set and in the past, and the
-- key is published, then the key is revoked, and the revoked key
-- is used to sign the zone.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <listitem>
-- <para>
-- If either of the key's unpublication or deletion dates are set
-- and in the past, the key is NOT published or used to sign the
-- zone, regardless of any other metadata.
-- </para>
-- </listitem>
-- </varlistentry>
-- </variablelist>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-T <replaceable class="parameter">ttl</replaceable></term>
-- <listitem>
-- <para>
-- Specifies the TTL to be used for new DNSKEY records imported
-- into the zone from the key repository. If not specified,
-- the default is the minimum TTL value from the zone's SOA
-- record. This option is ignored when signing without
-- <option>-S</option>, since DNSKEY records are not imported
-- from the key repository in that case. It is also ignored if
-- there are any pre-existing DNSKEY records at the zone apex,
-- in which case new records' TTL values will be set to match
-- them.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-t</term>
-- <listitem>
-- <para>
-- Print statistics at completion.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-v <replaceable class="parameter">level</replaceable></term>
-- <listitem>
-- <para>
-- Sets the debugging level.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-z</term>
-- <listitem>
-- <para>
-- Ignore KSK flag on key when determining what to sign.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-3 <replaceable class="parameter">salt</replaceable></term>
-- <listitem>
-- <para>
-- Generate a NSEC3 chain with the given hex encoded salt.
-- A dash (<replaceable class="parameter">salt</replaceable>) can
-- be used to indicate that no salt is to be used when generating the NSEC3 chain.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-H <replaceable class="parameter">iterations</replaceable></term>
-- <listitem>
-- <para>
-- When generating a NSEC3 chain use this many interations. The
-- default is 100.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>-A</term>
-- <listitem>
-- <para>
-- When generating a NSEC3 chain set the OPTOUT flag on all
-- NSEC3 records and do not generate NSEC3 records for insecure
-- delegations.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>zonefile</term>
-- <listitem>
-- <para>
-- The file containing the zone to be signed.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- <varlistentry>
-- <term>key</term>
-- <listitem>
-- <para>
-- Specify which keys should be used to sign the zone. If
-- no keys are specified, then the zone will be examined
-- for DNSKEY records at the zone apex. If these are found and
-- there are matching private keys, in the current directory,
-- then these will be used for signing.
-- </para>
-- </listitem>
-- </varlistentry>
--
-- </variablelist>
-- </refsect1>
--
-- <refsect1>
-- <title>EXAMPLE</title>
-- <para>
-- The following command signs the <userinput>example.com</userinput>
-- zone with the DSA key generated by <command>dnssec-keygen</command>
-- (Kexample.com.+003+17247). The zone's keys must be in the master
-- file (<filename>db.example.com</filename>). This invocation looks
-- for <filename>keyset</filename> files, in the current directory,
-- so that DS records can be generated from them (<command>-g</command>).
-- </para>
--<programlisting>% dnssec-signzone -g -o example.com db.example.com \
--Kexample.com.+003+17247
--db.example.com.signed
--%</programlisting>
-- <para>
-- In the above example, <command>dnssec-signzone</command> creates
-- the file <filename>db.example.com.signed</filename>. This
-- file should be referenced in a zone statement in a
-- <filename>named.conf</filename> file.
-- </para>
-- <para>
-- This example re-signs a previously signed zone with default parameters.
-- The private keys are assumed to be in the current directory.
-- </para>
--<programlisting>% cp db.example.com.signed db.example.com
--% dnssec-signzone -o example.com db.example.com
--db.example.com.signed
--%</programlisting>
-- </refsect1>
--
-- <refsect1>
-- <title>SEE ALSO</title>
-- <para><citerefentry>
-- <refentrytitle>dnssec-keygen</refentrytitle><manvolnum>8</manvolnum>
-- </citerefentry>,
-- <citetitle>BIND 9 Administrator Reference Manual</citetitle>,
-- <citetitle>RFC 4033</citetitle>.
-- </para>
-- </refsect1>
--
-- <refsect1>
-- <title>AUTHOR</title>
-- <para><corpauthor>Internet Systems Consortium</corpauthor>
-- </para>
-- </refsect1>
--
--</refentry><!--
-- - Local variables:
-- - mode: sgml
-- - End:
---->
+++ /dev/null
--#!/bin/sh
--#
--# Copyright (C) 2004, 2006-2009 Internet Systems Consortium, Inc. ("ISC")
--# Copyright (C) 2000-2002 Internet Software Consortium.
--#
--# Permission to use, copy, modify, and/or distribute this software for any
--# purpose with or without fee is hereby granted, provided that the above
--# copyright notice and this permission notice appear in all copies.
--#
--# THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
--# REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
--# AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
--# INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
--# LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
--# OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
--# PERFORMANCE OF THIS SOFTWARE.
--
--# $Id: sign.sh,v 1.27 2009/06/04 02:56:47 tbox Exp $
--
--SYSTEMTESTTOP=../..
--. $SYSTEMTESTTOP/conf.sh
--
--RANDFILE=../random.data
--
--zone=secure.example.
--infile=secure.example.db.in
--zonefile=secure.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a RSASHA1 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
--
--zone=bogus.example.
--infile=bogus.example.db.in
--zonefile=bogus.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
--
--zone=dynamic.example.
--infile=dynamic.example.db.in
--zonefile=dynamic.example.db
--
--keyname1=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
--keyname2=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 1024 -n zone -f KSK $zone`
--
--cat $infile $keyname1.key $keyname2.key >$zonefile
--
--$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
--
--zone=keyless.example.
--infile=keyless.example.db.in
--zonefile=keyless.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
--
--# Change the signer field of the a.b.keyless.example SIG A
--# to point to a provably nonexistent KEY record.
--mv $zonefile.signed $zonefile.tmp
--<$zonefile.tmp perl -p -e 's/ keyless.example/ b.keyless.example/
-- if /^a.b.keyless.example/../NXT/;' >$zonefile.signed
--rm -f $zonefile.tmp
--
--#
--# NSEC3/NSEC test zone
--#
--zone=secure.nsec3.example.
--infile=secure.nsec3.example.db.in
--zonefile=secure.nsec3.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
--
--#
--# NSEC3/NSEC3 test zone
--#
--zone=nsec3.nsec3.example.
--infile=nsec3.nsec3.example.db.in
--zonefile=nsec3.nsec3.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null
--
--#
--# OPTOUT/NSEC3 test zone
--#
--zone=optout.nsec3.example.
--infile=optout.nsec3.example.db.in
--zonefile=optout.nsec3.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null
--
--#
--# A nsec3 zone (non-optout).
--#
--zone=nsec3.example.
--infile=nsec3.example.db.in
--zonefile=nsec3.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -g -3 - -r $RANDFILE -o $zone $zonefile > /dev/null
--
--#
--# OPTOUT/NSEC test zone
--#
--zone=secure.optout.example.
--infile=secure.optout.example.db.in
--zonefile=secure.optout.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a RSAMD5 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
--
--#
--# OPTOUT/NSEC3 test zone
--#
--zone=nsec3.optout.example.
--infile=nsec3.optout.example.db.in
--zonefile=nsec3.optout.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null
--
--#
--# OPTOUT/OPTOUT test zone
--#
--zone=optout.optout.example.
--infile=optout.optout.example.db.in
--zonefile=optout.optout.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null
--
--#
--# A optout nsec3 zone.
--#
--zone=optout.example.
--infile=optout.example.db.in
--zonefile=optout.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -g -3 - -A -r $RANDFILE -o $zone $zonefile > /dev/null
--
--#
--# A nsec3 zone (non-optout) with unknown hash algorithm.
--#
--zone=nsec3-unknown.example.
--infile=nsec3-unknown.example.db.in
--zonefile=nsec3-unknown.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -3 - -U -r $RANDFILE -o $zone $zonefile > /dev/null
--
--#
--# A optout nsec3 zone.
--#
--zone=optout-unknown.example.
--infile=optout-unknown.example.db.in
--zonefile=optout-unknown.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -3 - -U -A -r $RANDFILE -o $zone $zonefile > /dev/null
--
--#
--# A multiple parameter nsec3 zone.
--#
--zone=multiple.example.
--infile=multiple.example.db.in
--zonefile=multiple.example.db
--
--keyname=`$KEYGEN -r $RANDFILE -a NSEC3RSASHA1 -b 768 -n zone $zone`
--
--cat $infile $keyname.key >$zonefile
--
--$SIGNER -P -r $RANDFILE -o $zone $zonefile > /dev/null
--mv $zonefile.signed $zonefile
--$SIGNER -P -3 - -r $RANDFILE -o $zone $zonefile > /dev/null
--mv $zonefile.signed $zonefile
--$SIGNER -P -3 AAAA -r $RANDFILE -o $zone $zonefile > /dev/null
--mv $zonefile.signed $zonefile
--$SIGNER -P -3 BBBB -r $RANDFILE -o $zone $zonefile > /dev/null
--mv $zonefile.signed $zonefile
--$SIGNER -P -3 CCCC -r $RANDFILE -o $zone $zonefile > /dev/null
--mv $zonefile.signed $zonefile
--$SIGNER -P -3 DDDD -r $RANDFILE -o $zone $zonefile > /dev/null
+++ /dev/null
--
--
--
--DNS Extensions Working Group S. Rose
--Internet-Draft NIST
--Obsoletes: 2672 (if approved) W. Wijngaards
--Updates: 3363,4294 NLnet Labs
--(if approved) May 2, 2008
--Intended status: Standards Track
--Expires: November 3, 2008
--
--
-- Update to DNAME Redirection in the DNS
-- draft-ietf-dnsext-rfc2672bis-dname-13
--
--Status of This Memo
--
-- By submitting this Internet-Draft, each author represents that any
-- applicable patent or other IPR claims of which he or she is aware
-- have been or will be disclosed, and any of which he or she becomes
-- aware will be disclosed, in accordance with Section 6 of BCP 79.
--
-- Internet-Drafts are working documents of the Internet Engineering
-- Task Force (IETF), its areas, and its working groups. Note that
-- other groups may also distribute working documents as Internet-
-- Drafts.
--
-- Internet-Drafts are draft documents valid for a maximum of six months
-- and may be updated, replaced, or obsoleted by other documents at any
-- time. It is inappropriate to use Internet-Drafts as reference
-- material or to cite them other than as "work in progress."
--
-- The list of current Internet-Drafts can be accessed at
-- http://www.ietf.org/ietf/1id-abstracts.txt.
--
-- The list of Internet-Draft Shadow Directories can be accessed at
-- http://www.ietf.org/shadow.html.
--
-- This Internet-Draft will expire on November 3, 2008.
--
--Copyright Notice
--
-- Copyright (C) The IETF Trust (2008).
--
--Abstract
--
-- The DNAME record provides redirection for a sub-tree of the domain
-- name tree in the DNS system. That is, all names that end with a
-- particular suffix are redirected to another part of the DNS. This is
-- an update of the original specification in RFC 2672, also aligning
-- RFC 3363 and RFC 4294 with this revision.
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 1]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
--Requirements Language
--
-- The key words "MUST", "MUST NOT", "REQUIRED", "SHALL", "SHALL NOT",
-- "SHOULD", "SHOULD NOT", "RECOMMENDED", "MAY", and "OPTIONAL" in this
-- document are to be interpreted as described in RFC 2119 [RFC2119].
--
--Table of Contents
--
-- 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . 3
--
-- 2. The DNAME Resource Record . . . . . . . . . . . . . . . . . . 3
-- 2.1. Format . . . . . . . . . . . . . . . . . . . . . . . . . . 3
-- 2.2. The DNAME Substitution . . . . . . . . . . . . . . . . . . 4
-- 2.3. DNAME Apex not Redirected itself . . . . . . . . . . . . . 5
-- 2.4. Names Next to and Below a DNAME Record . . . . . . . . . . 6
-- 2.5. Compression of the DNAME record. . . . . . . . . . . . . . 6
--
-- 3. Processing . . . . . . . . . . . . . . . . . . . . . . . . . . 7
-- 3.1. CNAME synthesis and UD bit . . . . . . . . . . . . . . . . 7
-- 3.2. Server algorithm . . . . . . . . . . . . . . . . . . . . . 8
-- 3.3. Wildcards . . . . . . . . . . . . . . . . . . . . . . . . 9
-- 3.4. Acceptance and Intermediate Storage . . . . . . . . . . . 10
--
-- 4. DNAME Discussions in Other Documents . . . . . . . . . . . . . 10
--
-- 5. Other Issues with DNAME . . . . . . . . . . . . . . . . . . . 12
-- 5.1. Canonical hostnames cannot be below DNAME owners . . . . . 12
-- 5.2. Dynamic Update and DNAME . . . . . . . . . . . . . . . . . 12
-- 5.3. DNSSEC and DNAME . . . . . . . . . . . . . . . . . . . . . 12
-- 5.3.1. DNAME bit in NSEC type map . . . . . . . . . . . . . . 12
-- 5.3.2. Validators Must Understand DNAME . . . . . . . . . . . 12
-- 5.3.2.1. DNAME in Bitmap Causes Invalid Name Error . . . . 13
-- 5.3.2.2. Valid Name Error Response Involving DNAME in
-- Bitmap . . . . . . . . . . . . . . . . . . . . . . 13
-- 5.3.2.3. Response With Synthesized CNAME . . . . . . . . . 13
--
-- 6. IANA Considerations . . . . . . . . . . . . . . . . . . . . . 14
--
-- 7. Security Considerations . . . . . . . . . . . . . . . . . . . 14
--
-- 8. Acknowledgments . . . . . . . . . . . . . . . . . . . . . . . 14
--
-- 9. References . . . . . . . . . . . . . . . . . . . . . . . . . . 14
-- 9.1. Normative References . . . . . . . . . . . . . . . . . . . 14
-- 9.2. Informative References . . . . . . . . . . . . . . . . . . 15
--
--
--
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 2]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
--1. Introduction
--
-- DNAME is a DNS Resource Record type originally defined in RFC 2672
-- [RFC2672]. DNAME provides redirection from a part of the DNS name
-- tree to another part of the DNS name tree.
--
-- The DNAME RR and the CNAME RR [RFC1034] cause a lookup to
-- (potentially) return data corresponding to a domain name different
-- from the queried domain name. The difference between the two
-- resource records is that the CNAME RR directs the lookup of data at
-- its owner to another single name, a DNAME RR directs lookups for data
-- at descendents of its owner's name to corresponding names under a
-- different (single) node of the tree.
--
-- Take for example, looking through a zone (see RFC 1034 [RFC1034],
-- section 4.3.2, step 3) for the domain name "foo.example.com" and a
-- DNAME resource record is found at "example.com" indicating that all
-- queries under "example.com" be directed to "example.net". The lookup
-- process will return to step 1 with the new query name of
-- "foo.example.net". Had the query name been "www.foo.example.com" the
-- new query name would be "www.foo.example.net".
--
-- This document is an update of the original specification of DNAME in
-- RFC 2672 [RFC2672]. DNAME was conceived to help with the problem of
-- maintaining address-to-name mappings in a context of network
-- renumbering. With a careful set-up, a renumbering event in the
-- network causes no change to the authoritative server that has the
-- address-to-name mappings. Examples in practice are classless reverse
-- address space delegations.
--
-- Another usage of DNAME lies in redirection of name spaces. For
-- example, a zone administrator may want sub-trees of the DNS to
-- contain the same information. Examples include punycode alternates
-- for domain spaces. DNAME is also used for the redirection of ENUM
-- domains to another maintaining party.
--
-- This update to DNAME does not change the wire format or the handling
-- of DNAME Resource Records by existing software. A new UD (Understand
-- DNAME) bit in the EDNS flags field can be used to signal that CNAME
-- synthesis is not needed. Discussion is added on problems that may be
-- encountered when using DNAME.
--
--2. The DNAME Resource Record
--
--2.1. Format
--
-- The DNAME RR has mnemonic DNAME and type code 39 (decimal). It is
-- not class-sensitive.
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 3]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
-- Its RDATA is comprised of a single field, <target>, which contains a
-- fully qualified domain name that must be sent in uncompressed form
-- [RFC1035], [RFC3597]. The <target> field MUST be present. The
-- presentation format of <target> is that of a domain name [RFC1035].
--
-- <owner> <ttl> <class> DNAME <target>
--
-- The effect of the DNAME RR is the substitution of the record's
-- <target> for its owner name, as a suffix of a domain name. This
-- substitution has to be applied for every DNAME RR found in the
-- resolution process, which allows fairly lengthy valid chains of DNAME
-- RRs.
--
-- Details of the substitution process, methods to avoid conflicting
-- resource records, and rules for specific corner cases are given in
-- the following subsections.
--
--2.2. The DNAME Substitution
--
-- When following RFC 1034 [RFC1034], section 4.3.2's algorithm's third
-- step, "start matching down, label by label, in the zone" and a node
-- is found to own a DNAME resource record a DNAME substitution occurs.
-- The name being sought may be the original query name or a name that
-- is the result of a CNAME resource record being followed or a
-- previously encountered DNAME. As is the case of finding a CNAME
-- resource record or NS resource record set, the processing of a DNAME
-- will happen prior to finding the desired domain name.
--
-- A DNAME substitution is performed by replacing the suffix labels of
-- the name being sought matching the owner name of the DNAME resource
-- record with the string of labels in the RDATA field. The matching
-- labels end with the root label in all cases. Only whole labels are
-- replaced. See the table of examples for common cases and corner
-- cases.
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 4]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
-- In the table below, the QNAME refers to the query name. The owner is
-- the DNAME owner domain name, and the target refers to the target of
-- the DNAME record. The result is the resulting name after performing
-- the DNAME substitution on the query name. "no match" means that the
-- query did not match the DNAME and thus no substitution is performed
-- and a possible error message is returned (if no other result is
-- possible). In the examples below, 'cyc' and 'shortloop' contain
-- loops.
--
-- QNAME owner DNAME target result
-- ---------------- -------------- -------------- -----------------
-- com. example.com. example.net. <no match>
-- example.com. example.com. example.net. <no match>
-- a.example.com. example.com. example.net. a.example.net.
-- a.b.example.com. example.com. example.net. a.b.example.net.
-- ab.example.com. b.example.com. example.net. <no match>
-- foo.example.com. example.com. example.net. foo.example.net.
-- a.x.example.com. x.example.com. example.net. a.example.net.
-- a.example.com. example.com. y.example.net. a.y.example.net.
-- cyc.example.com. example.com. example.com. cyc.example.com.
-- cyc.example.com. example.com. c.example.com. cyc.c.example.com.
-- shortloop.x.x. x. . shortloop.x.
-- shortloop.x. x. . shortloop.
--
-- Table 1. DNAME Substitution Examples.
--
-- It is possible for DNAMEs to form loops, just as CNAMEs can form
-- loops. DNAMEs and CNAMEs can chain together to form loops. A single
-- corner case DNAME can form a loop. Resolvers and servers should be
-- cautious in devoting resources to a query, but be aware that fairly
-- long chains of DNAMEs may be valid. Zone content administrators
-- should take care to insure that there are no loops that could occur
-- when using DNAME or DNAME/CNAME redirection.
--
-- The domain name can get too long during substitution. For example,
-- suppose the target name of the DNAME RR is 250 octets in length
-- (multiple labels), if an incoming QNAME that has a first label over 5
-- octets in length, the result of the result would be a name over 255
-- octets. If this occurs the server returns an RCODE of YXDOMAIN
-- [RFC2136]. The DNAME record and its signature (if the zone is
-- signed) are included in the answer as proof for the YXDOMAIN (value
-- 6) RCODE.
--
--2.3. DNAME Apex not Redirected itself
--
-- Unlike a CNAME RR, a DNAME RR redirects DNS names subordinate to its
-- owner name; the owner name of a DNAME is not redirected itself. The
-- domain name that owns a DNAME record is allowed to have other
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 5]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
-- resource record types at that domain name, except DNAMEs or CNAMEs.
-- This means that DNAME RRs are not allowed at the parent side of a
-- delegation point but are allowed at a zone apex.
--
-- The reason for this decision was that one can have a DNAME at the
-- zone apex. There still is a need to have the customary SOA and NS
-- resource records at the zone apex. This means that DNAME does not
-- mirror a zone completely, as it does not mirror the zone apex.
--
-- These rules also allow DNAME records to be queried through RFC 1034
-- [RFC1034] compliant, DNAME-unaware caches.
--
--2.4. Names Next to and Below a DNAME Record
--
-- Resource records MUST NOT exist at any domain name subordinate to the
-- owner of a DNAME RR. To get the contents for names subordinate to
-- that owner, the DNAME redirection must be invoked and the resulting
-- target queried. A server MAY refuse to load a zone that has data at
-- a domain name subordinate to a domain name owning a DNAME RR. If the
-- server does load the zone, those names below the DNAME RR will be
-- occluded, RFC 2136 [RFC2136], section 7.18. Also a server SHOULD
-- refuse to load a zone subordinate to the owner of a DNAME record in
-- the ancestor zone. See Section 5.2 for further discussion related to
-- dynamic update.
--
-- DNAME is a singleton type, meaning only one DNAME is allowed per
-- name. The owner name of a DNAME can only have one DNAME RR, and no
-- CNAME RRs can exist at that name. These rules make sure that for a
-- single domain name only one redirection exists, and thus no confusion
-- which one to follow. A server SHOULD refuse to load a zone that
-- violates these rules.
--
--2.5. Compression of the DNAME record.
--
-- The DNAME owner name can be compressed like any other owner name.
-- The DNAME RDATA target name MUST NOT be sent out in compressed form,
-- so that a DNAME RR can be treated as an unknown type [RFC3597].
--
-- Although the previous DNAME specification [RFC2672] (that is
-- obsoleted by this specification) talked about signaling to allow
-- compression of the target name, such signaling is not specified.
--
-- RFC 2672 stated that the EDNS version had a meaning for understanding
-- of DNAME and DNAME target name compression. This document updates
-- RFC 2672, in that there is no EDNS version signaling for DNAME.
-- However, the flags section of EDNS(0) is updated with a Understand-
-- DNAME flag by this document (See Section 3.3).
--
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 6]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
--3. Processing
--
-- The DNAME RR causes type NS additional section processing.
--
--3.1. CNAME synthesis and UD bit
--
-- When preparing an response, a server upon performing a DNAME
-- substitution will in all cases include the DNAME RR used in the
-- answer section. A CNAME RR record with TTL equal to the
-- corresponding DNAME RR is synthesized and included in the answer
-- section for old resolvers. The owner name of the CNAME is the QNAME
-- of the query. DNSSEC [RFC4033], [RFC4034], [RFC4035] says that the
-- synthesized CNAME does not have to be signed. The DNAME has an RRSIG
-- and a validating resolver can check the CNAME against the DNAME
-- record and validate the DNAME record.
--
-- Resolvers MUST be able to handle a synthesized CNAME TTL of zero or
-- equal to the TTL of the corresponding DNAME record. A TTL of zero
-- means that the CNAME can be discarded immediately after processing
-- the answer. DNAME aware resolvers can set the Understand-DNAME (UD
-- bit) to receive a response with only the DNAME RR and no synthesized
-- CNAMEs.
--
-- The UD bit is part of the EDNS [RFC2671] extended RCODE and Flags
-- field. It is used to omit server processing, transmission and
-- resolver processing of unsigned synthesized CNAMEs. Resolvers can
-- set this in a query to request omission of the synthesized CNAMEs.
-- Servers copy the UD bit to the response, and can omit synthesized
-- CNAMEs from the answer. Older resolvers do not set the UD bit, and
-- older servers do not copy the UD bit to the answer, and will not omit
-- synthesized CNAMEs.
--
-- Updated EDNS extended RCODE and Flags field.
--
-- +0 (MSB) +1 (LSB)
-- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-- 0: | EXTENDED-RCODE | VERSION |
-- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
-- 2: |DO|UD| Z |
-- +--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+--+
--
-- Servers MUST be able to answer a query for a synthesized CNAME. Like
-- other query types this invokes the DNAME, and synthesizes the CNAME
-- into the answer.
--
--
--
--
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 7]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
--3.2. Server algorithm
--
-- Below the server algorithm, which appeared in RFC 2672 Section 4.1,
-- is expanded to handle the UD (Understand DNAME) bit.
--
-- 1. Set or clear the value of recursion available in the response
-- depending on whether the name server is willing to provide
-- recursive service. If recursive service is available and
-- requested via the RD bit in the query, go to step 5, otherwise
-- step 2.
--
-- 2. Search the available zones for the zone which is the nearest
-- ancestor to QNAME. If such a zone is found, go to step 3,
-- otherwise step 4.
--
-- 3. Start matching down, label by label, in the zone. The matching
-- process can terminate several ways:
--
-- A. If the whole of QNAME is matched, we have found the node.
--
-- If the data at the node is a CNAME, and QTYPE does not match
-- CNAME, copy the CNAME RR into the answer section of the
-- response, change QNAME to the canonical name in the CNAME RR,
-- and go back to step 1.
--
-- Otherwise, copy all RRs which match QTYPE into the answer
-- section and go to step 6.
--
-- B. If a match would take us out of the authoritative data, we
-- have a referral. This happens when we encounter a node with
-- NS RRs marking cuts along the bottom of a zone.
--
-- Copy the NS RRs for the sub-zone into the authority section
-- of the reply. Put whatever addresses are available into the
-- additional section, using glue RRs if the addresses are not
-- available from authoritative data or the cache. Go to step
-- 4.
--
-- C. If at some label, a match is impossible (i.e., the
-- corresponding label does not exist), look to see whether the
-- last label matched has a DNAME record.
--
-- If a DNAME record exists at that point, copy that record into
-- the answer section. If substitution of its <target> for its
-- <owner> in QNAME would overflow the legal size for a <domain-
-- name>, set RCODE to YXDOMAIN [RFC2136] and exit; otherwise
-- perform the substitution and continue. If the EDNS OPT
-- record is present in the query and the UD bit is set, the
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 8]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
-- server MAY copy the UD bit to the answer EDNS OPT record, and
-- omit CNAME synthesis. Else the server MUST synthesize a
-- CNAME record as described above and include it in the answer
-- section. Go back to step 1.
--
-- If there was no DNAME record, look to see if the "*" label
-- exists.
--
-- If the "*" label does not exist, check whether the name we
-- are looking for is the original QNAME in the query or a name
-- we have followed due to a CNAME or DNAME. If the name is
-- original, set an authoritative name error in the response and
-- exit. Otherwise just exit.
--
-- If the "*" label does exist, match RRs at that node against
-- QTYPE. If any match, copy them into the answer section, but
-- set the owner of the RR to be QNAME, and not the node with
-- the "*" label. If the data at the node with the "*" label is
-- a CNAME, and QTYPE doesn't match CNAME, copy the CNAME RR
-- into the answer section of the response changing the owner
-- name to the QNAME, change QNAME to the canonical name in the
-- CNAME RR, and go back to step 1. Otherwise, Go to step 6.
--
-- 4. Start matching down in the cache. If QNAME is found in the
-- cache, copy all RRs attached to it that match QTYPE into the
-- answer section. If QNAME is not found in the cache but a DNAME
-- record is present at an ancestor of QNAME, copy that DNAME record
-- into the answer section. If there was no delegation from
-- authoritative data, look for the best one from the cache, and put
-- it in the authority section. Go to step 6.
--
-- 5. Use the local resolver or a copy of its algorithm to answer the
-- query. Store the results, including any intermediate CNAMEs and
-- DNAMEs, in the answer section of the response.
--
-- 6. Using local data only, attempt to add other RRs which may be
-- useful to the additional section of the query. Exit.
--
-- Note that there will be at most one ancestor with a DNAME as
-- described in step 4 unless some zone's data is in violation of the
-- no-descendants limitation in section 3. An implementation might take
-- advantage of this limitation by stopping the search of step 3c or
-- step 4 when a DNAME record is encountered.
--
--3.3. Wildcards
--
-- The use of DNAME in conjunction with wildcards is discouraged
-- [RFC4592]. Thus records of the form "*.example.com DNAME
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 9]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
-- example.net" SHOULD NOT be used.
--
-- The interaction between the expansion of the wildcard and the
-- redirection of the DNAME is non-deterministic. Because the
-- processing is non-deterministic, DNSSEC validating resolvers may not
-- be able to validate a wildcarded DNAME.
--
-- A server MAY give a warning that the behavior is unspecified if such
-- a wildcarded DNAME is loaded. The server MAY refuse it, refuse to
-- load or refuse dynamic update.
--
--3.4. Acceptance and Intermediate Storage
--
-- DNS caches can encounter data at names below the owner name of a
-- DNAME RR, due to a change at the authoritative server where data from
-- before and after the change resides in the cache. This conflict
-- situation is a transitional phase, that ends when the old data times
-- out. The cache can opt to store both old and new data and treat each
-- as if the other did not exist, or drop the old data, or drop the
-- longer domain name. In any approach, consistency returns after the
-- older data TTL times out.
--
-- DNS caches MUST perform CNAME synthesis on behalf of DNAME-ignorant
-- clients. A DNS cache that understands DNAMEs can send out queries on
-- behalf of clients with the UD bit set (See Section 3.1). After
-- receiving the answers the DNS cache sends replies to DNAME ignorant
-- clients that include DNAMEs and synthesized CNAMEs.
--
--4. DNAME Discussions in Other Documents
--
-- In [RFC2181], in Section 10.3., the discussion on MX and NS records
-- touches on redirection by CNAMEs, but this also holds for DNAMEs.
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 10]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
-- Excerpt from 10.3. MX and NS records (in RFC 2181).
--
-- The domain name used as the value of a NS resource record,
-- or part of the value of a MX resource record must not be
-- an alias. Not only is the specification clear on this
-- point, but using an alias in either of these positions
-- neither works as well as might be hoped, nor well fulfills
-- the ambition that may have led to this approach. This
-- domain name must have as its value one or more address
-- records. Currently those will be A records, however in
-- the future other record types giving addressing
-- information may be acceptable. It can also have other
-- RRs, but never a CNAME RR.
--
-- The DNAME RR is discussed in RFC 3363, section 4, on A6 and DNAME.
-- The opening premise of this section is demonstrably wrong, and so the
-- conclusion based on that premise is wrong. In particular, [RFC3363]
-- deprecates the use of DNAME in the IPv6 reverse tree, which is then
-- carried forward as a recommendation in [RFC4294]. Based on the
-- experience gained in the meantime, [RFC3363] should be revised,
-- dropping all constraints on having DNAME RRs in these zones. This
-- would greatly improve the manageability of the IPv6 reverse tree.
-- These changes are made explicit below.
--
-- In [RFC3363], the paragraph
--
-- "The issues for DNAME in the reverse mapping tree appears to be
-- closely tied to the need to use fragmented A6 in the main tree: if
-- one is necessary, so is the other, and if one isn't necessary, the
-- other isn't either. Therefore, in moving RFC 2874 to experimental,
-- the intent of this document is that use of DNAME RRs in the reverse
-- tree be deprecated."
--
-- is to be replaced with the word "DELETED".
--
-- In [RFC4294], the reference to DNAME was left in as an editorial
-- oversight. The paragraph
--
-- "Those nodes are NOT RECOMMENDED to support the experimental A6 and
-- DNAME Resource Records [RFC3363]."
--
-- is to be replaced by
--
-- "Those nodes are NOT RECOMMENDED to support the experimental
-- A6 Resource Record [RFC3363]."
--
--
--
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 11]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
--5. Other Issues with DNAME
--
-- There are several issues to be aware of about the use of DNAME.
--
--5.1. Canonical hostnames cannot be below DNAME owners
--
-- The names listed as target names of MX, NS, PTR and SRV [RFC2782]
-- records must be canonical hostnames. This means no CNAME or DNAME
-- redirection may be present during DNS lookup of the address records
-- for the host. This is discussed in RFC 2181 [RFC2181], section 10.3,
-- and RFC 1912 [RFC1912], section 2.4. For SRV see RFC 2782 [RFC2782]
-- page 4.
--
-- The upshot of this is that although the lookup of a PTR record can
-- involve DNAMEs, the name listed in the PTR record can not fall under
-- a DNAME. The same holds for NS, SRV and MX records. For example,
-- when punycode alternates for a zone use DNAME then the NS, MX, SRV
-- and PTR records that point to that zone must use names without
-- punycode in their RDATA. What must be done then is to have the
-- domain names with DNAME substitution already applied to it as the MX,
-- NS, PTR, SRV data. These are valid canonical hostnames.
--
--5.2. Dynamic Update and DNAME
--
-- DNAME records can be added, changed and removed in a zone using
-- dynamic update transactions. Adding a DNAME RR to a zone occludes
-- any domain names that may exist under the added DNAME.
--
-- A server MUST ignore a dynamic update message that attempts to add a
-- DNAME RR at a name that already has a CNAME RR or another DNAME RR
-- associated with that name.
--
--5.3. DNSSEC and DNAME
--
--5.3.1. DNAME bit in NSEC type map
--
-- When a validator checks the NSEC RRs returned on a name error
-- response, it SHOULD check that the DNAME bit is not set. If the
-- DNAME bit is set then the DNAME substitution should have been done,
-- but has not.
--
--5.3.2. Validators Must Understand DNAME
--
-- Examples of why DNSSEC validators MUST understand DNAME.
--
--
--
--
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 12]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
--5.3.2.1. DNAME in Bitmap Causes Invalid Name Error
--
-- ;; Header: QR AA DO RCODE=3(NXDOMAIN)
-- ;; Question
-- foo.bar.example.com. IN A
-- ;; Answer
-- bar.example.com. NSEC dub.example.com. A DNAME
-- bar.example.com. RRSIG NSEC [valid signature]
--
-- If this is the response, then only by understanding that the DNAME
-- bit means that foo.bar.example.com needed to have been redirected by
-- the DNAME, the validator can see that it is a BOGUS reply from an
-- attacker that collated existing records from the DNS to create a
-- confusing reply.
--
-- If the DNAME bit had not been set in the NSEC record above then the
-- answer would have validated as a correct name error response.
--
--5.3.2.2. Valid Name Error Response Involving DNAME in Bitmap
--
-- ;; Header: QR AA DO RCODE=3(NXDOMAIN)
-- ;; Question
-- cee.example.com. IN A
-- ;; Answer
-- bar.example.com. NSEC dub.example.com. A DNAME
-- bar.example.com. RRSIG NSEC [valid signature]
--
-- This reply has the same NSEC records as the example above, but with
-- this query name (cee.example.com), the answer is validated, because
-- 'cee' does not get redirected by the DNAME at 'bar'.
--
--5.3.2.3. Response With Synthesized CNAME
--
-- ;; Header: QR AA DO RCODE=0(NOERROR)
-- ;; Question
-- foo.bar.example.com. IN A
-- ;; Answer
-- bar.example.com. DNAME bar.example.net.
-- bar.example.com. RRSIG DNAME [valid signature]
-- foo.bar.example.com. CNAME foo.bar.example.net.
--
-- The answer shown above has the synthesized CNAME included. However,
-- the CNAME has no signature, since the server does not sign online.
-- So it cannot be trusted. It could be altered by an attacker to be
-- foo.bar.example.com CNAME bla.bla.example. The DNAME record does
-- have its signature included, since it does not change for every query
-- name. The validator must verify the DNAME signature and then
-- recursively resolve further to query for the foo.bar.example.net A
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 13]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
-- record.
--
--6. IANA Considerations
--
-- The DNAME Resource Record type code 39 (decimal) originally has been
-- registered by [RFC2672]. IANA should update the DNS resource record
-- registry to point to this document for RR type 39.
--
-- This draft requests the second highest bit in the EDNS flags field
-- for the Understand-DNAME (UD) flag.
--
--7. Security Considerations
--
-- DNAME redirects queries elsewhere, which may impact security based on
-- policy and the security status of the zone with the DNAME and the
-- redirection zone's security status.
--
-- If a validating resolver accepts wildcarded DNAMEs, this creates
-- security issues. Since the processing of a wildcarded DNAME is non-
-- deterministic and the CNAME that was substituted by the server has no
-- signature, the resolver may choose a different result than what the
-- server meant, and consequently end up at the wrong destination. Use
-- of wildcarded DNAMEs is discouraged in any case [RFC4592].
--
-- A validating resolver MUST understand DNAME, according to [RFC4034].
-- In Section 5.3.2 examples are given that illustrate this need.
--
--8. Acknowledgments
--
-- The authors of this draft would like to acknowledge Matt Larson for
-- beginning this effort to address the issues related to the DNAME RR
-- type. The authors would also like to acknowledge Paul Vixie, Ed
-- Lewis, Mark Andrews, Mike StJohns, Niall O'Reilly, Sam Weiler, Alfred
-- Hines and Kevin Darcy for their review and comments on this document.
--
--9. References
--
--9.1. Normative References
--
-- [RFC1034] Mockapetris, P., "Domain names - concepts and facilities",
-- STD 13, RFC 1034, November 1987.
--
-- [RFC1035] Mockapetris, P., "Domain names - implementation and
-- specification", STD 13, RFC 1035, November 1987.
--
-- [RFC2119] Bradner, S., "Key words for use in RFCs to Indicate
-- Requirement Levels", BCP 14, RFC 2119, March 1997.
--
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 14]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
-- [RFC2136] Vixie, P., Thomson, S., Rekhter, Y., and J. Bound,
-- "Dynamic Updates in the Domain Name System (DNS UPDATE)",
-- RFC 2136, April 1997.
--
-- [RFC2181] Elz, R. and R. Bush, "Clarifications to the DNS
-- Specification", RFC 2181, July 1997.
--
-- [RFC2671] Vixie, P., "Extension Mechanisms for DNS (EDNS0)",
-- RFC 2671, August 1999.
--
-- [RFC2782] Gulbrandsen, A., Vixie, P., and L. Esibov, "A DNS RR for
-- specifying the location of services (DNS SRV)", RFC 2782,
-- February 2000.
--
-- [RFC3597] Gustafsson, A., "Handling of Unknown DNS Resource Record
-- (RR) Types", RFC 3597, September 2003.
--
-- [RFC4033] Arends, R., Austein, R., Larson, M., Massey, D., and S.
-- Rose, "DNS Security Introduction and Requirements",
-- RFC 4033, March 2005.
--
-- [RFC4034] Arends, R., Austein, R., Larson, M., Massey, D., and S.
-- Rose, "Resource Records for the DNS Security Extensions",
-- RFC 4034, March 2005.
--
-- [RFC4035] Arends, R., Austein, R., Larson, M., Massey, D., and S.
-- Rose, "Protocol Modifications for the DNS Security
-- Extensions", RFC 4035, March 2005.
--
-- [RFC4592] Lewis, E., "The Role of Wildcards in the Domain Name
-- System", RFC 4592, July 2006.
--
--9.2. Informative References
--
-- [RFC1912] Barr, D., "Common DNS Operational and Configuration
-- Errors", RFC 1912, February 1996.
--
-- [RFC2672] Crawford, M., "Non-Terminal DNS Name Redirection",
-- RFC 2672, August 1999.
--
-- [RFC3363] Bush, R., Durand, A., Fink, B., Gudmundsson, O., and T.
-- Hain, "Representing Internet Protocol version 6 (IPv6)
-- Addresses in the Domain Name System (DNS)", RFC 3363,
-- August 2002.
--
-- [RFC4294] Loughney, J., "IPv6 Node Requirements", RFC 4294,
-- April 2006.
--
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 15]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
--Authors' Addresses
--
-- Scott Rose
-- NIST
-- 100 Bureau Dr.
-- Gaithersburg, MD 20899
-- USA
--
-- Phone: +1-301-975-8439
-- Fax: +1-301-975-6238
-- EMail: scottr@nist.gov
--
--
-- Wouter Wijngaards
-- NLnet Labs
-- Kruislaan 419
-- Amsterdam 1098 VA
-- The Netherlands
--
-- Phone: +31-20-888-4551
-- EMail: wouter@nlnetlabs.nl
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 16]
--\f
--Internet-Draft DNAME Redirection May 2008
--
--
--Full Copyright Statement
--
-- Copyright (C) The IETF Trust (2008).
--
-- This document is subject to the rights, licenses and restrictions
-- contained in BCP 78, and except as set forth therein, the authors
-- retain all their rights.
--
-- This document and the information contained herein are provided on an
-- "AS IS" basis and THE CONTRIBUTOR, THE ORGANIZATION HE/SHE REPRESENTS
-- OR IS SPONSORED BY (IF ANY), THE INTERNET SOCIETY, THE IETF TRUST AND
-- THE INTERNET ENGINEERING TASK FORCE DISCLAIM ALL WARRANTIES, EXPRESS
-- OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF
-- THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED
-- WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
--
--Intellectual Property
--
-- The IETF takes no position regarding the validity or scope of any
-- Intellectual Property Rights or other rights that might be claimed to
-- pertain to the implementation or use of the technology described in
-- this document or the extent to which any license under such rights
-- might or might not be available; nor does it represent that it has
-- made any independent effort to identify any such rights. Information
-- on the procedures with respect to rights in RFC documents can be
-- found in BCP 78 and BCP 79.
--
-- Copies of IPR disclosures made to the IETF Secretariat and any
-- assurances of licenses to be made available, or the result of an
-- attempt made to obtain a general license or permission for the use of
-- such proprietary rights by implementers or users of this
-- specification can be obtained from the IETF on-line IPR repository at
-- http://www.ietf.org/ipr.
--
-- The IETF invites any interested party to bring to its attention any
-- copyrights, patents or patent applications, or other proprietary
-- rights that may cover technology that may be required to implement
-- this standard. Please address the information to the IETF at
-- ietf-ipr@ietf.org.
--
--Acknowledgement
--
-- Funding for the RFC Editor function is provided by the IETF
-- Administrative Support Activity (IASA).
--
--
--
--
--
--
--
--Rose & Wijngaards Expires November 3, 2008 [Page 17]
--\f
+++ /dev/null
--
--Branch Status Whom // Comments
-------------------------------------------------------------
--
-- new not yet classified
-- open developement branch
-- active not a development branch
-- review ready for review
-- private private branch
-- closed finished with
--
--branch_9_5_0_P1 new each // 2008-06-30 22:15 +0000
--custom_AFILIAS_v9_4_1_P1 private marka // 2007-08-30 01:11 +0000
--custom_AFIS_v9_4_0 private marka // 2007-04-23 05:08 +0000
--custom_ALLIANZ_v9_4_1_P1 private marka // 2007-08-03 04:51 +0000
--custom_ALLIANZ_v9_4_2 private marka // 2007-11-23 04:32 +0000
--custom_ALLIANZ_v9_4_2_P1 new each // 2008-05-27 23:33 +0000
--custom_ALLIANZ_v9_4_2_P2 new each // 2008-08-05 21:28 +0000
--custom_ATT_v9_4 new each // 2009-07-28 17:05 +0000
--custom_CISCO_v9_3_4_P1 private marka // 2007-11-23 04:19 +0000
--custom_DYNDNS_v9_6 new each // 2009-06-19 15:34 +0000
--custom_NOM_v9_5_0a7 private
--custom_NOM_v9_5_0b2 new marka // 2008-03-06 06:45 +0000
--custom_NOM_v9_5_0b2+ new marka // 2008-03-06 06:13 +0000
--custom_UTK_v9_4_0 private marka // 2007-04-23 13:35 +0000
--custom_UTK_v9_4_1 private marka // 2007-04-30 01:51 +0000
--custom_WALMART_v9_6_1 new marka // 2009-07-13 22:53 +0000
--custom_WFB_v9_3_1 private
--custom_WFB_v9_3_2 private
--custom_WFB_v9_3_3 private
--custom_WFB_v9_4_0 private
--custom_WFB_v9_4_1 private marka // 2007-04-30 01:53 +0000
--custom_WFB_v9_4_1_P1 private marka // 2007-08-01 22:49 +0000
--custom_WFB_v9_4_2 private each // 2007-12-05 18:10 +0000
--custom_WFB_v9_4_2_P1 new each // 2008-05-27 22:59 +0000
--custom_WFB_v9_5_0_P1 private marka // 2008-07-15 00:05 +0000
--custom_WFB_v9_5_0_P2 new each // 2008-08-05 21:06 +0000
--custom_WFB_v9_5_0_P2_1_servfail new jinmei // 2008-12-08 22:38 +0000
--custom_WFB_v9_6_0_P1 new marka // 2009-02-05 07:00 +0000
--gsstsig4 open sra // head + gsstsig as of 12 may 2006
--gsstsig4_win32 open danny // sub-branch off gsstsig4 for windows development
--jinmei-mmapzone-test open // mmap based zone file. very experimental, just for reference purposes
--jinmei_libdnsng open
--jinmei_lrucache open
--libbind_clean open jinmei
--make new
--marka-xlink new marka // 2009-02-10 02:17 +0000
--marka_970 new marka // 2009-06-18 02:50 +0000
--marka_libdnsng open
--marka_tools new marka // 2009-07-23 03:10 +0000
--marka_tools2 new marka // 2009-08-14 10:55 +0000
--mlg-20000518 open explorer
--newresolver0 open
--openssl_stub open marka
--rt10864 open marka // NSEC caching @ delegation
--rt11398d open sra // doxygen dev
--rt11398e open sra
--rt11543 open jakob
--rt11733 open jakob
--rt11733b open jakob
--rt13489 review marka // Solaris bug fixes
--rt13555 open marka // nslookup name failure
--rt13562 open marka
--rt14654 open
--rt14815 open // stats blind spots
--rt14895 open jinmei
--rt14895b open jinmei
--rt14951a open
--rt15327 open
--rt15452a open marka // NSEC3
--rt15452b new marka // 2008-04-04 05:06 +0000
--rt15452c new marka // 2008-09-22 02:18 +0000
--rt15698 open
--rt15765 open
--rt15860 open
--rt15869 review // libdnsng
--rt16157 open
--rt16288 review
--rt16288_best_to_first_match review
--rt16402 open
--rt16428 open
--rt16443 open marka // post 9.4.0
--rt16519 open marka // epsilon for .DE
--rt16671 open marka // Silence Coverity reports
--rt16760 open explorer // 2007-03-19 14:59 +0000
--rt16806 open marka // 2007-04-24 04:38 +0000
--rt16844 open marka // EVP conversion
--rt16857 open marka // 2007-05-14 03:45 +0000
--rt17061 open marka // 2007-08-02 02:08 +0000
--rt17091 open evan
--rt17099 open marka // 2007-09-02 23:42 +0000
--rt17138 open marka // 2007-09-11 01:39 +0000
--rt17146 open
--rt17151 open marka // 2007-09-18 00:34 +0000
--rt17214 review jakob
--rt17214b new each // 2008-05-07 00:27 +0000
--rt17224 new marka // 2008-02-08 04:24 +0000
--rt17261 new marka // 2008-01-22 13:29 +0000
--rt1727 open // ixfr-from-differences workfile
--rt17301 new marka // 2008-01-08 04:27 +0000
--rt17312 new marka // 2008-01-04 05:16 +0000
--rt17347 open each // 2007-12-17 23:48 +0000
--rt17374 open each // 2007-12-19 05:51 +0000
--rt17375 open each // 2007-12-20 16:47 +0000
--rt17435 new
--rt17441 new marka // 2008-01-08 03:41 +0000
--rt17451 new fdupont // Delete RB tree order
--rt17455 new each // 2008-01-10 00:20 +0000
--rt17460 new marka // 2008-01-11 03:44 +0000
--rt17462 new each // 2008-01-11 17:47 +0000
--rt17466 new
--rt17469 new marka // 2008-01-12 00:48 +0000
--rt17513 new marka // 2008-01-25 03:37 +0000
--rt17514 new marka // 2008-01-23 01:38 +0000
--rt17557 new marka // 2008-01-29 00:48 +0000
--rt17572 new marka // 2008-02-04 00:59 +0000
--rt17573 new marka // 2008-02-04 05:15 +0000
--rt17576 new marka // 2008-02-05 02:22 +0000
--rt17580 new
--rt17589 new marka // 2008-02-11 05:52 +0000
--rt17590 new
--rt17596 new fdupont // explicit rollover
--rt17596a new fdupont // 2008-02-28 08:16 +0000
--rt17596b new fdupont // 2008-04-21 12:27 +0000
--rt17596c new fdupont // 2008-11-03 12:07 +0000
--rt17598 new marka // 2008-02-17 23:24 +0000
--rt17628 new
--rt17671 new marka // 2008-02-27 01:39 +0000
--rt17729 new marka // 2008-03-06 03:56 +0000
--rt17729a new marka // 2008-04-02 23:40 +0000
--rt17828 new marka // 2008-04-09 23:06 +0000
--rt17849 new mayer // 2008-07-07 04:17 +0000
--rt17949 new
--rt17949_v9_3 new
--rt17949_v9_4 new
--rt17949_v9_5 new
--rt17977 new each // 2008-04-23 00:29 +0000
--rt18018 new
--rt18020 new fdupont // FIPS 140-2
--rt18020a new fdupont // 2008-05-15 14:50 +0000
--rt18029 new each // 2008-05-30 05:02 +0000
--rt18029a new marka // 2008-08-06 05:31 +0000
--rt18033 new fdupont // HSM maintenance
--rt18033a new fdupont // 2008-12-30 12:49 +0000
--rt18040 new marka // 2008-05-08 02:25 +0000
--rt18042 new fdupont // 2008-05-09 13:27 +0000
--rt18046 new fdupont // 2008-05-09 06:56 +0000
--rt18046a new fdupont // 2008-10-22 11:48 +0000
--rt18092 new each // 2008-05-21 05:49 +0000
--rt18098 new
--rt18159 new
--rt18168 new marka // 2008-10-22 02:14 +0000
--rt18192 new jinmei // 2008-12-23 02:53 +0000
--rt18194 new
--rt18253 new each // 2008-07-18 23:01 +0000
--rt18306 new marka // 2008-11-04 23:46 +0000
--rt18331 new fdupont // 2008-07-19 14:53 +0000
--rt18332 new fdupont // 2008-07-20 13:11 +0000
--rt18332_v9_3_5_P1 new fdupont // 2008-07-20 13:16 +0000
--rt18335 new fdupont // 2008-07-20 11:50 +0000
--rt18336 new fdupont // 2008-07-21 13:51 +0000
--rt18336p1 new
--rt18344 new
--rt18348 new fdupont // 2008-08-09 08:31 +0000
--rt18358 new fdupont // 2008-07-23 22:35 +0000
--rt18368 new marka // 2008-11-28 05:10 +0000
--rt18370 new mayer // 2008-07-29 01:55 +0000
--rt18374 new mayer // 2008-07-28 02:48 +0000
--rt18374_v9_5 new mayer // 2008-07-28 13:32 +0000
--rt18411 new
--rt18441 new each // 2008-08-15 17:02 +0000
--rt18493 new
--rt18516 new
--rt18535 new marka // 2008-11-28 02:19 +0000
--rt18543 new marka // 2008-11-28 00:55 +0000
--rt18559 new each // 2008-09-26 03:54 +0000
--rt18578 new dhankins // 2008-09-05 18:56 +0000
--rt18601 new pselkirk // 2009-02-24 20:19 +0000
--rt18632 new mayer // 2008-09-24 03:10 +0000
--rt18634 new mayer // 2008-09-16 03:47 +0000
--rt18646 new marka // 2008-09-18 03:40 +0000
--rt18657 new marka // 2008-11-05 03:19 +0000
--rt18658 new marka // 2008-11-27 04:46 +0000
--rt18685 new each // 2008-10-24 00:53 +0000
--rt18694 new fdupont // 2008-10-29 10:23 +0000
--rt18711 new marka // 2008-11-27 03:17 +0000
--rt18784 new
--rt18785 new marka // 2008-10-31 01:19 +0000
--rt18793 new fdupont // 2008-10-25 11:56 +0000
--rt18795 new marka // 2008-10-27 00:04 +0000
--rt18802 new
--rt18815 new fdupont // 2008-10-28 12:34 +0000
--rt18828 new marka // 2008-11-04 06:17 +0000
--rt18872 new marka // 2009-01-23 02:57 +0000
--rt18884 new marka // 2008-11-11 02:16 +0000
--rt18905 new jinmei // 2008-12-30 01:46 +0000
--rt19027 new
--rt19063 new marka // 2008-12-13 01:45 +0000
--rt19113 new fdupont // 2009-01-10 17:53 +0000
--rt19198 new marka // 2009-01-23 02:19 +0000
--rt19209 new marka // 2009-02-05 01:10 +0000
--rt19234 new fdupont // 2009-02-12 14:15 +0000
--rt19234a new fdupont // 2009-09-11 22:20 +0000
--rt19240 new jinmei // 2009-01-26 23:31 +0000
--rt19248 new each // 2009-01-28 00:25 +0000
--rt19256 new jinmei // 2009-01-29 00:55 +0000
--rt19284 new each // 2009-01-30 20:31 +0000
--rt19284_jinmeihack new
--rt19294 new fdupont // 2009-09-04 11:49 +0000
--rt19300 new each // 2009-02-05 23:51 +0000
--rt19301 new each // 2009-02-19 07:28 +0000
--rt19310 new marka // 2009-02-11 09:42 +0000
--rt19360 new fdupont // 2009-02-17 09:10 +0000
--rt19369 new jinmei // 2009-02-19 00:40 +0000
--rt19384 new marka // 2009-02-23 03:32 +0000
--rt19387 new jinmei // 2009-03-05 19:37 +0000
--rt19447 new ebersman // 2009-06-10 14:44 +0000
--rt19447_v9_6_1 new ebersman // 2009-06-10 17:00 +0000
--rt19447_v9_6_1_patch new ebersman // 2009-06-10 17:20 +0000
--rt19495 new marka // 2009-01-19 01:19 +0000
--rt19563 new jinmei // 2009-04-11 02:39 +0000
--rt19589 new jreed // 2009-05-07 13:43 +0000
--rt19624 new fdupont // 2009-05-06 11:11 +0000
--rt19625 new fdupont // 2009-04-24 08:59 +0000
--rt19653 new
--rt19654 new marka // 2009-05-06 23:22 +0000
--rt19657 new fdupont // 2009-05-01 09:53 +0000
--rt19750 new marka // 2009-07-01 07:18 +0000
--rt19773 new each // 2009-07-02 21:22 +0000
--rt19780 new jinmei // 2009-06-08 03:12 +0000
--rt19816 new each // 2009-06-12 22:33 +0000
--rt19874 new each // 2009-08-05 22:36 +0000
--rt19875 new each // 2009-07-04 22:47 +0000
--rt19910 new marka // 2009-07-09 02:38 +0000
--rt19942 new each // 2009-08-27 23:01 +0000
--rt19943 new each // 2009-09-15 03:18 +0000
--rt20001 new each // 2009-08-05 15:54 +0000
--rt20023 new fdupont // 2009-07-31 15:08 +0000
--rt20037 new marka // 2009-08-11 07:46 +0000
--rt20044 new fdupont // 2009-08-07 18:59 +0000
--rt20062 new marka // 2009-08-10 05:00 +0000
--rt20062a new marka // 2009-09-14 04:51 +0000
--rt20112 new marka // 2009-08-18 05:22 +0000
- rt20191 new vjs // 2009-09-20 01:55 +0000
--rt20225 new fdupont // 2009-09-18 11:50 +0000
--rt20230 new fdupont // 2009-09-19 22:45 +0000
--rt20236 new fdupont // 2009-09-19 22:34 +0000
--rt20247 new each // 2009-09-11 03:22 +0000
--rt20253 new sar // 2009-09-11 22:17 +0000
--rt20257 new fdupont // 2009-09-18 16:53 +0000
--shane_dbbackend open
--skan open explorer
--skan-metazones1 private explorer
--skan_implicit_update1 open explorer
--skan_lruttl open explorer
--skan_stats1 open explorer
--skan_stats2 open explorer
--skan_stats3 open explorer
--skan_stats4 open explorer
--skan_zonemaint new
--sp1213 open
--sp1324 new marka // 2007-06-29 05:40 +0000
--sp1705 new
--sp1705a new
--sp2708 new marka // 2009-08-20 02:00 +0000
--stats_lidl open
--v6source open
--v9_1 active // security fixes only
--v9_1_1_patch active // security fixes 9.1.1 only
--v9_2 active
--v9_2_0_patch active // security fixes 9.2.0 only
--v9_2_1_patch active // security fixes 9_2_1 only
--v9_2_2_delegation_only active // 9.2.2-P1, 9.2.2-P2, 9.2.2-P3
--v9_2_2base active // security fixes 9.2.2 only
--v9_2_4base active // security fixes 9.2.4 only
--v9_2_6_patch active // security fixes 9.2.6 only
--v9_2_7_patch active // security fixes 9.2.7 only
--v9_2_8_patch active // security fixes 9.2.9 only
--v9_3 active
--v9_3_0base active // security fixes 9.3.0 only
--v9_3_2_patch active // security fixes 9.3.2 only
--v9_3_4-cisco active
--v9_3_4_patch active // security fixes 9.3.4 only
--v9_3_5_P1 new each // 2008-05-22 20:42 +0000
--v9_3_5_P2_W1 new mayer // 2008-08-16 03:50 +0000
--v9_3_5_P2_danny new
--v9_3_5_P2_win32 new each // 2008-08-21 02:21 +0000
--v9_3_5_patch new
--v9_4 active
--v9_4_1_P1_lruttl active
--v9_4_1_patch active // security fixes 9.4.1 only
--v9_4_2_P1 new each // 2008-05-22 21:12 +0000
--v9_4_2_P2_W1 new mayer // 2008-08-09 19:33 +0000
--v9_4_2_P2_danny new
--v9_4_2_P2_michael new
--v9_4_2_P2_win32 new each // 2008-08-21 00:20 +0000
--v9_4_2_patch active // security fixes 9.4.2 only
--v9_4_2_patch_attservfail new
--v9_4_3_patch new marka // 2008-12-23 00:04 +0000
--v9_5 active
--v9_5_0_P2_W1 new mayer // 2008-08-16 21:14 +0000
--v9_5_0_P2_danny new
--v9_5_0_P2_win32 new marka // 2008-09-04 05:59 +0000
--v9_5_0_patch active // security fixes 9.5.0 only
--v9_5_1_patch new marka // 2008-12-03 02:07 +0000
--v9_6 new marka // 2008-11-30 22:53 +0000
--v9_6_0_patch new marka // 2008-12-23 01:13 +0000
--v9_6_1_patch new marka // 2009-07-28 14:11 +0000
--
--
--a6_remove closed
--adb_race closed
--additional_cache closed // additional RRs caching for performance
--additional_cache_rt6496 closed
--avoid_gettimeofday closed
--bind9-gss-tsig closed // ancient (circa 9.2.3) gss-tsig attempt, never worked
--bind9-gsstsig closed // ancient (circa 9.2.3) gss-tsig attempt, never worked
--blabel-cleanup closed
--chroot closed
--compiled_zonefile closed // wire format zone file, under development (moved to rt13587)
--da closed // aborted DNSSEC DA flag
--delegation_only closed
--dighost closed
--dlz closed // old version of dlz patch, merge never completed
--ds closed
--ds13 closed
--ds_12 closed
--edns1 closed
--edns_size closed
--gssapi3-skan closed
--gsstsig2 closed // old (circa 9.3.0) gss-tsig, finally worked with hacked heimdal spnego
--gsstsig3 closed
--ietf71 closed // 2008-03-12 04:10 +0000
--ifiter_getifaddrs closed
--ipl closed
--ipv6-improvements closed
--ipv6-scope closed
--ipv6_6to4 closed
--ksk closed
--marka_google closed
--newconfig closed
--optin closed // aborted DNSSEC OPTIN code
--peter closed // hostname.bind for 9.2.x
--queryperf-v6 closed // IPv6 transport support for queryperf
--rdata_split closed
--resign closed // 2007-10-19 03:57 +0000
--rt10038 closed
--rt10049 closed
--rt10105 closed
--rt10114 closed
--rt10115 closed
--rt10131 closed
--rt10132 closed
--rt10133 closed
--rt10134 closed
--rt10147 closed
--rt10148 closed
--rt10150 closed
--rt10194 closed
--rt10202 closed
--rt10208 closed
--rt10221 closed
--rt10236 closed
--rt10272 closed
--rt10272a closed
--rt10331 closed
--rt10345 closed
--rt10346 closed
--rt10381 closed
--rt10440 closed
--rt10440a closed
--rt10452 closed
--rt10461 closed
--rt10497 closed
--rt10508 closed
--rt10565 closed
--rt10590 closed
--rt10642 closed
--rt10704 closed
--rt10718 closed
--rt10764 closed // empty
--rt10838 closed
--rt10847 closed
--rt10861 closed
--rt1091 closed // 2007-10-22 02:27 +0000
--rt1091a closed // 2007-11-19 03:11 +0000
--rt10920 closed
--rt10925 closed
--rt10929 closed
--rt10991 closed
--rt11013 closed
--rt11065 closed
--rt11069 closed
--rt11069_v9_2 closed
--rt11101 closed
--rt11116 closed
--rt11117 closed
--rt11118 closed
--rt11119 closed
--rt11127 closed
--rt11132 closed
--rt11149 closed
--rt11156 closed
--rt11156_v9_2 closed
--rt11163 closed
--rt11163_1 closed
--rt11177 closed
--rt11179 closed
--rt11206 closed
--rt11208 closed
--rt11237 closed
--rt11280 closed
--rt11288 closed
--rt11331 closed
--rt113347 closed // rt11347
--rt11360 closed
--rt11382 closed // DLZ
--rt11398 closed
--rt11398a closed // old doxygen dev
--rt11398b closed
--rt11398c closed
--rt11432 closed
--rt11436 closed
--rt11439 closed
--rt11445 closed
--rt11446 closed
--rt11486 closed
--rt11541 closed
--rt11542 closed
--rt11582 closed
--rt11595 closed
--rt11600 closed
--rt11681 closed
--rt11697 closed
--rt11706 closed
--rt11714 closed
--rt11742 closed
--rt11943 closed
--rt12017 closed // 2007-12-13 01:00 +0000
--rt12023 closed
--rt12024 closed
--rt12133 closed
--rt12154 closed
--rt12281 closed
--rt12286 closed
--rt12321 closed
--rt12321a closed
--rt12321b closed
--rt12322 closed
--rt12323 closed
--rt12327 closed
--rt12328 closed
--rt12352 closed
--rt12375 closed
--rt12376 closed
--rt12404 closed
--rt12410 closed
--rt12416 closed
--rt12467 closed
--rt12492 closed
--rt12493 closed
--rt12498 closed
--rt12505a closed
--rt12505b closed
--rt12519 closed
--rt12541 closed
--rt12557 closed
--rt12581 closed
--rt12634 closed
--rt12658 closed
--rt12695 closed
--rt12729 closed
--rt12729a closed
--rt12745 closed
--rt12745a closed
--rt12774 closed
--rt12788 closed
--rt12790 closed
--rt12810 closed
--rt12810a closed
--rt12838 closed
--rt12866 closed
--rt12894 closed
--rt12895 closed
--rt12907 closed
--rt12919 closed
--rt12933 closed
--rt12937 closed
--rt12942 closed
--rt12970 closed
--rt12971 closed
--rt12995 closed
--rt13002 closed
--rt13009 closed
--rt13015 closed
--rt13016 closed
--rt13062 closed
--rt13077 closed
--rt13086 closed
--rt13101 closed
--rt13124 closed
--rt13153 closed
--rt13154 closed
--rt13205 closed
--rt13212 closed
--rt13219 closed
--rt13230 closed
--rt13238 closed
--rt13239 closed
--rt13378 closed
--rt13382 closed
--rt13396 closed
--rt13428 closed
--rt13438 closed
--rt13455 closed
--rt13463 closed
--rt13483 closed
--rt13501 closed
--rt13505 closed
--rt13511 closed
--rt13526 closed
--rt13547 closed
--rt13587 closed
--rt13593 closed
--rt13593a closed
--rt13597 closed
--rt13605 closed
--rt13606 closed // TSIG SHA256
--rt13609 closed
--rt13620 closed
--rt13659 closed
--rt13662 closed // abandoned
--rt13662_alt closed // abandoned
--rt13662_alt2 closed // rrset-order fixed
--rt13694 closed
--rt13707 closed
--rt13714 closed
--rt13745 closed
--rt13753 closed
--rt13754 closed
--rt13771 closed
--rt13780 closed
--rt14606 closed
--rt14616 closed
--rt14623 closed
--rt14666 closed
--rt14673 closed
--rt14685 closed
--rt14686 closed
--rt14695 closed
--rt1471 closed
--rt14775 closed
--rt14801 closed
--rt14802 closed
--rt14814 closed
--rt14815a closed // abandoned
--rt14816 closed
--rt14841 closed
--rt14846 closed
--rt14851 closed
--rt14852 closed
--rt14855 closed
--rt14873 closed
--rt14890 closed
--rt14892 closed
--rt14916 closed
--rt14918 closed
--rt14919 closed
--rt14931 closed
--rt14932 closed
--rt14933 closed // DLV
--rt14933a closed
--rt14951 closed
--rt14953 closed
--rt14959 closed
--rt14962 closed
--rt14963 closed // bad wildcard grants
--rt14965 closed // windows fixes
--rt14967 closed
--rt14991 closed
--rt14995 closed
--rt14996 closed // tune based on request load
--rt14998 closed
--rt15005 closed
--rt15006 closed
--rt15020 closed
--rt15034 closed
--rt15036 closed // ixfr-from-differences serial
--rt15103 closed
--rt15148 closed
--rt15215 closed
--rt15216 closed
--rt15256 closed
--rt15347 closed
--rt15383 closed
--rt15391 closed
--rt15402 closed
--rt15404 closed
--rt15408 closed
--rt15412 closed
--rt15430 closed
--rt15441 closed
--rt15452 closed
--rt15460 closed
--rt15465 closed
--rt15469 closed
--rt15473 closed
--rt15473b closed
--rt15474 closed
--rt15483 closed
--rt15491 closed
--rt15516 closed
--rt15518 closed
--rt15519 closed
--rt15529 closed
--rt15544 closed
--rt15544b closed
--rt15562 closed
--rt15568 closed
--rt15586 closed
--rt15592 closed
--rt15608 closed
--rt15613 closed
--rt15620 closed
--rt15628 closed
--rt15633 closed
--rt15636 closed
--rt15642 closed
--rt15647 closed
--rt15649 closed
--rt15674 closed
--rt15694 closed
--rt15695 closed
--rt15702 closed
--rt15704 closed
--rt15709 closed
--rt15723 closed
--rt15727 closed
--rt1572a closed // bad rt#
--rt15739 closed
--rt15742 closed
--rt15753 closed
--rt15758 closed
--rt15758a closed
--rt15776 closed
--rt15779 closed
--rt15780 closed
--rt15795 closed
--rt15807 closed
--rt15808 closed
--rt15812 closed
--rt15813 closed
--rt15817 closed
--rt15818 closed
--rt15825 closed
--rt15835 closed
--rt15840 closed
--rt15844 closed
--rt15849 closed
--rt15855 closed
--rt15878 closed
--rt15941 closed
--rt15949 closed // 2007-05-17 02:25 +0000
--rt15958 closed
--rt15959 closed
--rt15960 closed
--rt15970 closed
--rt15976 closed
--rt15978 closed
--rt15992 closed
--rt16020 closed
--rt16022 closed
--rt16026 closed
--rt16027 closed
--rt16030 closed
--rt16034 closed
--rt16037 closed
--rt16073 closed
--rt16074 closed
--rt16075 closed
--rt16117 closed
--rt16122 closed
--rt16123 closed
--rt16124 closed
--rt16156 closed
--rt16170 closed
--rt16179 closed
--rt16182 closed
--rt16183 closed
--rt16187 closed
--rt16218 closed
--rt16218a closed
--rt16219 closed
--rt16220 closed
--rt16220a closed
--rt16244 closed
--rt16290 closed
--rt16291 closed // 2007-02-06 22:29 +0000
--rt16292 closed
--rt16299 closed // 2007-05-17 01:08 +0000
--rt16300 closed
--rt16307 closed
--rt16313 closed
--rt16315 closed
--rt16317 closed
--rt16320 closed
--rt16324 closed
--rt16326 closed
--rt16341 closed
--rt16354 closed
--rt16361 closed
--rt16363 closed
--rt16365 closed // 2007-05-16 14:39 +0000
--rt16368 closed // 2007-05-16 14:11 +0000
--rt16388 closed
--rt16391 closed
--rt16399 closed
--rt16401 closed
--rt16403 closed
--rt16411 closed
--rt16415 closed
--rt16417 closed
--rt16426 closed
--rt16427 closed
--rt16437 closed // post 9.4.0
--rt16444 closed
--rt16447 closed
--rt16455 closed
--rt16456 closed
--rt16460 closed
--rt16463 closed // 2007-05-16 06:10 +0000
--rt16476 closed
--rt16481 closed // 2007-05-15 06:54 +0000
--rt16491 closed
--rt16497 closed // 2007-05-15 05:07 +0000
--rt16499 closed
--rt16502 closed
--rt16507 closed
--rt16553 closed
--rt16555 closed
--rt16563 closed
--rt16584 closed
--rt16592 closed // windows condition variable
--rt16599 closed // 2007-03-01 05:23 +0000
--rt16609 closed // post 9.4.0
--rt16612 closed // post 9.4.0
--rt16613 closed // post 9.4.0
--rt16619 closed // post 9.4.0
--rt16622 closed // post 9.4.0
--rt16635 closed
--rt16640 closed
--rt16641 closed // post 9.4.0
--rt16647 closed // 2007-02-09 02:18 +0000
--rt16653 closed // 2007-02-07 05:11 +0000
--rt16654 closed // 2007-02-07 06:10 +0000
--rt16655 closed // 2007-02-08 02:41 +0000
--rt16665 closed // 2007-02-12 06:11 +0000
--rt16685 closed // 2007-02-28 06:01 +0000
--rt16698 closed // 2007-03-09 02:41 +0000
--rt16707 closed // 2007-03-13 05:13 +0000
--rt16711 closed // 2007-03-09 02:33 +0000
--rt16743 closed
--rt16763 closed // 2007-04-02 06:31 +0000
--rt16764 closed // 2007-03-25 23:35 +0000
--rt16768 closed // 2007-03-27 01:58 +0000
--rt16785 closed // 2007-04-03 02:53 +0000
--rt16798 closed // 2007-05-14 06:18 +0000
--rt16821 closed // 2007-05-14 05:44 +0000
--rt16832 closed // 2007-05-03 02:30 +0000
--rt16832a closed // 2007-05-16 23:09 +0000
--rt16834 closed // 2007-04-29 23:52 +0000
--rt16871 closed // 2007-05-16 00:07 +0000
--rt16906 closed // 2007-05-23 02:51 +0000
--rt16908 closed // 2007-05-29 01:48 +0000
--rt16911 closed // 2007-05-27 23:20 +0000
--rt16915 closed // 2007-06-05 23:48 +0000
--rt16915a closed // 2007-06-25 03:06 +0000
--rt16958 closed
--rt16976 closed // 2007-08-16 01:15 +0000
--rt16982 closed // 2007-07-03 00:33 +0000
--rt16987 closed // 2007-07-03 01:20 +0000
--rt16987a closed // 2007-07-03 01:25 +0000
--rt17017 closed // 2007-08-10 05:20 +0000
--rt17028 closed // 2007-08-14 03:18 +0000
--rt17049 closed // 2007-08-13 04:30 +0000
--rt17058 closed // 2007-08-02 00:39 +0000
--rt17067 closed // 2007-09-11 13:18 +0000
--rt17073 closed // 2007-09-12 03:46 +0000
--rt17074 closed // 2007-08-13 15:01 +0000
--rt17078 closed // 2007-08-13 06:11 +0000
--rt17085 closed // 2007-09-07 07:08 +0000
--rt17092 closed // 2007-08-21 06:00 +0000
--rt17094 closed // 2007-08-17 02:27 +0000
--rt17097 closed // 2007-08-20 07:30 +0000
--rt17098 closed // 2007-08-19 23:14 +0000
--rt17101 closed // 2007-08-20 22:38 +0000
--rt17106 closed // 2007-08-30 00:30 +0000
--rt17111 closed // 2007-08-28 01:24 +0000
--rt17113 closed // 2007-09-06 05:18 +0000
--rt17113_v9_4 closed // 2007-09-07 04:40 +0000
--rt17114 closed // 2007-09-06 01:59 +0000
--rt17120 closed
--rt17121 closed
--rt17123 closed // 2007-09-06 01:09 +0000
--rt17127 closed // 2007-09-03 04:09 +0000
--rt17132 closed
--rt17134 closed
--rt17135 closed // 2007-09-07 02:28 +0000
--rt17137 closed // 2007-09-10 23:47 +0000
--rt17140 closed
--rt17147 closed // 2007-09-19 04:49 +0000
--rt17155 closed // 2007-09-18 01:54 +0000
--rt17159 closed // 2007-10-16 04:32 +0000
--rt17160 closed // 2007-09-19 03:58 +0000
--rt17175 closed
--rt17178 closed // 2007-10-24 08:43 +0000
--rt17216 closed
--rt17222 closed // 2007-10-24 08:04 +0000
--rt17235 closed // 2007-10-19 01:19 +0000
--rt17236 closed // 2007-10-29 16:43 +0000
--rt17237 closed // re-signing
--rt17272 closed // 2007-11-19 21:28 +0000
--rt1727b closed
--rt1727c closed
--rt17307 closed // 2007-11-26 03:55 +0000
--rt17311 closed // 2007-11-27 01:45 +0000
--rt17332 closed
--rt17354 closed // 2007-12-11 05:50 +0000
--rt17378 closed // 2007-12-20 01:15 +0000
--rt2471 closed
--rt288 closed
--rt3445 closed
--rt3469 closed
--rt3502 closed
--rt3507 closed // pull down by explorer
--rt3517 closed
--rt3536 closed // ixfr
--rt3588 closed
--rt3598 closed
--rt3625 closed
--rt3653 closed
--rt3666 closed
--rt3746 closed
--rt3746_lidl closed
--rt3892 closed
--rt3907 closed
--rt4090 closed
--rt4112 closed
--rt4268 closed
--rt4319 closed
--rt4347 closed
--rt4389 closed
--rt4398 closed
--rt4404 closed
--rt4425 closed
--rt4441 closed
--rt4463 closed
--rt4663 closed
--rt4675 closed
--rt4687 closed
--rt4706 closed
--rt4715 closed
--rt4764 closed
--rt4796 closed
--rt4802 closed
--rt4898 closed
--rt4940 closed
--rt5033 closed
--rt5041 closed
--rt5042 closed
--rt5044 closed
--rt5066 closed
--rt5066a closed
--rt5084 closed
--rt5099 closed
--rt5124 closed
--rt5127 closed
--rt5182 closed
--rt5192 closed
--rt5204 closed
--rt5206_1 closed
--rt5228 closed
--rt5299 closed
--rt5318 closed
--rt5397 closed
--rt5456 closed
--rt5528 closed
--rt5577 closed
--rt5586 closed
--rt5599 closed
--rt5746a closed // rt3746
--rt5764 closed
--rt6189 closed
--rt6206 closed
--rt6225 closed
--rt6229 closed
--rt6427 closed
--rt6432 closed
--rt6496 closed
--rt6496a closed
--rt6496b closed
--rt6539 closed
--rt6636 closed
--rt6813 closed
--rt7391 closed
--rt7572 closed
--rt8138 closed
--rt8358 closed
--rt8373 closed
--rt8534 closed
--rt8753 closed // support IPv6-scoped addr in dig
--rt8934 closed
--rt9091 closed
--rt9099 closed
--rt9099x closed
--rt9164 closed
--rt9189 closed
--rt9239 closed
--rt9239_base closed
--rt9319 closed
--rt9341 closed
--rt9442 closed
--rt9475 closed
--rt9479 closed
--rt9479_v9_2 closed
--rt9940 closed
--rt9941 closed
--rt9976 closed
--rt9979 closed
--rt9989 closed
--rt9997 closed
--rt9997a closed
--rt9998 closed
--skan-tcr closed
--skan-typecode-roll closed
--skan-typecode-roll2 closed
--slavefix closed
--v9_0 closed
--v9_1_3_delegation_only closed
--v9_1_3_do_base closed
--v9_1_4_base closed
--v9_3_0beta2_dlv closed
--ws20030120 closed // workshop branch
--ws20030120_tcr closed // workshop branch
--ws20030312 closed
--ws20030312_optin closed // workshop branch
--ws20030312_tcr closed // workshop branch
+++ /dev/null
--/*
-- * Portions Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
-- * Portions Copyright (C) 1999-2003 Internet Software Consortium.
-- *
-- * Permission to use, copy, modify, and/or distribute this software for any
-- * purpose with or without fee is hereby granted, provided that the above
-- * copyright notice and this permission notice appear in all copies.
-- *
-- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
-- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
-- * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
-- * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-- * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-- *
-- * Portions Copyright (C) 1995-2000 by Network Associates, Inc.
-- *
-- * Permission to use, copy, modify, and/or distribute this software for any
-- * purpose with or without fee is hereby granted, provided that the above
-- * copyright notice and this permission notice appear in all copies.
-- *
-- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC AND NETWORK ASSOCIATES DISCLAIMS
-- * ALL WARRANTIES WITH REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED
-- * WARRANTIES OF MERCHANTABILITY AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE
-- * FOR ANY SPECIAL, DIRECT, INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES
-- * WHATSOEVER RESULTING FROM LOSS OF USE, DATA OR PROFITS, WHETHER IN AN
-- * ACTION OF CONTRACT, NEGLIGENCE OR OTHER TORTIOUS ACTION, ARISING OUT OF OR
-- * IN CONNECTION WITH THE USE OR PERFORMANCE OF THIS SOFTWARE.
-- */
--
--/*
-- * Principal Author: Brian Wellington
- * $Id: dst_api.c,v 1.31 2009/09/23 16:01:57 each Exp $
- * $Id: dst_api.c,v 1.30 2009/09/14 18:45:45 each Exp $
-- */
--
--/*! \file */
--
--#include <config.h>
--
--#include <stdlib.h>
--
--#include <isc/buffer.h>
--#include <isc/dir.h>
--#include <isc/entropy.h>
--#include <isc/fsaccess.h>
--#include <isc/hmacsha.h>
--#include <isc/lex.h>
--#include <isc/mem.h>
--#include <isc/once.h>
--#include <isc/print.h>
--#include <isc/random.h>
--#include <isc/string.h>
--#include <isc/time.h>
--#include <isc/util.h>
--
--#include <dns/fixedname.h>
--#include <dns/keyvalues.h>
--#include <dns/name.h>
--#include <dns/rdata.h>
--#include <dns/rdataclass.h>
--#include <dns/ttl.h>
--#include <dns/types.h>
--
--#include <dst/result.h>
--
--#include "dst_internal.h"
--
--#define DST_AS_STR(t) ((t).value.as_textregion.base)
--
--static dst_func_t *dst_t_func[DST_MAX_ALGS];
--#ifdef BIND9
--static isc_entropy_t *dst_entropy_pool = NULL;
--#endif
--static unsigned int dst_entropy_flags = 0;
--static isc_boolean_t dst_initialized = ISC_FALSE;
--
--void gss_log(int level, const char *fmt, ...) ISC_FORMAT_PRINTF(2, 3);
--
--isc_mem_t *dst__memory_pool = NULL;
--
--/*
-- * Static functions.
-- */
--static dst_key_t * get_key_struct(dns_name_t *name,
-- unsigned int alg,
-- unsigned int flags,
-- unsigned int protocol,
-- unsigned int bits,
-- dns_rdataclass_t rdclass,
-- isc_mem_t *mctx);
--static isc_result_t write_public_key(const dst_key_t *key, int type,
-- const char *directory);
--static isc_result_t buildfilename(dns_name_t *name,
-- dns_keytag_t id,
-- unsigned int alg,
-- unsigned int type,
-- const char *directory,
-- isc_buffer_t *out);
--static isc_result_t computeid(dst_key_t *key);
--static isc_result_t frombuffer(dns_name_t *name,
-- unsigned int alg,
-- unsigned int flags,
-- unsigned int protocol,
-- dns_rdataclass_t rdclass,
-- isc_buffer_t *source,
-- isc_mem_t *mctx,
-- dst_key_t **keyp);
--
--static isc_result_t algorithm_status(unsigned int alg);
--
--static isc_result_t addsuffix(char *filename, unsigned int len,
-- const char *dirname, const char *ofilename,
-- const char *suffix);
--
--#define RETERR(x) \
-- do { \
-- result = (x); \
-- if (result != ISC_R_SUCCESS) \
-- goto out; \
-- } while (0)
--
--#define CHECKALG(alg) \
-- do { \
-- isc_result_t _r; \
-- _r = algorithm_status(alg); \
-- if (_r != ISC_R_SUCCESS) \
-- return (_r); \
-- } while (0); \
--
--#if defined(OPENSSL) && defined(BIND9)
--static void *
--default_memalloc(void *arg, size_t size) {
-- UNUSED(arg);
-- if (size == 0U)
-- size = 1;
-- return (malloc(size));
--}
--
--static void
--default_memfree(void *arg, void *ptr) {
-- UNUSED(arg);
-- free(ptr);
--}
--#endif
--
--isc_result_t
--dst_lib_init(isc_mem_t *mctx, isc_entropy_t *ectx, unsigned int eflags) {
-- isc_result_t result;
--
-- REQUIRE(mctx != NULL);
--#ifdef BIND9
-- REQUIRE(ectx != NULL);
--#else
-- UNUSED(ectx);
--#endif
-- REQUIRE(dst_initialized == ISC_FALSE);
--
-- dst__memory_pool = NULL;
--
--#if defined(OPENSSL) && defined(BIND9)
-- UNUSED(mctx);
-- /*
-- * When using --with-openssl, there seems to be no good way of not
-- * leaking memory due to the openssl error handling mechanism.
-- * Avoid assertions by using a local memory context and not checking
-- * for leaks on exit. Note: as there are leaks we cannot use
-- * ISC_MEMFLAG_INTERNAL as it will free up memory still being used
-- * by libcrypto.
-- */
-- result = isc_mem_createx2(0, 0, default_memalloc, default_memfree,
-- NULL, &dst__memory_pool, 0);
-- if (result != ISC_R_SUCCESS)
-- return (result);
-- isc_mem_setname(dst__memory_pool, "dst", NULL);
-- isc_mem_setdestroycheck(dst__memory_pool, ISC_FALSE);
--#else
-- isc_mem_attach(mctx, &dst__memory_pool);
--#endif
--#ifdef BIND9
-- isc_entropy_attach(ectx, &dst_entropy_pool);
--#endif
-- dst_entropy_flags = eflags;
--
-- dst_result_register();
--
-- memset(dst_t_func, 0, sizeof(dst_t_func));
-- RETERR(dst__hmacmd5_init(&dst_t_func[DST_ALG_HMACMD5]));
-- RETERR(dst__hmacsha1_init(&dst_t_func[DST_ALG_HMACSHA1]));
-- RETERR(dst__hmacsha224_init(&dst_t_func[DST_ALG_HMACSHA224]));
-- RETERR(dst__hmacsha256_init(&dst_t_func[DST_ALG_HMACSHA256]));
-- RETERR(dst__hmacsha384_init(&dst_t_func[DST_ALG_HMACSHA384]));
-- RETERR(dst__hmacsha512_init(&dst_t_func[DST_ALG_HMACSHA512]));
--#ifdef OPENSSL
-- RETERR(dst__openssl_init());
-- RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSAMD5]));
-- RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_RSASHA1]));
-- RETERR(dst__opensslrsa_init(&dst_t_func[DST_ALG_NSEC3RSASHA1]));
--#ifdef HAVE_OPENSSL_DSA
-- RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_DSA]));
-- RETERR(dst__openssldsa_init(&dst_t_func[DST_ALG_NSEC3DSA]));
--#endif
-- RETERR(dst__openssldh_init(&dst_t_func[DST_ALG_DH]));
--#endif /* OPENSSL */
--#ifdef GSSAPI
-- RETERR(dst__gssapi_init(&dst_t_func[DST_ALG_GSSAPI]));
--#endif
-- dst_initialized = ISC_TRUE;
-- return (ISC_R_SUCCESS);
--
-- out:
-- dst_lib_destroy();
-- return (result);
--}
--
--void
--dst_lib_destroy(void) {
-- int i;
-- RUNTIME_CHECK(dst_initialized == ISC_TRUE);
-- dst_initialized = ISC_FALSE;
--
-- for (i = 0; i < DST_MAX_ALGS; i++)
-- if (dst_t_func[i] != NULL && dst_t_func[i]->cleanup != NULL)
-- dst_t_func[i]->cleanup();
--#ifdef OPENSSL
-- dst__openssl_destroy();
--#endif
-- if (dst__memory_pool != NULL)
-- isc_mem_detach(&dst__memory_pool);
--#ifdef BIND9
-- if (dst_entropy_pool != NULL)
-- isc_entropy_detach(&dst_entropy_pool);
--#endif
--}
--
--isc_boolean_t
--dst_algorithm_supported(unsigned int alg) {
-- REQUIRE(dst_initialized == ISC_TRUE);
--
-- if (alg >= DST_MAX_ALGS || dst_t_func[alg] == NULL)
-- return (ISC_FALSE);
-- return (ISC_TRUE);
--}
--
--isc_result_t
--dst_context_create(dst_key_t *key, isc_mem_t *mctx, dst_context_t **dctxp) {
-- dst_context_t *dctx;
-- isc_result_t result;
--
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(VALID_KEY(key));
-- REQUIRE(mctx != NULL);
-- REQUIRE(dctxp != NULL && *dctxp == NULL);
--
-- if (key->func->createctx == NULL)
-- return (DST_R_UNSUPPORTEDALG);
-- if (key->keydata.generic == NULL)
-- return (DST_R_NULLKEY);
--
-- dctx = isc_mem_get(mctx, sizeof(dst_context_t));
-- if (dctx == NULL)
-- return (ISC_R_NOMEMORY);
-- dctx->key = key;
-- dctx->mctx = mctx;
-- result = key->func->createctx(key, dctx);
-- if (result != ISC_R_SUCCESS) {
-- isc_mem_put(mctx, dctx, sizeof(dst_context_t));
-- return (result);
-- }
-- dctx->magic = CTX_MAGIC;
-- *dctxp = dctx;
-- return (ISC_R_SUCCESS);
--}
--
--void
--dst_context_destroy(dst_context_t **dctxp) {
-- dst_context_t *dctx;
--
-- REQUIRE(dctxp != NULL && VALID_CTX(*dctxp));
--
-- dctx = *dctxp;
-- INSIST(dctx->key->func->destroyctx != NULL);
-- dctx->key->func->destroyctx(dctx);
-- dctx->magic = 0;
-- isc_mem_put(dctx->mctx, dctx, sizeof(dst_context_t));
-- *dctxp = NULL;
--}
--
--isc_result_t
--dst_context_adddata(dst_context_t *dctx, const isc_region_t *data) {
-- REQUIRE(VALID_CTX(dctx));
-- REQUIRE(data != NULL);
-- INSIST(dctx->key->func->adddata != NULL);
--
-- return (dctx->key->func->adddata(dctx, data));
--}
--
--isc_result_t
--dst_context_sign(dst_context_t *dctx, isc_buffer_t *sig) {
-- dst_key_t *key;
--
-- REQUIRE(VALID_CTX(dctx));
-- REQUIRE(sig != NULL);
--
-- key = dctx->key;
-- CHECKALG(key->key_alg);
-- if (key->keydata.generic == NULL)
-- return (DST_R_NULLKEY);
--
-- if (key->func->sign == NULL)
-- return (DST_R_NOTPRIVATEKEY);
-- if (key->func->isprivate == NULL ||
-- key->func->isprivate(key) == ISC_FALSE)
-- return (DST_R_NOTPRIVATEKEY);
--
-- return (key->func->sign(dctx, sig));
--}
--
--isc_result_t
--dst_context_verify(dst_context_t *dctx, isc_region_t *sig) {
-- REQUIRE(VALID_CTX(dctx));
-- REQUIRE(sig != NULL);
--
-- CHECKALG(dctx->key->key_alg);
-- if (dctx->key->keydata.generic == NULL)
-- return (DST_R_NULLKEY);
-- if (dctx->key->func->verify == NULL)
-- return (DST_R_NOTPUBLICKEY);
--
-- return (dctx->key->func->verify(dctx, sig));
--}
--
--isc_result_t
--dst_key_computesecret(const dst_key_t *pub, const dst_key_t *priv,
-- isc_buffer_t *secret)
--{
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(VALID_KEY(pub) && VALID_KEY(priv));
-- REQUIRE(secret != NULL);
--
-- CHECKALG(pub->key_alg);
-- CHECKALG(priv->key_alg);
--
-- if (pub->keydata.generic == NULL || priv->keydata.generic == NULL)
-- return (DST_R_NULLKEY);
--
-- if (pub->key_alg != priv->key_alg ||
-- pub->func->computesecret == NULL ||
-- priv->func->computesecret == NULL)
-- return (DST_R_KEYCANNOTCOMPUTESECRET);
--
-- if (dst_key_isprivate(priv) == ISC_FALSE)
-- return (DST_R_NOTPRIVATEKEY);
--
-- return (pub->func->computesecret(pub, priv, secret));
--}
--
--isc_result_t
--dst_key_tofile(const dst_key_t *key, int type, const char *directory) {
-- isc_result_t ret = ISC_R_SUCCESS;
--
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(VALID_KEY(key));
-- REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0);
--
-- CHECKALG(key->key_alg);
--
-- if (key->func->tofile == NULL)
-- return (DST_R_UNSUPPORTEDALG);
--
-- if (type & DST_TYPE_PUBLIC) {
-- ret = write_public_key(key, type, directory);
-- if (ret != ISC_R_SUCCESS)
-- return (ret);
-- }
--
-- if ((type & DST_TYPE_PRIVATE) &&
-- (key->key_flags & DNS_KEYFLAG_TYPEMASK) != DNS_KEYTYPE_NOKEY)
-- return (key->func->tofile(key, directory));
-- else
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--dst_key_fromfile(dns_name_t *name, dns_keytag_t id,
-- unsigned int alg, int type, const char *directory,
-- isc_mem_t *mctx, dst_key_t **keyp)
--{
-- char filename[ISC_DIR_NAMEMAX];
-- isc_buffer_t b;
-- dst_key_t *key;
-- isc_result_t result;
--
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(dns_name_isabsolute(name));
-- REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0);
-- REQUIRE(mctx != NULL);
-- REQUIRE(keyp != NULL && *keyp == NULL);
--
-- CHECKALG(alg);
--
-- isc_buffer_init(&b, filename, sizeof(filename));
-- result = buildfilename(name, id, alg, type, directory, &b);
-- if (result != ISC_R_SUCCESS)
-- return (result);
--
-- key = NULL;
-- result = dst_key_fromnamedfile(filename, NULL, type, mctx, &key);
-- if (result != ISC_R_SUCCESS)
-- return (result);
--
-- result = computeid(key);
-- if (result != ISC_R_SUCCESS) {
-- dst_key_free(&key);
-- return (result);
-- }
--
-- if (!dns_name_equal(name, key->key_name) || id != key->key_id ||
-- alg != key->key_alg) {
-- dst_key_free(&key);
-- return (DST_R_INVALIDPRIVATEKEY);
-- }
-- key->key_id = id;
--
-- *keyp = key;
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--dst_key_fromnamedfile(const char *filename, const char *dirname,
-- int type, isc_mem_t *mctx, dst_key_t **keyp)
--{
-- isc_result_t result;
-- dst_key_t *pubkey = NULL, *key = NULL;
-- char *newfilename = NULL;
-- int newfilenamelen = 0;
-- isc_lex_t *lex = NULL;
--
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(filename != NULL);
-- REQUIRE((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) != 0);
-- REQUIRE(mctx != NULL);
-- REQUIRE(keyp != NULL && *keyp == NULL);
--
-- /* If an absolute path is specified, don't use the key directory */
--#ifndef WIN32
-- if (filename[0] == '/')
-- dirname = NULL;
--#else /* WIN32 */
-- if (filename[0] == '/' || filename[0] == '\\')
-- dirname = NULL;
--#endif
--
-- newfilenamelen = strlen(filename) + 5;
-- if (dirname != NULL)
-- newfilenamelen += strlen(dirname) + 1;
-- newfilename = isc_mem_get(mctx, newfilenamelen);
-- if (newfilename == NULL)
-- return (ISC_R_NOMEMORY);
-- result = addsuffix(newfilename, newfilenamelen,
-- dirname, filename, ".key");
-- INSIST(result == ISC_R_SUCCESS);
--
-- result = dst_key_read_public(newfilename, type, mctx, &pubkey);
-- isc_mem_put(mctx, newfilename, newfilenamelen);
-- newfilename = NULL;
-- if (result != ISC_R_SUCCESS)
-- return (result);
--
-- if ((type & (DST_TYPE_PRIVATE | DST_TYPE_PUBLIC)) == DST_TYPE_PUBLIC ||
-- (pubkey->key_flags & DNS_KEYFLAG_TYPEMASK) == DNS_KEYTYPE_NOKEY) {
-- result = computeid(pubkey);
-- if (result != ISC_R_SUCCESS) {
-- dst_key_free(&pubkey);
-- return (result);
-- }
--
-- *keyp = pubkey;
-- return (ISC_R_SUCCESS);
-- }
--
-- result = algorithm_status(pubkey->key_alg);
-- if (result != ISC_R_SUCCESS) {
-- dst_key_free(&pubkey);
-- return (result);
-- }
--
-- key = get_key_struct(pubkey->key_name, pubkey->key_alg,
-- pubkey->key_flags, pubkey->key_proto, 0,
-- pubkey->key_class, mctx);
-- if (key == NULL) {
-- dst_key_free(&pubkey);
-- return (ISC_R_NOMEMORY);
-- }
--
-- if (key->func->parse == NULL)
-- RETERR(DST_R_UNSUPPORTEDALG);
--
-- newfilenamelen = strlen(filename) + 9;
-- if (dirname != NULL)
-- newfilenamelen += strlen(dirname) + 1;
-- newfilename = isc_mem_get(mctx, newfilenamelen);
-- if (newfilename == NULL)
-- RETERR(ISC_R_NOMEMORY);
-- result = addsuffix(newfilename, newfilenamelen,
-- dirname, filename, ".private");
-- INSIST(result == ISC_R_SUCCESS);
--
-- RETERR(isc_lex_create(mctx, 1500, &lex));
-- RETERR(isc_lex_openfile(lex, newfilename));
-- isc_mem_put(mctx, newfilename, newfilenamelen);
--
-- RETERR(key->func->parse(key, lex, pubkey));
-- isc_lex_destroy(&lex);
--
-- RETERR(computeid(key));
--
-- if (pubkey->key_id != key->key_id)
-- RETERR(DST_R_INVALIDPRIVATEKEY);
-- dst_key_free(&pubkey);
--
-- *keyp = key;
-- return (ISC_R_SUCCESS);
-- out:
-- if (pubkey != NULL)
-- dst_key_free(&pubkey);
-- if (newfilename != NULL)
-- isc_mem_put(mctx, newfilename, newfilenamelen);
-- if (lex != NULL)
-- isc_lex_destroy(&lex);
-- dst_key_free(&key);
-- return (result);
--}
--
--isc_result_t
--dst_key_todns(const dst_key_t *key, isc_buffer_t *target) {
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(VALID_KEY(key));
-- REQUIRE(target != NULL);
--
-- CHECKALG(key->key_alg);
--
-- if (key->func->todns == NULL)
-- return (DST_R_UNSUPPORTEDALG);
--
-- if (isc_buffer_availablelength(target) < 4)
-- return (ISC_R_NOSPACE);
-- isc_buffer_putuint16(target, (isc_uint16_t)(key->key_flags & 0xffff));
-- isc_buffer_putuint8(target, (isc_uint8_t)key->key_proto);
-- isc_buffer_putuint8(target, (isc_uint8_t)key->key_alg);
--
-- if (key->key_flags & DNS_KEYFLAG_EXTENDED) {
-- if (isc_buffer_availablelength(target) < 2)
-- return (ISC_R_NOSPACE);
-- isc_buffer_putuint16(target,
-- (isc_uint16_t)((key->key_flags >> 16)
-- & 0xffff));
-- }
--
-- if (key->keydata.generic == NULL) /*%< NULL KEY */
-- return (ISC_R_SUCCESS);
--
-- return (key->func->todns(key, target));
--}
--
--isc_result_t
--dst_key_fromdns(dns_name_t *name, dns_rdataclass_t rdclass,
-- isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
--{
-- isc_uint8_t alg, proto;
-- isc_uint32_t flags, extflags;
-- dst_key_t *key = NULL;
-- dns_keytag_t id;
-- isc_region_t r;
-- isc_result_t result;
--
-- REQUIRE(dst_initialized);
--
-- isc_buffer_remainingregion(source, &r);
--
-- if (isc_buffer_remaininglength(source) < 4)
-- return (DST_R_INVALIDPUBLICKEY);
-- flags = isc_buffer_getuint16(source);
-- proto = isc_buffer_getuint8(source);
-- alg = isc_buffer_getuint8(source);
--
-- id = dst_region_computeid(&r, alg);
--
-- if (flags & DNS_KEYFLAG_EXTENDED) {
-- if (isc_buffer_remaininglength(source) < 2)
-- return (DST_R_INVALIDPUBLICKEY);
-- extflags = isc_buffer_getuint16(source);
-- flags |= (extflags << 16);
-- }
--
-- result = frombuffer(name, alg, flags, proto, rdclass, source,
-- mctx, &key);
-- if (result != ISC_R_SUCCESS)
-- return (result);
-- key->key_id = id;
--
-- *keyp = key;
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--dst_key_frombuffer(dns_name_t *name, unsigned int alg,
-- unsigned int flags, unsigned int protocol,
-- dns_rdataclass_t rdclass,
-- isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
--{
-- dst_key_t *key = NULL;
-- isc_result_t result;
--
-- REQUIRE(dst_initialized);
--
-- result = frombuffer(name, alg, flags, protocol, rdclass, source,
-- mctx, &key);
-- if (result != ISC_R_SUCCESS)
-- return (result);
--
-- result = computeid(key);
-- if (result != ISC_R_SUCCESS) {
-- dst_key_free(&key);
-- return (result);
-- }
--
-- *keyp = key;
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--dst_key_tobuffer(const dst_key_t *key, isc_buffer_t *target) {
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(VALID_KEY(key));
-- REQUIRE(target != NULL);
--
-- CHECKALG(key->key_alg);
--
-- if (key->func->todns == NULL)
-- return (DST_R_UNSUPPORTEDALG);
--
-- return (key->func->todns(key, target));
--}
--
--isc_result_t
--dst_key_privatefrombuffer(dst_key_t *key, isc_buffer_t *buffer) {
-- isc_lex_t *lex = NULL;
-- isc_result_t result = ISC_R_SUCCESS;
--
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(VALID_KEY(key));
-- REQUIRE(!dst_key_isprivate(key));
-- REQUIRE(buffer != NULL);
--
-- if (key->func->parse == NULL)
-- RETERR(DST_R_UNSUPPORTEDALG);
--
-- RETERR(isc_lex_create(key->mctx, 1500, &lex));
-- RETERR(isc_lex_openbuffer(lex, buffer));
-- RETERR(key->func->parse(key, lex, NULL));
-- out:
-- if (lex != NULL)
-- isc_lex_destroy(&lex);
-- return (result);
--}
--
--gss_ctx_id_t
--dst_key_getgssctx(const dst_key_t *key)
--{
-- REQUIRE(key != NULL);
--
-- return (key->keydata.gssctx);
--}
--
--isc_result_t
--dst_key_fromgssapi(dns_name_t *name, gss_ctx_id_t gssctx, isc_mem_t *mctx,
-- dst_key_t **keyp)
--{
-- dst_key_t *key;
--
-- REQUIRE(gssctx != NULL);
-- REQUIRE(keyp != NULL && *keyp == NULL);
--
-- key = get_key_struct(name, DST_ALG_GSSAPI, 0, DNS_KEYPROTO_DNSSEC,
-- 0, dns_rdataclass_in, mctx);
-- if (key == NULL)
-- return (ISC_R_NOMEMORY);
--
-- key->keydata.gssctx = gssctx;
-- *keyp = key;
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--dst_key_fromlabel(dns_name_t *name, int alg, unsigned int flags,
-- unsigned int protocol, dns_rdataclass_t rdclass,
-- const char *engine, const char *label, const char *pin,
-- isc_mem_t *mctx, dst_key_t **keyp)
--{
-- dst_key_t *key;
-- isc_result_t result;
--
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(dns_name_isabsolute(name));
-- REQUIRE(mctx != NULL);
-- REQUIRE(keyp != NULL && *keyp == NULL);
-- REQUIRE(label != NULL);
--
-- CHECKALG(alg);
--
-- key = get_key_struct(name, alg, flags, protocol, 0, rdclass, mctx);
-- if (key == NULL)
-- return (ISC_R_NOMEMORY);
--
-- if (key->func->fromlabel == NULL) {
-- dst_key_free(&key);
-- return (DST_R_UNSUPPORTEDALG);
-- }
--
-- result = key->func->fromlabel(key, engine, label, pin);
-- if (result != ISC_R_SUCCESS) {
-- dst_key_free(&key);
-- return (result);
-- }
--
-- result = computeid(key);
-- if (result != ISC_R_SUCCESS) {
-- dst_key_free(&key);
-- return (result);
-- }
--
-- *keyp = key;
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--dst_key_generate(dns_name_t *name, unsigned int alg,
-- unsigned int bits, unsigned int param,
-- unsigned int flags, unsigned int protocol,
-- dns_rdataclass_t rdclass,
-- isc_mem_t *mctx, dst_key_t **keyp)
--{
-- dst_key_t *key;
-- isc_result_t ret;
--
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(dns_name_isabsolute(name));
-- REQUIRE(mctx != NULL);
-- REQUIRE(keyp != NULL && *keyp == NULL);
--
-- CHECKALG(alg);
--
-- key = get_key_struct(name, alg, flags, protocol, bits, rdclass, mctx);
-- if (key == NULL)
-- return (ISC_R_NOMEMORY);
--
-- if (bits == 0) { /*%< NULL KEY */
-- key->key_flags |= DNS_KEYTYPE_NOKEY;
-- *keyp = key;
-- return (ISC_R_SUCCESS);
-- }
--
-- if (key->func->generate == NULL) {
-- dst_key_free(&key);
-- return (DST_R_UNSUPPORTEDALG);
-- }
--
-- ret = key->func->generate(key, param);
-- if (ret != ISC_R_SUCCESS) {
-- dst_key_free(&key);
-- return (ret);
-- }
--
-- ret = computeid(key);
-- if (ret != ISC_R_SUCCESS) {
-- dst_key_free(&key);
-- return (ret);
-- }
--
-- *keyp = key;
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--dst_key_gettime(const dst_key_t *key, int type, isc_stdtime_t *timep) {
-- REQUIRE(VALID_KEY(key));
-- REQUIRE(timep != NULL);
-- REQUIRE(type <= DST_MAX_TIMES);
-- if (!key->timeset[type])
-- return (ISC_R_NOTFOUND);
-- *timep = key->times[type];
-- return (ISC_R_SUCCESS);
--}
--
--void
--dst_key_settime(dst_key_t *key, int type, isc_stdtime_t when) {
-- REQUIRE(VALID_KEY(key));
-- REQUIRE(type <= DST_MAX_TIMES);
-- key->times[type] = when;
-- key->timeset[type] = ISC_TRUE;
--}
--
--void
--dst_key_unsettime(dst_key_t *key, int type) {
-- REQUIRE(VALID_KEY(key));
-- REQUIRE(type <= DST_MAX_TIMES);
-- key->timeset[type] = ISC_FALSE;
--}
--
--isc_result_t
--dst_key_getprivateformat(const dst_key_t *key, int *majorp, int *minorp) {
-- REQUIRE(VALID_KEY(key));
-- REQUIRE(majorp != NULL);
-- REQUIRE(minorp != NULL);
-- *majorp = key->fmt_major;
-- *minorp = key->fmt_minor;
-- return (ISC_R_SUCCESS);
--}
--
--void
--dst_key_setprivateformat(dst_key_t *key, int major, int minor) {
-- REQUIRE(VALID_KEY(key));
-- key->fmt_major = major;
-- key->fmt_minor = minor;
--}
--
- static isc_boolean_t
- comparekeys(const dst_key_t *key1, const dst_key_t *key2,
- isc_boolean_t match_revoked_key,
- isc_boolean_t (*compare)())
- {
-isc_boolean_t
-dst_key_compare(const dst_key_t *key1, const dst_key_t *key2) {
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(VALID_KEY(key1));
-- REQUIRE(VALID_KEY(key2));
--
-- if (key1 == key2)
-- return (ISC_TRUE);
-
-- if (key1 == NULL || key2 == NULL)
- return (ISC_FALSE);
-
- if (key1->key_alg != key2->key_alg)
-- return (ISC_FALSE);
-
- /*
- * For all algorithms except RSAMD5, revoking the key
- * changes the key ID, increasing it by 128. If we want to
- * be able to find matching keys even if one of them is the
- * revoked version of the other one, then we need to check
- * for that possibility.
- */
- if (key1->key_id != key2->key_id) {
- if (!match_revoked_key)
- return (ISC_FALSE);
- if (key1->key_alg == DST_ALG_RSAMD5)
- return (ISC_FALSE);
- if ((key1->key_flags & DNS_KEYFLAG_REVOKE) ==
- (key2->key_flags & DNS_KEYFLAG_REVOKE))
- return (ISC_FALSE);
- if ((key1->key_flags & DNS_KEYFLAG_REVOKE) != 0 &&
- key1->key_id != ((key2->key_id + 128) & 0xffff))
- return (ISC_FALSE);
- if ((key2->key_flags & DNS_KEYFLAG_REVOKE) != 0 &&
- key2->key_id != ((key1->key_id + 128) & 0xffff))
- return (ISC_FALSE);
- }
-
- if (compare != NULL)
- return (compare(key1, key2));
- if (key1->key_alg == key2->key_alg &&
- key1->key_id == key2->key_id &&
- key1->func->compare != NULL &&
- key1->func->compare(key1, key2) == ISC_TRUE)
- return (ISC_TRUE);
-- else
- return (ISC_FALSE);
- }
-
-
- /*
- * Compares only the public portion of two keys, by converting them
- * both to wire format and comparing the results.
- */
- static isc_boolean_t
- pub_compare(dst_key_t *key1, dst_key_t *key2) {
- isc_result_t result;
- unsigned char txt1[DST_KEY_MAXSIZE], txt2[DST_KEY_MAXSIZE];
- isc_buffer_t b1, b2;
- isc_region_t r1, r2;
- isc_uint16_t flags;
-
- flags = key1->key_flags;
- key1->key_flags = 0;
- isc_buffer_init(&b1, txt1, sizeof(txt1));
- result = dst_key_todns(key1, &b1);
- key1->key_flags = flags;
- if (result != ISC_R_SUCCESS)
- return (ISC_FALSE);
-
- flags = key2->key_flags;
- key2->key_flags = 0;
- isc_buffer_init(&b2, txt2, sizeof(txt2));
- result = dst_key_todns(key2, &b2);
- key2->key_flags = flags;
- if (result != ISC_R_SUCCESS)
-- return (ISC_FALSE);
-
- isc_buffer_usedregion(&b1, &r1);
- isc_buffer_usedregion(&b2, &r2);
- return (ISC_TF(isc_region_compare(&r1, &r2) == 0));
- }
-
- isc_boolean_t
- dst_key_compare(const dst_key_t *key1, const dst_key_t *key2) {
- return (comparekeys(key1, key2, ISC_FALSE, key1->func->compare));
- }
-
- isc_boolean_t
- dst_key_pubcompare(const dst_key_t *key1, const dst_key_t *key2,
- isc_boolean_t match_revoked_key)
- {
- return (comparekeys(key1, key2, match_revoked_key, pub_compare));
--}
-
--
--isc_boolean_t
--dst_key_paramcompare(const dst_key_t *key1, const dst_key_t *key2) {
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(VALID_KEY(key1));
-- REQUIRE(VALID_KEY(key2));
--
-- if (key1 == key2)
-- return (ISC_TRUE);
-- if (key1 == NULL || key2 == NULL)
-- return (ISC_FALSE);
-- if (key1->key_alg == key2->key_alg &&
-- key1->func->paramcompare != NULL &&
-- key1->func->paramcompare(key1, key2) == ISC_TRUE)
-- return (ISC_TRUE);
-- else
-- return (ISC_FALSE);
--}
--
--void
--dst_key_free(dst_key_t **keyp) {
-- isc_mem_t *mctx;
-- dst_key_t *key;
--
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(keyp != NULL && VALID_KEY(*keyp));
--
-- key = *keyp;
-- mctx = key->mctx;
--
-- if (key->keydata.generic != NULL) {
-- INSIST(key->func->destroy != NULL);
-- key->func->destroy(key);
-- }
-- if (key->engine != NULL)
-- isc_mem_free(mctx, key->engine);
-- if (key->label != NULL)
-- isc_mem_free(mctx, key->label);
-- dns_name_free(key->key_name, mctx);
-- isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
-- memset(key, 0, sizeof(dst_key_t));
-- isc_mem_put(mctx, key, sizeof(dst_key_t));
-- *keyp = NULL;
--}
--
--isc_boolean_t
--dst_key_isprivate(const dst_key_t *key) {
-- REQUIRE(VALID_KEY(key));
-- INSIST(key->func->isprivate != NULL);
-- return (key->func->isprivate(key));
--}
--
--isc_result_t
--dst_key_buildfilename(const dst_key_t *key, int type,
-- const char *directory, isc_buffer_t *out) {
--
-- REQUIRE(VALID_KEY(key));
-- REQUIRE(type == DST_TYPE_PRIVATE || type == DST_TYPE_PUBLIC ||
-- type == 0);
--
-- return (buildfilename(key->key_name, key->key_id, key->key_alg,
-- type, directory, out));
--}
--
--isc_result_t
--dst_key_sigsize(const dst_key_t *key, unsigned int *n) {
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(VALID_KEY(key));
-- REQUIRE(n != NULL);
--
-- /* XXXVIX this switch statement is too sparse to gen a jump table. */
-- switch (key->key_alg) {
-- case DST_ALG_RSAMD5:
-- case DST_ALG_RSASHA1:
-- case DST_ALG_NSEC3RSASHA1:
-- *n = (key->key_size + 7) / 8;
-- break;
-- case DST_ALG_DSA:
-- case DST_ALG_NSEC3DSA:
-- *n = DNS_SIG_DSASIGSIZE;
-- break;
-- case DST_ALG_HMACMD5:
-- *n = 16;
-- break;
-- case DST_ALG_HMACSHA1:
-- *n = ISC_SHA1_DIGESTLENGTH;
-- break;
-- case DST_ALG_HMACSHA224:
-- *n = ISC_SHA224_DIGESTLENGTH;
-- break;
-- case DST_ALG_HMACSHA256:
-- *n = ISC_SHA256_DIGESTLENGTH;
-- break;
-- case DST_ALG_HMACSHA384:
-- *n = ISC_SHA384_DIGESTLENGTH;
-- break;
-- case DST_ALG_HMACSHA512:
-- *n = ISC_SHA512_DIGESTLENGTH;
-- break;
-- case DST_ALG_GSSAPI:
-- *n = 128; /*%< XXX */
-- break;
-- case DST_ALG_DH:
-- default:
-- return (DST_R_UNSUPPORTEDALG);
-- }
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--dst_key_secretsize(const dst_key_t *key, unsigned int *n) {
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(VALID_KEY(key));
-- REQUIRE(n != NULL);
--
-- if (key->key_alg == DST_ALG_DH)
-- *n = (key->key_size + 7) / 8;
-- else
-- return (DST_R_UNSUPPORTEDALG);
-- return (ISC_R_SUCCESS);
--}
--
--/***
-- *** Static methods
-- ***/
--
--/*%
-- * Allocates a key structure and fills in some of the fields.
-- */
--static dst_key_t *
--get_key_struct(dns_name_t *name, unsigned int alg,
-- unsigned int flags, unsigned int protocol,
-- unsigned int bits, dns_rdataclass_t rdclass,
-- isc_mem_t *mctx)
--{
-- dst_key_t *key;
-- isc_result_t result;
-- int i;
--
-- key = (dst_key_t *) isc_mem_get(mctx, sizeof(dst_key_t));
-- if (key == NULL)
-- return (NULL);
--
-- memset(key, 0, sizeof(dst_key_t));
-- key->magic = KEY_MAGIC;
--
-- key->key_name = isc_mem_get(mctx, sizeof(dns_name_t));
-- if (key->key_name == NULL) {
-- isc_mem_put(mctx, key, sizeof(dst_key_t));
-- return (NULL);
-- }
-- dns_name_init(key->key_name, NULL);
-- result = dns_name_dup(name, mctx, key->key_name);
-- if (result != ISC_R_SUCCESS) {
-- isc_mem_put(mctx, key->key_name, sizeof(dns_name_t));
-- isc_mem_put(mctx, key, sizeof(dst_key_t));
-- return (NULL);
-- }
-- key->key_alg = alg;
-- key->key_flags = flags;
-- key->key_proto = protocol;
-- key->mctx = mctx;
-- key->keydata.generic = NULL;
-- key->key_size = bits;
-- key->key_class = rdclass;
-- key->func = dst_t_func[alg];
-- key->fmt_major = 0;
-- key->fmt_minor = 0;
-- for (i = 0; i < (DST_MAX_TIMES + 1); i++) {
-- key->times[i] = 0;
-- key->timeset[i] = ISC_FALSE;
-- }
-- return (key);
--}
--
--/*%
-- * Reads a public key from disk
-- */
--isc_result_t
--dst_key_read_public(const char *filename, int type,
-- isc_mem_t *mctx, dst_key_t **keyp)
--{
-- u_char rdatabuf[DST_KEY_MAXSIZE];
-- isc_buffer_t b;
-- dns_fixedname_t name;
-- isc_lex_t *lex = NULL;
-- isc_token_t token;
-- isc_result_t ret;
-- dns_rdata_t rdata = DNS_RDATA_INIT;
-- unsigned int opt = ISC_LEXOPT_DNSMULTILINE;
-- dns_rdataclass_t rdclass = dns_rdataclass_in;
-- isc_lexspecials_t specials;
-- isc_uint32_t ttl;
-- isc_result_t result;
-- dns_rdatatype_t keytype;
--
-- /*
-- * Open the file and read its formatted contents
-- * File format:
-- * domain.name [ttl] [class] [KEY|DNSKEY] <flags> <protocol> <algorithm> <key>
-- */
--
-- /* 1500 should be large enough for any key */
-- ret = isc_lex_create(mctx, 1500, &lex);
-- if (ret != ISC_R_SUCCESS)
-- goto cleanup;
--
-- memset(specials, 0, sizeof(specials));
-- specials['('] = 1;
-- specials[')'] = 1;
-- specials['"'] = 1;
-- isc_lex_setspecials(lex, specials);
-- isc_lex_setcomments(lex, ISC_LEXCOMMENT_DNSMASTERFILE);
--
-- ret = isc_lex_openfile(lex, filename);
-- if (ret != ISC_R_SUCCESS)
-- goto cleanup;
--
--#define NEXTTOKEN(lex, opt, token) { \
-- ret = isc_lex_gettoken(lex, opt, token); \
-- if (ret != ISC_R_SUCCESS) \
-- goto cleanup; \
-- }
--
--#define BADTOKEN() { \
-- ret = ISC_R_UNEXPECTEDTOKEN; \
-- goto cleanup; \
-- }
--
-- /* Read the domain name */
-- NEXTTOKEN(lex, opt, &token);
-- if (token.type != isc_tokentype_string)
-- BADTOKEN();
--
-- /*
-- * We don't support "@" in .key files.
-- */
-- if (!strcmp(DST_AS_STR(token), "@"))
-- BADTOKEN();
--
-- dns_fixedname_init(&name);
-- isc_buffer_init(&b, DST_AS_STR(token), strlen(DST_AS_STR(token)));
-- isc_buffer_add(&b, strlen(DST_AS_STR(token)));
-- ret = dns_name_fromtext(dns_fixedname_name(&name), &b, dns_rootname,
-- 0, NULL);
-- if (ret != ISC_R_SUCCESS)
-- goto cleanup;
--
-- /* Read the next word: either TTL, class, or 'KEY' */
-- NEXTTOKEN(lex, opt, &token);
--
-- if (token.type != isc_tokentype_string)
-- BADTOKEN();
--
-- /* If it's a TTL, read the next one */
-- result = dns_ttl_fromtext(&token.value.as_textregion, &ttl);
-- if (result == ISC_R_SUCCESS)
-- NEXTTOKEN(lex, opt, &token);
--
-- if (token.type != isc_tokentype_string)
-- BADTOKEN();
--
-- ret = dns_rdataclass_fromtext(&rdclass, &token.value.as_textregion);
-- if (ret == ISC_R_SUCCESS)
-- NEXTTOKEN(lex, opt, &token);
--
-- if (token.type != isc_tokentype_string)
-- BADTOKEN();
--
-- if (strcasecmp(DST_AS_STR(token), "DNSKEY") == 0)
-- keytype = dns_rdatatype_dnskey;
-- else if (strcasecmp(DST_AS_STR(token), "KEY") == 0)
-- keytype = dns_rdatatype_key; /*%< SIG(0), TKEY */
-- else
-- BADTOKEN();
--
-- if (((type & DST_TYPE_KEY) != 0 && keytype != dns_rdatatype_key) ||
-- ((type & DST_TYPE_KEY) == 0 && keytype != dns_rdatatype_dnskey)) {
-- ret = DST_R_BADKEYTYPE;
-- goto cleanup;
-- }
--
-- isc_buffer_init(&b, rdatabuf, sizeof(rdatabuf));
-- ret = dns_rdata_fromtext(&rdata, rdclass, keytype, lex, NULL,
-- ISC_FALSE, mctx, &b, NULL);
-- if (ret != ISC_R_SUCCESS)
-- goto cleanup;
--
-- ret = dst_key_fromdns(dns_fixedname_name(&name), rdclass, &b, mctx,
-- keyp);
-- if (ret != ISC_R_SUCCESS)
-- goto cleanup;
--
-- cleanup:
-- if (lex != NULL)
-- isc_lex_destroy(&lex);
-- return (ret);
--}
--
--/*%
-- * Set the flags on a key, then recompute the key ID
-- */
--isc_result_t
--dst_key_setflags(dst_key_t *key, isc_uint32_t flags) {
-- REQUIRE(VALID_KEY(key));
-- key->key_flags = flags;
-- return (computeid(key));
--}
--
--static isc_boolean_t
--issymmetric(const dst_key_t *key) {
-- REQUIRE(dst_initialized == ISC_TRUE);
-- REQUIRE(VALID_KEY(key));
--
-- /* XXXVIX this switch statement is too sparse to gen a jump table. */
-- switch (key->key_alg) {
-- case DST_ALG_RSAMD5:
-- case DST_ALG_RSASHA1:
-- case DST_ALG_NSEC3RSASHA1:
-- case DST_ALG_DSA:
-- case DST_ALG_NSEC3DSA:
-- case DST_ALG_DH:
-- return (ISC_FALSE);
-- case DST_ALG_HMACMD5:
-- case DST_ALG_GSSAPI:
-- return (ISC_TRUE);
-- default:
-- return (ISC_FALSE);
-- }
--}
--
--/*%
-- * Write key timing metadata to a file pointer, preceded by 'tag'
-- */
--static void
--printtime(const dst_key_t *key, int type, const char *tag, FILE *stream) {
-- isc_result_t result;
-- const char *output;
-- isc_stdtime_t when;
-- time_t t;
--
-- result = dst_key_gettime(key, type, &when);
-- if (result == ISC_R_NOTFOUND)
-- return;
--
-- /* time_t and isc_stdtime_t might be different sizes */
-- t = when;
-- output = ctime(&t);
-- fprintf(stream, "%s: %s", tag, output);
--}
--
--/*%
-- * Writes a public key to disk in DNS format.
-- */
--static isc_result_t
--write_public_key(const dst_key_t *key, int type, const char *directory) {
-- FILE *fp;
-- isc_buffer_t keyb, textb, fileb, classb;
-- isc_region_t r;
-- char filename[ISC_DIR_NAMEMAX];
-- unsigned char key_array[DST_KEY_MAXSIZE];
-- char text_array[DST_KEY_MAXTEXTSIZE];
-- char class_array[10];
-- isc_result_t ret;
-- dns_rdata_t rdata = DNS_RDATA_INIT;
-- isc_fsaccess_t access;
--
-- REQUIRE(VALID_KEY(key));
--
-- isc_buffer_init(&keyb, key_array, sizeof(key_array));
-- isc_buffer_init(&textb, text_array, sizeof(text_array));
-- isc_buffer_init(&classb, class_array, sizeof(class_array));
--
-- ret = dst_key_todns(key, &keyb);
-- if (ret != ISC_R_SUCCESS)
-- return (ret);
--
-- isc_buffer_usedregion(&keyb, &r);
-- dns_rdata_fromregion(&rdata, key->key_class, dns_rdatatype_dnskey, &r);
--
-- ret = dns_rdata_totext(&rdata, (dns_name_t *) NULL, &textb);
-- if (ret != ISC_R_SUCCESS)
-- return (DST_R_INVALIDPUBLICKEY);
--
-- ret = dns_rdataclass_totext(key->key_class, &classb);
-- if (ret != ISC_R_SUCCESS)
-- return (DST_R_INVALIDPUBLICKEY);
--
-- /*
-- * Make the filename.
-- */
-- isc_buffer_init(&fileb, filename, sizeof(filename));
-- ret = dst_key_buildfilename(key, DST_TYPE_PUBLIC, directory, &fileb);
-- if (ret != ISC_R_SUCCESS)
-- return (ret);
--
-- /*
-- * Create public key file.
-- */
-- if ((fp = fopen(filename, "w")) == NULL)
-- return (DST_R_WRITEERROR);
--
-- if (issymmetric(key)) {
-- access = 0;
-- isc_fsaccess_add(ISC_FSACCESS_OWNER,
-- ISC_FSACCESS_READ | ISC_FSACCESS_WRITE,
-- &access);
-- (void)isc_fsaccess_set(filename, access);
-- }
--
-- /* Write key information in comments */
-- if ((type & DST_TYPE_KEY) == 0) {
-- fprintf(fp, "; This is a %s%s-signing key, keyid %d, for ",
-- (key->key_flags & DNS_KEYFLAG_REVOKE) != 0 ?
-- "revoked " :
-- "",
-- (key->key_flags & DNS_KEYFLAG_KSK) != 0 ?
-- "key" :
-- "zone",
-- key->key_id);
-- ret = dns_name_print(key->key_name, fp);
-- if (ret != ISC_R_SUCCESS) {
-- fclose(fp);
-- return (ret);
-- }
-- fputc('\n', fp);
--
-- printtime(key, DST_TIME_CREATED, "; Created", fp);
-- printtime(key, DST_TIME_PUBLISH, "; Publish", fp);
-- printtime(key, DST_TIME_ACTIVATE, "; Activate", fp);
-- printtime(key, DST_TIME_REVOKE, "; Revoke", fp);
-- printtime(key, DST_TIME_INACTIVE, "; Inactive", fp);
-- printtime(key, DST_TIME_DELETE, "; Delete", fp);
-- }
--
-- /* Now print the actual key */
-- ret = dns_name_print(key->key_name, fp);
--
-- fprintf(fp, " ");
--
-- isc_buffer_usedregion(&classb, &r);
-- fwrite(r.base, 1, r.length, fp);
--
-- if ((type & DST_TYPE_KEY) != 0)
-- fprintf(fp, " KEY ");
-- else
-- fprintf(fp, " DNSKEY ");
--
-- isc_buffer_usedregion(&textb, &r);
-- fwrite(r.base, 1, r.length, fp);
--
-- fputc('\n', fp);
-- fflush(fp);
-- if (ferror(fp))
-- ret = DST_R_WRITEERROR;
-- fclose(fp);
--
-- return (ret);
--}
--
--static isc_result_t
--buildfilename(dns_name_t *name, dns_keytag_t id,
-- unsigned int alg, unsigned int type,
-- const char *directory, isc_buffer_t *out)
--{
-- const char *suffix = "";
-- unsigned int len;
-- isc_result_t result;
--
-- REQUIRE(out != NULL);
-- if ((type & DST_TYPE_PRIVATE) != 0)
-- suffix = ".private";
-- else if (type == DST_TYPE_PUBLIC)
-- suffix = ".key";
-- if (directory != NULL) {
-- if (isc_buffer_availablelength(out) < strlen(directory))
-- return (ISC_R_NOSPACE);
-- isc_buffer_putstr(out, directory);
-- if (strlen(directory) > 0U &&
-- directory[strlen(directory) - 1] != '/')
-- isc_buffer_putstr(out, "/");
-- }
-- if (isc_buffer_availablelength(out) < 1)
-- return (ISC_R_NOSPACE);
-- isc_buffer_putstr(out, "K");
-- result = dns_name_tofilenametext(name, ISC_FALSE, out);
-- if (result != ISC_R_SUCCESS)
-- return (result);
-- len = 1 + 3 + 1 + 5 + strlen(suffix) + 1;
-- if (isc_buffer_availablelength(out) < len)
-- return (ISC_R_NOSPACE);
-- sprintf((char *) isc_buffer_used(out), "+%03d+%05d%s", alg, id,
-- suffix);
-- isc_buffer_add(out, len);
--
-- return (ISC_R_SUCCESS);
--}
--
--static isc_result_t
--computeid(dst_key_t *key) {
-- isc_buffer_t dnsbuf;
-- unsigned char dns_array[DST_KEY_MAXSIZE];
-- isc_region_t r;
-- isc_result_t ret;
--
-- isc_buffer_init(&dnsbuf, dns_array, sizeof(dns_array));
-- ret = dst_key_todns(key, &dnsbuf);
-- if (ret != ISC_R_SUCCESS)
-- return (ret);
--
-- isc_buffer_usedregion(&dnsbuf, &r);
-- key->key_id = dst_region_computeid(&r, key->key_alg);
-- return (ISC_R_SUCCESS);
--}
--
--static isc_result_t
--frombuffer(dns_name_t *name, unsigned int alg, unsigned int flags,
-- unsigned int protocol, dns_rdataclass_t rdclass,
-- isc_buffer_t *source, isc_mem_t *mctx, dst_key_t **keyp)
--{
-- dst_key_t *key;
-- isc_result_t ret;
--
-- REQUIRE(dns_name_isabsolute(name));
-- REQUIRE(source != NULL);
-- REQUIRE(mctx != NULL);
-- REQUIRE(keyp != NULL && *keyp == NULL);
--
-- key = get_key_struct(name, alg, flags, protocol, 0, rdclass, mctx);
-- if (key == NULL)
-- return (ISC_R_NOMEMORY);
--
-- if (isc_buffer_remaininglength(source) > 0) {
-- ret = algorithm_status(alg);
-- if (ret != ISC_R_SUCCESS) {
-- dst_key_free(&key);
-- return (ret);
-- }
-- if (key->func->fromdns == NULL) {
-- dst_key_free(&key);
-- return (DST_R_UNSUPPORTEDALG);
-- }
--
-- ret = key->func->fromdns(key, source);
-- if (ret != ISC_R_SUCCESS) {
-- dst_key_free(&key);
-- return (ret);
-- }
-- }
--
-- *keyp = key;
-- return (ISC_R_SUCCESS);
--}
--
--static isc_result_t
--algorithm_status(unsigned int alg) {
-- REQUIRE(dst_initialized == ISC_TRUE);
--
-- if (dst_algorithm_supported(alg))
-- return (ISC_R_SUCCESS);
--#ifndef OPENSSL
-- if (alg == DST_ALG_RSAMD5 || alg == DST_ALG_RSASHA1 ||
-- alg == DST_ALG_DSA || alg == DST_ALG_DH ||
-- alg == DST_ALG_HMACMD5 || alg == DST_ALG_NSEC3DSA ||
-- alg == DST_ALG_NSEC3RSASHA1)
-- return (DST_R_NOCRYPTO);
--#endif
-- return (DST_R_UNSUPPORTEDALG);
--}
--
--static isc_result_t
--addsuffix(char *filename, unsigned int len, const char *odirname,
-- const char *ofilename, const char *suffix)
--{
-- int olen = strlen(ofilename);
-- int n;
--
-- if (olen > 1 && ofilename[olen - 1] == '.')
-- olen -= 1;
-- else if (olen > 8 && strcmp(ofilename + olen - 8, ".private") == 0)
-- olen -= 8;
-- else if (olen > 4 && strcmp(ofilename + olen - 4, ".key") == 0)
-- olen -= 4;
--
-- if (odirname == NULL)
-- n = snprintf(filename, len, "%.*s%s", olen, ofilename, suffix);
-- else
-- n = snprintf(filename, len, "%s/%.*s%s",
-- odirname, olen, ofilename, suffix);
-- if (n < 0)
-- return (ISC_R_NOSPACE);
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--dst__entropy_getdata(void *buf, unsigned int len, isc_boolean_t pseudo) {
--#ifdef BIND9
-- unsigned int flags = dst_entropy_flags;
-- if (pseudo)
-- flags &= ~ISC_ENTROPY_GOODONLY;
-- return (isc_entropy_getdata(dst_entropy_pool, buf, len, NULL, flags));
--#else
-- UNUSED(buf);
-- UNUSED(len);
-- UNUSED(pseudo);
--
-- return (ISC_R_NOTIMPLEMENTED);
--#endif
--}
--
--unsigned int
--dst__entropy_status(void) {
--#ifdef BIND9
-- return (isc_entropy_status(dst_entropy_pool));
--#else
-- return (0);
--#endif
--}
+++ /dev/null
--LIBRARY libdns
--
--; Exported Functions
--EXPORTS
--
--dns_acache_attach
--dns_acache_attachentry
--dns_acache_cancelentry
--dns_acache_create
--dns_acache_createentry
--dns_acache_detach
--dns_acache_detachentry
--dns_acache_getentry
--dns_acache_putdb
--dns_acache_setcachesize
--dns_acache_setcleaninginterval
--dns_acache_setdb
--dns_acache_setentry
--dns_acache_shutdown
--dns_acl_any
--dns_acl_attach
--dns_acl_create
--dns_acl_detach
--dns_acl_isany
--dns_acl_isinsecure
--dns_acl_isnone
--dns_acl_match
--dns_acl_merge
--dns_acl_none
--dns_aclelement_match
--dns_aclenv_copy
--dns_aclenv_destroy
--dns_aclenv_init
--dns_adb_adjustsrtt
--dns_adb_attach
--dns_adb_cancelfind
--dns_adb_changeflags
--dns_adb_create
--dns_adb_createfind
--dns_adb_destroyfind
--dns_adb_detach
--dns_adb_dump
--dns_adb_dumpfind
--dns_adb_findaddrinfo
--dns_adb_flush
--dns_adb_freeaddrinfo
--dns_adb_marklame
--dns_adb_setadbsize
--dns_adb_shutdown
--dns_adb_whenshutdown
--dns_byaddr_cancel
--dns_byaddr_create
--dns_byaddr_createptrname
--dns_byaddr_createptrname2
--dns_byaddr_destroy
--dns_cache_attach
--dns_cache_attachdb
--dns_cache_clean
--dns_cache_create
--dns_cache_create2
--dns_cache_detach
--dns_cache_dump
--dns_cache_flush
--dns_cache_getcachesize
--dns_cache_getcleaninginterval
--dns_cache_getname
--dns_cache_load
--dns_cache_setcachesize
--dns_cache_setcleaninginterval
--dns_cache_setfilename
--dns_cert_fromtext
--dns_cert_totext
--dns_compress_add
--dns_compress_findglobal
--dns_compress_getedns
--dns_compress_getmethods
--dns_compress_init
--dns_compress_invalidate
--dns_compress_rollback
--dns_compress_setmethods
--dns_compress_setsensitive
--dns_counter_fromtext
--dns_db_addrdataset
--dns_db_allrdatasets
--dns_db_attach
--dns_db_attachnode
--dns_db_attachversion
--dns_db_beginload
--dns_db_class
--dns_db_closeversion
--dns_db_create
--dns_db_createiterator
--dns_db_createsoatuple
--dns_db_currentversion
--dns_db_deleterdataset
--dns_db_detach
--dns_db_detachnode
--dns_db_diff
--dns_db_dump
--dns_db_endload
--dns_db_expirenode
--dns_db_find
--dns_db_findnode
--dns_db_findnsec3node
--dns_db_findrdataset
--dns_db_findzonecut
--dns_db_getnsec3parameters
--dns_db_getoriginnode
--dns_db_getrrsetstats
--dns_db_getsoaserial
--dns_db_iscache
--dns_db_isdnssec
--dns_db_ispersistent
--dns_db_issecure
--dns_db_isstub
--dns_db_iszone
--dns_db_load
--dns_db_load2
--dns_db_load3
--dns_db_newversion
--dns_db_nodecount
--dns_db_ondestroy
--dns_db_origin
--dns_db_overmem
--dns_db_printnode
--dns_db_register
--dns_db_subtractrdataset
--dns_db_unregister
--dns_dbiterator_current
--dns_dbiterator_destroy
--dns_dbiterator_first
--dns_dbiterator_last
--dns_dbiterator_next
--dns_dbiterator_origin
--dns_dbiterator_pause
--dns_dbiterator_prev
--dns_dbiterator_seek
--dns_dbiterator_setcleanmode
--dns_dbtable_add
--dns_dbtable_adddefault
--dns_dbtable_attach
--dns_dbtable_create
--dns_dbtable_detach
--dns_dbtable_find
--dns_dbtable_getdefault
--dns_dbtable_remove
--dns_dbtable_removedefault
--dns_decompress_edns
--dns_decompress_getmethods
--dns_decompress_init
--dns_decompress_invalidate
--dns_decompress_setmethods
--dns_decompress_type
--dns_diff_append
--dns_diff_appendminimal
--dns_diff_apply
--dns_diff_applysilently
--dns_diff_clear
--dns_diff_init
--dns_diff_load
--dns_diff_print
--dns_diff_sort
--dns_difftuple_copy
--dns_difftuple_create
--dns_difftuple_free
--dns_dispatch_addresponse
--dns_dispatch_attach
--dns_dispatch_cancel
--dns_dispatch_changeattributes
--dns_dispatch_createtcp
--dns_dispatch_detach
--dns_dispatch_getlocaladdress
--dns_dispatch_getsocket
--dns_dispatch_getudp
--dns_dispatch_importrecv
--dns_dispatch_removeresponse
--dns_dispatch_starttcp
--dns_dispatchmgr_create
--dns_dispatchmgr_destroy
--dns_dispatchmgr_getblackhole
--dns_dispatchmgr_setavailports
--dns_dispatchmgr_setblackhole
--dns_dispatchmgr_setblackportlist
--dns_dispatchmgr_setstats
--dns_dlzallowzonexfr
--dns_dlzcreate
--dns_dlzdestroy
--dns_dlzfindzone
--dns_dlzregister
--dns_dlzstrtoargv
--dns_dlzunregister
--dns_dnssec_findzonekeys
--dns_dnssec_findzonekeys2
--dns_dnssec_findmatchingkeys
--dns_dnssec_keyfromrdata
--dns_dnssec_selfsigns
--dns_dnssec_sign
--dns_dnssec_signmessage
--dns_dnssec_verify
--dns_dnssec_verify2
--dns_dnssec_verifymessage
--dns_dnsseckey_create
--dns_dnsseckey_destroy
--dns_ds_buildrdata
--dns_ds_digest_supported
--dns_dumpctx_detach
--dns_fwdtable_add
--dns_fwdtable_create
--dns_fwdtable_destroy
--dns_fwdtable_find
--dns_generalstats_create
--dns_generalstats_dump
--dns_generalstats_increment
--dns_iptable_addprefix
--dns_iptable_attach
--dns_iptable_create
--dns_iptable_detach
--dns_iptable_merge
--dns_journal_begin_transaction
--dns_journal_commit
--dns_journal_current_rr
--dns_journal_destroy
--dns_journal_first_rr
--dns_journal_first_serial
--dns_journal_iter_init
--dns_journal_last_serial
--dns_journal_next_rr
--dns_journal_open
--dns_journal_print
--dns_journal_rollforward
--dns_journal_write_transaction
--dns_journal_writediff
--dns_keydata_fromdnskey
--dns_keydata_todnskey
--dns_keyflags_fromtext
--dns_keynode_key
--dns_keynode_managed
--dns_keytable_add
--dns_keytable_attach
--dns_keytable_create
--dns_keytable_delete
--dns_keytable_deletekeynode
--dns_keytable_detach
--dns_keytable_detachkeynode
--dns_keytable_find
--dns_keytable_finddeepestmatch
--dns_keytable_findkeynode
--dns_keytable_findnextkeynode
--dns_keytable_issecuredomain
--dns_keytable_marksecure
--dns_keytable_nextkeynode
--dns_lib_initmsgcat
--dns_loadctx_attach
--dns_loadctx_cancel
--dns_loadctx_detach
--dns_log_init
--dns_log_setcontext
--dns_lookup_cancel
--dns_lookup_create
--dns_lookup_destroy
--dns_master_dump
--dns_master_dumpnode
--dns_master_dumpnodetostream
--dns_master_dumptostream
--dns_master_dumptostream2
--dns_master_dumptostreaminc
--dns_master_loadbuffer
--dns_master_loadbufferinc
--dns_master_loadfile
--dns_master_loadfileinc
--dns_master_loadstream
--dns_master_loadstreaminc
--dns_master_questiontotext
--dns_master_rdatasettotext
--dns_master_stylecreate
--dns_master_styledestroy
--dns_message_addname
--dns_message_checksig
--dns_message_create
--dns_message_currentname
--dns_message_destroy
--dns_message_find
--dns_message_findname
--dns_message_findtype
--dns_message_firstname
--dns_message_getopt
--dns_message_getquerytsig
--dns_message_getrawmessage
--dns_message_getsig0
--dns_message_getsig0key
--dns_message_gettempname
--dns_message_gettempoffsets
--dns_message_gettemprdata
--dns_message_gettemprdatalist
--dns_message_gettemprdataset
--dns_message_gettimeadjust
--dns_message_gettsig
--dns_message_gettsigkey
--dns_message_movename
--dns_message_nextname
--dns_message_parse
--dns_message_peekheader
--dns_message_pseudosectiontotext
--dns_message_puttempname
--dns_message_puttemprdata
--dns_message_puttemprdatalist
--dns_message_puttemprdataset
--dns_message_rechecksig
--dns_message_removename
--dns_message_renderbegin
--dns_message_renderchangebuffer
--dns_message_renderend
--dns_message_renderheader
--dns_message_renderrelease
--dns_message_renderreserve
--dns_message_renderreset
--dns_message_rendersection
--dns_message_reply
--dns_message_reset
--dns_message_resetsig
--dns_message_sectiontotext
--dns_message_setopt
--dns_message_setquerytsig
--dns_message_setsig0key
--dns_message_setsortorder
--dns_message_settimeadjust
--dns_message_settsigkey
--dns_message_signer
--dns_message_takebuffer
--dns_message_totext
--dns_name_clone
--dns_name_compare
--dns_name_concatenate
--dns_name_copy
--dns_name_countlabels
--dns_name_destroy
--dns_name_digest
--dns_name_downcase
--dns_name_dup
--dns_name_dupwithoffsets
--dns_name_dynamic
--dns_name_equal
--dns_name_format
--dns_name_free
--dns_name_fromregion
--dns_name_fromtext
--dns_name_fromstring
--dns_name_fromwire
--dns_name_fullcompare
--dns_name_getlabel
--dns_name_getlabelsequence
--dns_name_hasbuffer
--dns_name_hash
--dns_name_init
--dns_name_internalwildcard
--dns_name_invalidate
--dns_name_isabsolute
--dns_name_issubdomain
--dns_name_iswildcard
--dns_name_matcheswildcard
--dns_name_print
--dns_name_rdatacompare
--dns_name_reset
--dns_name_setbuffer
--dns_name_settotextfilter
--dns_name_split
--dns_name_tofilenametext
--dns_name_toregion
--dns_name_tostring
--dns_name_totext
--dns_name_towire
--dns_ncache_add
--dns_ncache_getrdataset
--dns_ncache_towire
--dns_nsec3_active
--dns_nsec3_addnsec3
--dns_nsec3_addnsec3s
--dns_nsec3_buildrdata
--dns_nsec3_delnsec3
--dns_nsec3_delnsec3s
--dns_nsec3_hashlength
--dns_nsec3_hashname
--dns_nsec3_maxiterations
--dns_nsec3_supportedhash
--dns_nsec3_typepresent
--dns_nsec_build
--dns_nsec_buildrdata
--dns_nsec_nseconly
--dns_nsec_typepresent
--dns_opcode_totext
--dns_opcodestats_create
--dns_opcodestats_dump
--dns_opcodestats_increment
--dns_order_add
--dns_order_attach
--dns_order_create
--dns_order_detach
--dns_order_find
--dns_peer_attach
--dns_peer_detach
--dns_peer_getbogus
--dns_peer_getkey
--dns_peer_getmaxudp
--dns_peer_getprovideixfr
--dns_peer_getrequestixfr
--dns_peer_getsupportedns
--dns_peer_gettransferformat
--dns_peer_gettransfers
--dns_peer_new
--dns_peer_newprefix
--dns_peer_setbogus
--dns_peer_setkey
--dns_peer_setkeybycharp
--dns_peer_setmaxudp
--dns_peer_setnotifysource
--dns_peer_setprovideixfr
--dns_peer_setquerysource
--dns_peer_setrequestixfr
--dns_peer_setrequestnsid
--dns_peer_setsupportedns
--dns_peer_settransferformat
--dns_peer_settransfers
--dns_peer_settransfersource
--dns_peer_setudpsize
--dns_peerlist_addpeer
--dns_peerlist_attach
--dns_peerlist_currpeer
--dns_peerlist_detach
--dns_peerlist_new
--dns_peerlist_peerbyaddr
--dns_portlist_add
--dns_portlist_create
--dns_portlist_detach
--dns_rbt_addname
--dns_rbt_addnode
--dns_rbt_create
--dns_rbt_deletename
--dns_rbt_deletenode
--dns_rbt_destroy
--dns_rbt_findname
--dns_rbt_findnode
--dns_rbt_formatnodename
--dns_rbt_fullnamefromnode
--dns_rbt_namefromnode
--dns_rbt_nodecount
--dns_rbt_printall
--dns_rbtnodechain_current
--dns_rbtnodechain_first
--dns_rbtnodechain_init
--dns_rbtnodechain_invalidate
--dns_rbtnodechain_last
--dns_rbtnodechain_next
--dns_rbtnodechain_prev
--dns_rbtnodechain_reset
--dns_rcode_fromtext
--dns_rcode_totext
--dns_rdata_additionaldata
--dns_rdata_checkowner
--dns_rdata_clone
--dns_rdata_compare
--dns_rdata_covers
--dns_rdata_digest
--dns_rdata_freestruct
--dns_rdata_fromregion
--dns_rdata_fromstruct
--dns_rdata_fromtext
--dns_rdata_fromwire
--dns_rdata_init
--dns_rdata_reset
--dns_rdata_tofmttext
--dns_rdata_toregion
--dns_rdata_tostruct
--dns_rdata_totext
--dns_rdata_towire
--dns_rdatacallbacks_init
--dns_rdatacallbacks_init_stdio
--dns_rdataclass_format
--dns_rdataclass_fromtext
--dns_rdataclass_ismeta
--dns_rdataclass_totext
--dns_rdatalist_init
--dns_rdatalist_tordataset
--dns_rdataset_additionaldata
--dns_rdataset_clone
--dns_rdataset_count
--dns_rdataset_current
--dns_rdataset_disassociate
--dns_rdataset_first
--dns_rdataset_getadditional
--dns_rdataset_getclosest
--dns_rdataset_getnoqname
--dns_rdataset_init
--dns_rdataset_invalidate
--dns_rdataset_isassociated
--dns_rdataset_makequestion
--dns_rdataset_next
--dns_rdataset_putadditional
--dns_rdataset_setadditional
--dns_rdataset_totext
--dns_rdataset_towire
--dns_rdataset_towiresorted
--dns_rdatasetiter_current
--dns_rdatasetiter_destroy
--dns_rdatasetiter_first
--dns_rdatasetiter_next
--dns_rdatasetstats_dump
--dns_rdataslab_equal
--dns_rdataslab_fromrdataset
--dns_rdataslab_merge
--dns_rdataslab_size
--dns_rdataslab_subtract
--dns_rdatatype_atparent
--dns_rdatatype_attributes
--dns_rdatatype_format
--dns_rdatatype_fromtext
--dns_rdatatype_isdnssec
--dns_rdatatype_isknown
--dns_rdatatype_ismeta
--dns_rdatatype_issingleton
--dns_rdatatype_iszonecutauth
--dns_rdatatype_notquestion
--dns_rdatatype_questiononly
--dns_rdatatype_totext
--dns_rdatatypestats_create
--dns_rdatatypestats_dump
--dns_rdatatypestats_increment
--dns_request_cancel
--dns_request_create
--dns_request_createraw
--dns_request_createvia
--dns_request_createvia3
--dns_request_destroy
--dns_request_getresponse
--dns_request_usedtcp
--dns_requestmgr_attach
--dns_requestmgr_create
--dns_requestmgr_detach
--dns_requestmgr_shutdown
--dns_requestmgr_whenshutdown
--dns_resolver_addalternate
--dns_resolver_algorithm_supported
--dns_resolver_attach
--dns_resolver_cancelfetch
--dns_resolver_create
--dns_resolver_createfetch
--dns_resolver_createfetch2
--dns_resolver_destroyfetch
--dns_resolver_detach
--dns_resolver_disable_algorithm
--dns_resolver_dispatchmgr
--dns_resolver_dispatchv4
--dns_resolver_dispatchv6
--dns_resolver_freeze
--dns_resolver_getlamettl
--dns_resolver_getoptions
--dns_resolver_getudpsize
--dns_resolver_getzeronosoattl
--dns_resolver_logfetch
--dns_resolver_nrunning
--dns_resolver_prime
--dns_resolver_reset_algorithms
--dns_resolver_resetmustbesecure
--dns_resolver_setclientsperquery
--dns_resolver_setlamettl
--dns_resolver_setmustbesecure
--dns_resolver_setudpsize
--dns_resolver_setzeronosoattl
--dns_resolver_shutdown
--dns_resolver_socketmgr
--dns_resolver_taskmgr
--dns_resolver_whenshutdown
--dns_result_register
--dns_result_torcode
--dns_result_totext
--dns_rootns_create
--dns_rriterator_current
--dns_rriterator_first
--dns_rriterator_destroy
--dns_rriterator_init
--dns_rriterator_next
--dns_rriterator_nextrrset
--dns_rriterator_pause
--dns_sdb_putnamedrr
--dns_sdb_putrdata
--dns_sdb_putrr
--dns_sdb_putsoa
--dns_sdb_register
--dns_sdb_unregister
--dns_sdlz_putnamedrr
--dns_sdlz_putrr
--dns_sdlz_putsoa
--dns_sdlzregister
--dns_sdlzunregister
--dns_secalg_fromtext
--dns_secalg_totext
--dns_secproto_fromtext
--dns_secproto_totext
--dns_soa_getminimum
--dns_soa_getserial
--dns_soa_setserial
--dns_ssutable_addrule
--dns_ssutable_attach
--dns_ssutable_checkrules
--dns_ssutable_create
--dns_ssutable_detach
--dns_stats_alloccounters
--dns_stats_detach
--dns_stats_freecounters
--dns_tcpmsg_cancelread
--dns_tcpmsg_init
--dns_tcpmsg_invalidate
--dns_tcpmsg_keepbuffer
--dns_tcpmsg_readmessage
--dns_tcpmsg_setmaxsize
--dns_time32_fromtext
--dns_time32_totext
--dns_time64_fromtext
--dns_time64_totext
--dns_timer_setidle
--dns_tkey_builddeletequery
--dns_tkey_builddhquery
--dns_tkey_buildgssquery
--dns_tkey_processdeleteresponse
--dns_tkey_processdhresponse
--dns_tkey_processgssresponse
--dns_tkey_processquery
--dns_tkeyctx_create
--dns_tkeyctx_destroy
--dns_tsig_sign
--dns_tsig_verify
--dns_tsigkey_attach
--dns_tsigkey_create
--dns_tsigkey_createfromkey
--dns_tsigkey_detach
--dns_tsigkey_find
--dns_tsigkey_setdeleted
--dns_tsigkeyring_add
--dns_tsigkeyring_create
--dns_tsigkeyring_destroy
--dns_tsigrcode_fromtext
--dns_tsigrcode_totext
--dns_ttl_fromtext
--dns_ttl_totext
--dns_validator_cancel
--dns_validator_create
--dns_validator_destroy
--dns_validator_send
--dns_view_adddelegationonly
--dns_view_addzone
--dns_view_attach
--dns_view_checksig
--dns_view_create
--dns_view_createresolver
--dns_view_detach
--dns_view_dialup
--dns_view_dumpdbtostream
--dns_view_excludedelegationonly
--dns_view_find
--dns_view_findzone
--dns_view_findzonecut
--dns_view_flushanddetach
--dns_view_flushcache
--dns_view_flushcache2
--dns_view_flushname
--dns_view_freeze
--dns_view_freezezones
--dns_view_getpeertsig
--dns_view_getresquerystats
--dns_view_getresstats
--dns_view_gettsig
--dns_view_iscacheshared
--dns_view_load
--dns_view_loadnew
--dns_view_setcache
--dns_view_setcache2
--dns_view_setdstport
--dns_view_sethints
--dns_view_setkeyring
--dns_view_setresquerystats
--dns_view_setresstats
--dns_view_setrootdelonly
--dns_view_simplefind
--dns_view_weakattach
--dns_view_weakdetach
--dns_viewlist_find
--dns_viewlist_findzone
--dns_xfrin_attach
--dns_xfrin_create
--dns_xfrin_detach
--dns_xfrin_shutdown
--dns_zone_attach
--dns_zone_checknames
--dns_zone_clearforwardacl
--dns_zone_clearnotifyacl
--dns_zone_clearqueryacl
--dns_zone_clearupdateacl
--dns_zone_clearxfracl
--dns_zone_create
--dns_zone_detach
--dns_zone_dialup
--dns_zone_dump
--dns_zone_dumptostream
--dns_zone_dumptostream2
--dns_zone_expire
--dns_zone_first
--dns_zone_flush
--dns_zone_forcereload
--dns_zone_forwardupdate
--dns_zone_fulldumptostream
--dns_zone_getchecknames
--dns_zone_getclass
--dns_zone_getdb
--dns_zone_getdbtype
--dns_zone_getfile
--dns_zone_getforwardacl
--dns_zone_getidlein
--dns_zone_getidleout
--dns_zone_getjournal
--dns_zone_getjournalsize
--dns_zone_getkeydirectory
--dns_zone_getmaxxfrin
--dns_zone_getmaxxfrout
--dns_zone_getmctx
--dns_zone_getmgr
--dns_zone_getnotifyacl
--dns_zone_getnotifysrc4
--dns_zone_getnotifysrc6
--dns_zone_getoptions
--dns_zone_getorigin
--dns_zone_getprivatetype
--dns_zone_getqueryacl
--dns_zone_getrequeststats
--dns_zone_getserial
--dns_zone_getsigresigninginterval
--dns_zone_getsigvalidityinterval
--dns_zone_getssutable
--dns_zone_getstatscounters
--dns_zone_gettask
--dns_zone_gettype
--dns_zone_getupdateacl
--dns_zone_getupdatedisabled
--dns_zone_getview
--dns_zone_getxfracl
--dns_zone_getxfrsource4
--dns_zone_getxfrsource6
--dns_zone_getzeronosoattl
--dns_zone_iattach
--dns_zone_idetach
--dns_zone_isforced
--dns_zone_load
--dns_zone_loadandthaw
--dns_zone_log
--dns_zone_maintenance
--dns_zone_markdirty
--dns_zone_name
--dns_zone_next
--dns_zone_notify
--dns_zone_notifyreceive
--dns_zone_refresh
--dns_zone_replacedb
--dns_zone_setacache
--dns_zone_setalsonotify
--dns_zone_setaltxfrsource4
--dns_zone_setaltxfrsource6
--dns_zone_setcheckmx
--dns_zone_setchecknames
--dns_zone_setcheckns
--dns_zone_setchecksrv
--dns_zone_setclass
--dns_zone_setdbtype
--dns_zone_setdialup
--dns_zone_setfile
--dns_zone_setfile2
--dns_zone_setflag
--dns_zone_setforwardacl
--dns_zone_setidlein
--dns_zone_setidleout
--dns_zone_setisself
--dns_zone_setjournal
--dns_zone_setjournalsize
--dns_zone_setkeydirectory
--dns_zone_setmasters
--dns_zone_setmasterswithkeys
--dns_zone_setmaxrefreshtime
--dns_zone_setmaxretrytime
--dns_zone_setmaxxfrin
--dns_zone_setmaxxfrout
--dns_zone_setminrefreshtime
--dns_zone_setminretrytime
--dns_zone_setnodes
--dns_zone_setnotifyacl
--dns_zone_setnotifydelay
--dns_zone_setnotifysrc4
--dns_zone_setnotifysrc6
--dns_zone_setnotifytype
--dns_zone_setoption
--dns_zone_setorigin
--dns_zone_setprivatetype
--dns_zone_setqueryacl
--dns_zone_setqueryonacl
--dns_zone_setrequeststats
--dns_zone_setsignatures
--dns_zone_setsigresigninginterval
--dns_zone_setsigvalidityinterval
--dns_zone_setssutable
--dns_zone_setstatistics
--dns_zone_setstats
--dns_zone_settask
--dns_zone_settype
--dns_zone_setupdateacl
--dns_zone_setupdatedisabled
--dns_zone_setview
--dns_zone_setxfracl
--dns_zone_setxfrsource4
--dns_zone_setxfrsource6
--dns_zone_setzeronosoattl
--dns_zone_signwithkey
--dns_zone_unload
--dns_zonekey_iszonekey
--dns_zonemgr_attach
--dns_zonemgr_create
--dns_zonemgr_detach
--dns_zonemgr_forcemaint
--dns_zonemgr_getcount
--dns_zonemgr_getiolimit
--dns_zonemgr_getserialqueryrate
--dns_zonemgr_getttransfersin
--dns_zonemgr_getttransfersperns
--dns_zonemgr_managezone
--dns_zonemgr_releasezone
--dns_zonemgr_resumexfrs
--dns_zonemgr_setiolimit
--dns_zonemgr_setserialqueryrate
--dns_zonemgr_settransfersin
--dns_zonemgr_settransfersperns
--dns_zonemgr_shutdown
--dns_zt_apply
--dns_zt_attach
--dns_zt_create
--dns_zt_detach
--dns_zt_find
--dns_zt_flushanddetach
--dns_zt_load
--dns_zt_mount
--dns_zt_unmount
--dst_algorithm_supported
--dst_context_adddata
--dst_context_create
--dst_context_destroy
--dst_context_sign
--dst_context_verify
--dst_gssapi_acceptctx
--dst_gssapi_acquirecred
--dst_gssapi_initctx
--dst_key_alg
--dst_key_buildfilename
--dst_key_class
--dst_key_compare
--dst_key_computesecret
--dst_key_flags
--dst_key_free
--dst_key_frombuffer
--dst_key_fromdns
--dst_key_fromfile
--dst_key_fromgssapi
--dst_key_fromlabel
--dst_key_fromnamedfile
--dst_key_generate
--dst_key_getprivateformat
--dst_key_gettime
--dst_key_id
--dst_key_isnullkey
--dst_key_isprivate
--dst_key_iszonekey
--dst_key_name
--dst_key_paramcompare
--dst_key_proto
--dst_key_secretsize
--dst_key_setbits
--dst_key_setflags
--dst_key_setprivateformat
--dst_key_settime
--dst_key_sigsize
--dst_key_size
--dst_key_tobuffer
--dst_key_todns
--dst_key_tofile
--dst_key_unsettime
--dst_lib_destroy
--dst_lib_init
--dst_lib_initmsgcat
--dst_region_computeid
--dst_result_register
--dst_result_totext
--
--; Exported Data
--
--EXPORTS
--
--dns_master_style_full DATA
+++ /dev/null
--/*
-- * Copyright (C) 2004, 2005, 2007, 2008 Internet Systems Consortium, Inc. ("ISC")
-- * Copyright (C) 2003 Internet Software Consortium.
-- *
-- * Permission to use, copy, modify, and/or distribute this software for any
-- * purpose with or without fee is hereby granted, provided that the above
-- * copyright notice and this permission notice appear in all copies.
-- *
-- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-- * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-- * PERFORMANCE OF THIS SOFTWARE.
-- */
--
--/* $Id: ifiter_getifaddrs.c,v 1.11 2008/03/20 23:47:00 tbox Exp $ */
--
--/*! \file
-- * \brief
-- * Obtain the list of network interfaces using the getifaddrs(3) library.
-- */
--
--#include <ifaddrs.h>
--
--/*% Iterator Magic */
--#define IFITER_MAGIC ISC_MAGIC('I', 'F', 'I', 'G')
--/*% Valid Iterator */
--#define VALID_IFITER(t) ISC_MAGIC_VALID(t, IFITER_MAGIC)
--
--#ifdef __linux
--static isc_boolean_t seenv6 = ISC_FALSE;
--#endif
--
--/*% Iterator structure */
--struct isc_interfaceiter {
-- unsigned int magic; /*%< Magic number. */
-- isc_mem_t *mctx;
-- void *buf; /*%< (unused) */
-- unsigned int bufsize; /*%< (always 0) */
-- struct ifaddrs *ifaddrs; /*%< List of ifaddrs */
-- struct ifaddrs *pos; /*%< Ptr to current ifaddr */
-- isc_interface_t current; /*%< Current interface data. */
-- isc_result_t result; /*%< Last result code. */
--#ifdef __linux
-- FILE * proc;
-- char entry[ISC_IF_INET6_SZ];
-- isc_result_t valid;
--#endif
--};
--
--isc_result_t
--isc_interfaceiter_create(isc_mem_t *mctx, isc_interfaceiter_t **iterp) {
-- isc_interfaceiter_t *iter;
-- isc_result_t result;
-- char strbuf[ISC_STRERRORSIZE];
--
-- REQUIRE(mctx != NULL);
-- REQUIRE(iterp != NULL);
-- REQUIRE(*iterp == NULL);
--
-- iter = isc_mem_get(mctx, sizeof(*iter));
-- if (iter == NULL)
-- return (ISC_R_NOMEMORY);
--
-- iter->mctx = mctx;
-- iter->buf = NULL;
-- iter->bufsize = 0;
-- iter->ifaddrs = NULL;
--#ifdef __linux
-- /*
-- * Only open "/proc/net/if_inet6" if we have never seen a IPv6
-- * address returned by getifaddrs().
-- */
-- if (!seenv6)
-- iter->proc = fopen("/proc/net/if_inet6", "r");
-- else
-- iter->proc = NULL;
-- iter->valid = ISC_R_FAILURE;
--#endif
--
-- if (getifaddrs(&iter->ifaddrs) < 0) {
-- isc__strerror(errno, strbuf, sizeof(strbuf));
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-- isc_msgcat_get(isc_msgcat,
-- ISC_MSGSET_IFITERGETIFADDRS,
-- ISC_MSG_GETIFADDRS,
-- "getting interface "
-- "addresses: getifaddrs: %s"),
-- strbuf);
-- result = ISC_R_UNEXPECTED;
-- goto failure;
-- }
--
-- /*
-- * A newly created iterator has an undefined position
-- * until isc_interfaceiter_first() is called.
-- */
-- iter->pos = NULL;
-- iter->result = ISC_R_FAILURE;
--
-- iter->magic = IFITER_MAGIC;
-- *iterp = iter;
-- return (ISC_R_SUCCESS);
--
-- failure:
--#ifdef __linux
-- if (iter->proc != NULL)
-- fclose(iter->proc);
--#endif
-- if (iter->ifaddrs != NULL) /* just in case */
-- freeifaddrs(iter->ifaddrs);
-- isc_mem_put(mctx, iter, sizeof(*iter));
-- return (result);
--}
--
--/*
-- * Get information about the current interface to iter->current.
-- * If successful, return ISC_R_SUCCESS.
-- * If the interface has an unsupported address family,
-- * return ISC_R_IGNORE.
-- */
--
--static isc_result_t
--internal_current(isc_interfaceiter_t *iter) {
-- struct ifaddrs *ifa;
-- int family;
-- unsigned int namelen;
--
-- REQUIRE(VALID_IFITER(iter));
--
-- ifa = iter->pos;
--
--#ifdef __linux
-- if (iter->pos == NULL)
-- return (linux_if_inet6_current(iter));
--#endif
--
-- INSIST(ifa != NULL);
-- INSIST(ifa->ifa_name != NULL);
--
-- if (ifa->ifa_addr == NULL)
-- return (ISC_R_IGNORE);
--
-- family = ifa->ifa_addr->sa_family;
-- if (family != AF_INET && family != AF_INET6)
-- return (ISC_R_IGNORE);
--
--#ifdef __linux
-- if (family == AF_INET6)
-- seenv6 = ISC_TRUE;
--#endif
--
-- memset(&iter->current, 0, sizeof(iter->current));
--
-- namelen = strlen(ifa->ifa_name);
-- if (namelen > sizeof(iter->current.name) - 1)
-- namelen = sizeof(iter->current.name) - 1;
--
-- memset(iter->current.name, 0, sizeof(iter->current.name));
-- memcpy(iter->current.name, ifa->ifa_name, namelen);
--
-- iter->current.flags = 0;
--
-- if ((ifa->ifa_flags & IFF_UP) != 0)
-- iter->current.flags |= INTERFACE_F_UP;
--
-- if ((ifa->ifa_flags & IFF_POINTOPOINT) != 0)
-- iter->current.flags |= INTERFACE_F_POINTTOPOINT;
--
-- if ((ifa->ifa_flags & IFF_LOOPBACK) != 0)
-- iter->current.flags |= INTERFACE_F_LOOPBACK;
--
-- iter->current.af = family;
--
-- get_addr(family, &iter->current.address, ifa->ifa_addr, ifa->ifa_name);
--
-- if (ifa->ifa_netmask != NULL)
-- get_addr(family, &iter->current.netmask, ifa->ifa_netmask,
-- ifa->ifa_name);
--
-- if (ifa->ifa_dstaddr != NULL &&
-- (iter->current.flags & IFF_POINTOPOINT) != 0)
-- get_addr(family, &iter->current.dstaddress, ifa->ifa_dstaddr,
-- ifa->ifa_name);
--
-- return (ISC_R_SUCCESS);
--}
--
--/*
-- * Step the iterator to the next interface. Unlike
-- * isc_interfaceiter_next(), this may leave the iterator
-- * positioned on an interface that will ultimately
-- * be ignored. Return ISC_R_NOMORE if there are no more
-- * interfaces, otherwise ISC_R_SUCCESS.
-- */
--static isc_result_t
--internal_next(isc_interfaceiter_t *iter) {
--
-- if (iter->pos != NULL)
-- iter->pos = iter->pos->ifa_next;
-- if (iter->pos == NULL) {
--#ifdef __linux
-- if (!seenv6)
-- return (linux_if_inet6_next(iter));
--#endif
-- return (ISC_R_NOMORE);
-- }
--
-- return (ISC_R_SUCCESS);
--}
--
--static void
--internal_destroy(isc_interfaceiter_t *iter) {
--
--#ifdef __linux
-- if (iter->proc != NULL)
-- fclose(iter->proc);
-- iter->proc = NULL;
--#endif
-- if (iter->ifaddrs)
-- freeifaddrs(iter->ifaddrs);
-- iter->ifaddrs = NULL;
--}
--
--static
--void internal_first(isc_interfaceiter_t *iter) {
--
--#ifdef __linux
-- linux_if_inet6_first(iter);
--#endif
-- iter->pos = iter->ifaddrs;
--}
+++ /dev/null
--/*
-- * Copyright (C) 2004, 2005, 2007 Internet Systems Consortium, Inc. ("ISC")
-- * Copyright (C) 1998-2001 Internet Software Consortium.
-- *
-- * Permission to use, copy, modify, and/or distribute this software for any
-- * purpose with or without fee is hereby granted, provided that the above
-- * copyright notice and this permission notice appear in all copies.
-- *
-- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-- * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-- * PERFORMANCE OF THIS SOFTWARE.
-- */
--
--/* $Id: thread.h,v 1.22 2007/06/19 23:47:20 tbox Exp $ */
--
--#ifndef ISC_THREAD_H
--#define ISC_THREAD_H 1
--
--#include <windows.h>
--
--#include <isc/lang.h>
--#include <isc/result.h>
--
--/*
-- * Inlines to help with wait retrun checking
-- */
--
--/* check handle for NULL and INVALID_HANDLE */
--inline BOOL IsValidHandle( HANDLE hHandle) {
-- return ((hHandle != NULL) && (hHandle != INVALID_HANDLE_VALUE));
--}
--
--/* validate wait return codes... */
--inline BOOL WaitSucceeded( DWORD dwWaitResult, DWORD dwHandleCount) {
-- return ((dwWaitResult >= WAIT_OBJECT_0) &&
-- (dwWaitResult < WAIT_OBJECT_0 + dwHandleCount));
--}
--
--inline BOOL WaitAbandoned( DWORD dwWaitResult, DWORD dwHandleCount) {
-- return ((dwWaitResult >= WAIT_ABANDONED_0) &&
-- (dwWaitResult < WAIT_ABANDONED_0 + dwHandleCount));
--}
--
--inline BOOL WaitTimeout( DWORD dwWaitResult) {
-- return (dwWaitResult == WAIT_TIMEOUT);
--}
--
--inline BOOL WaitFailed( DWORD dwWaitResult) {
-- return (dwWaitResult == WAIT_FAILED);
--}
--
--/* compute object indices for waits... */
--inline DWORD WaitSucceededIndex( DWORD dwWaitResult) {
-- return (dwWaitResult - WAIT_OBJECT_0);
--}
--
--inline DWORD WaitAbandonedIndex( DWORD dwWaitResult) {
-- return (dwWaitResult - WAIT_ABANDONED_0);
--}
--
--
--
--typedef HANDLE isc_thread_t;
--typedef unsigned int isc_threadresult_t;
--typedef void * isc_threadarg_t;
--typedef isc_threadresult_t (WINAPI *isc_threadfunc_t)(isc_threadarg_t);
--typedef DWORD isc_thread_key_t;
--
--#define isc_thread_self (unsigned long)GetCurrentThreadId
--
--ISC_LANG_BEGINDECLS
--
--isc_result_t
--isc_thread_create(isc_threadfunc_t, isc_threadarg_t, isc_thread_t *);
--
--isc_result_t
--isc_thread_join(isc_thread_t, isc_threadresult_t *);
--
--void
--isc_thread_setconcurrency(unsigned int level);
--
--int
--isc_thread_key_create(isc_thread_key_t *key, void (*func)(void *));
--
--int
--isc_thread_key_delete(isc_thread_key_t key);
--
--void *
--isc_thread_key_getspecific(isc_thread_key);
--
--int
--isc_thread_key_setspecific(isc_thread_key_t key, void *value);
--
--ISC_LANG_ENDDECLS
--
--#endif /* ISC_THREAD_H */
+++ /dev/null
--/*
-- * Copyright (C) 2004-2009 Internet Systems Consortium, Inc. ("ISC")
-- * Copyright (C) 2000-2003 Internet Software Consortium.
-- *
-- * Permission to use, copy, modify, and/or distribute this software for any
-- * purpose with or without fee is hereby granted, provided that the above
-- * copyright notice and this permission notice appear in all copies.
-- *
-- * THE SOFTWARE IS PROVIDED "AS IS" AND ISC DISCLAIMS ALL WARRANTIES WITH
-- * REGARD TO THIS SOFTWARE INCLUDING ALL IMPLIED WARRANTIES OF MERCHANTABILITY
-- * AND FITNESS. IN NO EVENT SHALL ISC BE LIABLE FOR ANY SPECIAL, DIRECT,
-- * INDIRECT, OR CONSEQUENTIAL DAMAGES OR ANY DAMAGES WHATSOEVER RESULTING FROM
-- * LOSS OF USE, DATA OR PROFITS, WHETHER IN AN ACTION OF CONTRACT, NEGLIGENCE
-- * OR OTHER TORTIOUS ACTION, ARISING OUT OF OR IN CONNECTION WITH THE USE OR
-- * PERFORMANCE OF THIS SOFTWARE.
-- */
--
--/* $Id: socket.c,v 1.78 2009/09/02 18:32:25 each Exp $ */
--
--/* This code uses functions which are only available on Server 2003 and
-- * higher, and Windows XP and higher.
-- *
-- * This code is by nature multithreaded and takes advantage of various
-- * features to pass on information through the completion port for
-- * when I/O is completed. All sends, receives, accepts, and connects are
-- * completed through the completion port.
-- *
-- * The number of Completion Port Worker threads used is the total number
-- * of CPU's + 1. This increases the likelihood that a Worker Thread is
-- * available for processing a completed request.
-- *
-- * XXXPDM 5 August, 2002
-- */
--
--#define MAKE_EXTERNAL 1
--#include <config.h>
--
--#include <sys/types.h>
--
--#ifndef _WINSOCKAPI_
--#define _WINSOCKAPI_ /* Prevent inclusion of winsock.h in windows.h */
--#endif
--
--#include <errno.h>
--#include <stddef.h>
--#include <stdlib.h>
--#include <string.h>
--#include <unistd.h>
--#include <io.h>
--#include <fcntl.h>
--#include <process.h>
--
--#include <isc/buffer.h>
--#include <isc/bufferlist.h>
--#include <isc/condition.h>
--#include <isc/list.h>
--#include <isc/log.h>
--#include <isc/mem.h>
--#include <isc/msgs.h>
--#include <isc/mutex.h>
--#include <isc/net.h>
--#include <isc/once.h>
--#include <isc/os.h>
--#include <isc/platform.h>
--#include <isc/print.h>
--#include <isc/region.h>
--#include <isc/socket.h>
--#include <isc/stats.h>
--#include <isc/strerror.h>
--#include <isc/syslog.h>
--#include <isc/task.h>
--#include <isc/thread.h>
--#include <isc/util.h>
--#include <isc/win32os.h>
--
--#include <mswsock.h>
--
--#include "errno2result.h"
--
--/*
-- * How in the world can Microsoft exist with APIs like this?
-- * We can't actually call this directly, because it turns out
-- * no library exports this function. Instead, we need to
-- * issue a runtime call to get the address.
-- */
--LPFN_CONNECTEX ISCConnectEx;
--LPFN_ACCEPTEX ISCAcceptEx;
--LPFN_GETACCEPTEXSOCKADDRS ISCGetAcceptExSockaddrs;
--
--/*
-- * Run expensive internal consistency checks.
-- */
--#ifdef ISC_SOCKET_CONSISTENCY_CHECKS
--#define CONSISTENT(sock) consistent(sock)
--#else
--#define CONSISTENT(sock) do {} while (0)
--#endif
--static void consistent(isc_socket_t *sock);
--
--/*
-- * Define this macro to control the behavior of connection
-- * resets on UDP sockets. See Microsoft KnowledgeBase Article Q263823
-- * for details.
-- * NOTE: This requires that Windows 2000 systems install Service Pack 2
-- * or later.
-- */
--#ifndef SIO_UDP_CONNRESET
--#define SIO_UDP_CONNRESET _WSAIOW(IOC_VENDOR,12)
--#endif
--
--/*
-- * Some systems define the socket length argument as an int, some as size_t,
-- * some as socklen_t. This is here so it can be easily changed if needed.
-- */
--#ifndef ISC_SOCKADDR_LEN_T
--#define ISC_SOCKADDR_LEN_T unsigned int
--#endif
--
--/*
-- * Define what the possible "soft" errors can be. These are non-fatal returns
-- * of various network related functions, like recv() and so on.
-- */
--#define SOFT_ERROR(e) ((e) == WSAEINTR || \
-- (e) == WSAEWOULDBLOCK || \
-- (e) == EWOULDBLOCK || \
-- (e) == EINTR || \
-- (e) == EAGAIN || \
-- (e) == 0)
--
--/*
-- * Pending errors are not really errors and should be
-- * kept separate
-- */
--#define PENDING_ERROR(e) ((e) == WSA_IO_PENDING || (e) == 0)
--
--#define DOIO_SUCCESS 0 /* i/o ok, event sent */
--#define DOIO_SOFT 1 /* i/o ok, soft error, no event sent */
--#define DOIO_HARD 2 /* i/o error, event sent */
--#define DOIO_EOF 3 /* EOF, no event sent */
--#define DOIO_PENDING 4 /* status when i/o is in process */
--#define DOIO_NEEDMORE 5 /* IO was processed, but we need more due to minimum */
--
--#define DLVL(x) ISC_LOGCATEGORY_GENERAL, ISC_LOGMODULE_SOCKET, ISC_LOG_DEBUG(x)
--
--/*
-- * DLVL(90) -- Function entry/exit and other tracing.
-- * DLVL(70) -- Socket "correctness" -- including returning of events, etc.
-- * DLVL(60) -- Socket data send/receive
-- * DLVL(50) -- Event tracing, including receiving/sending completion events.
-- * DLVL(20) -- Socket creation/destruction.
-- */
--#define TRACE_LEVEL 90
--#define CORRECTNESS_LEVEL 70
--#define IOEVENT_LEVEL 60
--#define EVENT_LEVEL 50
--#define CREATION_LEVEL 20
--
--#define TRACE DLVL(TRACE_LEVEL)
--#define CORRECTNESS DLVL(CORRECTNESS_LEVEL)
--#define IOEVENT DLVL(IOEVENT_LEVEL)
--#define EVENT DLVL(EVENT_LEVEL)
--#define CREATION DLVL(CREATION_LEVEL)
--
--typedef isc_event_t intev_t;
--
--/*
-- * Socket State
-- */
--enum {
-- SOCK_INITIALIZED, /* Socket Initialized */
-- SOCK_OPEN, /* Socket opened but nothing yet to do */
-- SOCK_DATA, /* Socket sending or receiving data */
-- SOCK_LISTEN, /* TCP Socket listening for connects */
-- SOCK_ACCEPT, /* TCP socket is waiting to accept */
-- SOCK_CONNECT, /* TCP Socket connecting */
-- SOCK_CLOSED, /* Socket has been closed */
--};
--
--#define SOCKET_MAGIC ISC_MAGIC('I', 'O', 'i', 'o')
--#define VALID_SOCKET(t) ISC_MAGIC_VALID(t, SOCKET_MAGIC)
--
--/*
-- * IPv6 control information. If the socket is an IPv6 socket we want
-- * to collect the destination address and interface so the client can
-- * set them on outgoing packets.
-- */
--#ifdef ISC_PLATFORM_HAVEIPV6
--#ifndef USE_CMSG
--#define USE_CMSG 1
--#endif
--#endif
--
--/*
-- * We really don't want to try and use these control messages. Win32
-- * doesn't have this mechanism before XP.
-- */
--#undef USE_CMSG
--
--/*
-- * Message header for recvmsg and sendmsg calls.
-- * Used value-result for recvmsg, value only for sendmsg.
-- */
--struct msghdr {
-- SOCKADDR_STORAGE to_addr; /* UDP send/recv address */
-- int to_addr_len; /* length of the address */
-- WSABUF *msg_iov; /* scatter/gather array */
-- u_int msg_iovlen; /* # elements in msg_iov */
-- void *msg_control; /* ancillary data, see below */
-- u_int msg_controllen; /* ancillary data buffer len */
-- int msg_totallen; /* total length of this message */
--} msghdr;
--
--/*
-- * The size to raise the receive buffer to.
-- */
--#define RCVBUFSIZE (32*1024)
--
--/*
-- * The number of times a send operation is repeated if the result
-- * is WSAEINTR.
-- */
--#define NRETRIES 10
--
--struct isc_socket {
-- /* Not locked. */
-- unsigned int magic;
-- isc_socketmgr_t *manager;
-- isc_mutex_t lock;
-- isc_sockettype_t type;
--
-- /* Pointers to scatter/gather buffers */
-- WSABUF iov[ISC_SOCKET_MAXSCATTERGATHER];
--
-- /* Locked by socket lock. */
-- ISC_LINK(isc_socket_t) link;
-- unsigned int references; /* EXTERNAL references */
-- SOCKET fd; /* file handle */
-- int pf; /* protocol family */
-- char name[16];
-- void * tag;
--
-- /*
-- * Each recv() call uses this buffer. It is a per-socket receive
-- * buffer that allows us to decouple the system recv() from the
-- * recv_list done events. This means the items on the recv_list
-- * can be removed without having to cancel pending system recv()
-- * calls. It also allows us to read-ahead in some cases.
-- */
-- struct {
-- SOCKADDR_STORAGE from_addr; // UDP send/recv address
-- int from_addr_len; // length of the address
-- char *base; // the base of the buffer
-- char *consume_position; // where to start copying data from next
-- unsigned int len; // the actual size of this buffer
-- unsigned int remaining; // the number of bytes remaining
-- } recvbuf;
--
-- ISC_LIST(isc_socketevent_t) send_list;
-- ISC_LIST(isc_socketevent_t) recv_list;
-- ISC_LIST(isc_socket_newconnev_t) accept_list;
-- isc_socket_connev_t *connect_ev;
--
-- isc_sockaddr_t address; /* remote address */
--
-- unsigned int listener : 1, /* listener socket */
-- connected : 1,
-- pending_connect : 1, /* connect pending */
-- bound : 1; /* bound to local addr */
-- unsigned int pending_iocp; /* Should equal the counters below. Debug. */
-- unsigned int pending_recv; /* Number of outstanding recv() calls. */
-- unsigned int pending_send; /* Number of outstanding send() calls. */
-- unsigned int pending_accept; /* Number of outstanding accept() calls. */
-- unsigned int state; /* Socket state. Debugging and consistency checking. */
-- int state_lineno; /* line which last touched state */
--};
--
--#define _set_state(sock, _state) do { (sock)->state = (_state); (sock)->state_lineno = __LINE__; } while (0)
--
--/*
-- * Buffer structure
-- */
--typedef struct buflist buflist_t;
--
--struct buflist {
-- void *buf;
-- unsigned int buflen;
-- ISC_LINK(buflist_t) link;
--};
--
--/*
-- * I/O Completion ports Info structures
-- */
--
--static HANDLE hHeapHandle = NULL;
--typedef struct IoCompletionInfo {
-- OVERLAPPED overlapped;
-- isc_socketevent_t *dev; /* send()/recv() done event */
-- isc_socket_connev_t *cdev; /* connect() done event */
-- isc_socket_newconnev_t *adev; /* accept() done event */
-- void *acceptbuffer;
-- DWORD received_bytes;
-- int request_type;
-- struct msghdr messagehdr;
-- ISC_LIST(buflist_t) bufferlist; /*%< list of buffers */
--} IoCompletionInfo;
--
--/*
-- * Define a maximum number of I/O Completion Port worker threads
-- * to handle the load on the Completion Port. The actual number
-- * used is the number of CPU's + 1.
-- */
--#define MAX_IOCPTHREADS 20
--
--#define SOCKET_MANAGER_MAGIC ISC_MAGIC('I', 'O', 'm', 'g')
--#define VALID_MANAGER(m) ISC_MAGIC_VALID(m, SOCKET_MANAGER_MAGIC)
--
--struct isc_socketmgr {
-- /* Not locked. */
-- unsigned int magic;
-- isc_mem_t *mctx;
-- isc_mutex_t lock;
-- isc_stats_t *stats;
--
-- /* Locked by manager lock. */
-- ISC_LIST(isc_socket_t) socklist;
-- isc_boolean_t bShutdown;
-- isc_condition_t shutdown_ok;
-- HANDLE hIoCompletionPort;
-- int maxIOCPThreads;
-- HANDLE hIOCPThreads[MAX_IOCPTHREADS];
-- DWORD dwIOCPThreadIds[MAX_IOCPTHREADS];
--
-- /*
-- * Debugging.
-- * Modified by InterlockedIncrement() and InterlockedDecrement()
-- */
-- LONG totalSockets;
-- LONG iocp_total;
--};
--
--enum {
-- SOCKET_RECV,
-- SOCKET_SEND,
-- SOCKET_ACCEPT,
-- SOCKET_CONNECT
--};
--
--/*
-- * send() and recv() iovec counts
-- */
--#define MAXSCATTERGATHER_SEND (ISC_SOCKET_MAXSCATTERGATHER)
--#define MAXSCATTERGATHER_RECV (ISC_SOCKET_MAXSCATTERGATHER)
--
--static isc_threadresult_t WINAPI SocketIoThread(LPVOID ThreadContext);
--static void maybe_free_socket(isc_socket_t **, int);
--static void free_socket(isc_socket_t **, int);
--static isc_boolean_t senddone_is_active(isc_socket_t *sock, isc_socketevent_t *dev);
--static isc_boolean_t acceptdone_is_active(isc_socket_t *sock, isc_socket_newconnev_t *dev);
--static isc_boolean_t connectdone_is_active(isc_socket_t *sock, isc_socket_connev_t *dev);
--static void send_recvdone_event(isc_socket_t *sock, isc_socketevent_t **dev);
--static void send_senddone_event(isc_socket_t *sock, isc_socketevent_t **dev);
--static void send_acceptdone_event(isc_socket_t *sock, isc_socket_newconnev_t **adev);
--static void send_connectdone_event(isc_socket_t *sock, isc_socket_connev_t **cdev);
--static void send_recvdone_abort(isc_socket_t *sock, isc_result_t result);
--static void queue_receive_event(isc_socket_t *sock, isc_task_t *task, isc_socketevent_t *dev);
--static void queue_receive_request(isc_socket_t *sock);
--
--/*
-- * This is used to dump the contents of the sock structure
-- * You should make sure that the sock is locked before
-- * dumping it. Since the code uses simple printf() statements
-- * it should only be used interactively.
-- */
--void
--sock_dump(isc_socket_t *sock) {
-- isc_socketevent_t *ldev;
-- isc_socket_newconnev_t *ndev;
--
--#if 0
-- isc_sockaddr_t addr;
-- char socktext[256];
--
-- isc_socket_getpeername(sock, &addr);
-- isc_sockaddr_format(&addr, socktext, sizeof(socktext));
-- printf("Remote Socket: %s\n", socktext);
-- isc_socket_getsockname(sock, &addr);
-- isc_sockaddr_format(&addr, socktext, sizeof(socktext));
-- printf("This Socket: %s\n", socktext);
--#endif
--
-- printf("\n\t\tSock Dump\n");
-- printf("\t\tfd: %u\n", sock->fd);
-- printf("\t\treferences: %d\n", sock->references);
-- printf("\t\tpending_accept: %d\n", sock->pending_accept);
-- printf("\t\tconnecting: %d\n", sock->pending_connect);
-- printf("\t\tconnected: %d\n", sock->connected);
-- printf("\t\tbound: %d\n", sock->bound);
-- printf("\t\tpending_iocp: %d\n", sock->pending_iocp);
-- printf("\t\tsocket type: %d\n", sock->type);
--
-- printf("\n\t\tSock Recv List\n");
-- ldev = ISC_LIST_HEAD(sock->recv_list);
-- while (ldev != NULL) {
-- printf("\t\tdev: %p\n", ldev);
-- ldev = ISC_LIST_NEXT(ldev, ev_link);
-- }
--
-- printf("\n\t\tSock Send List\n");
-- ldev = ISC_LIST_HEAD(sock->send_list);
-- while (ldev != NULL) {
-- printf("\t\tdev: %p\n", ldev);
-- ldev = ISC_LIST_NEXT(ldev, ev_link);
-- }
--
-- printf("\n\t\tSock Accept List\n");
-- ndev = ISC_LIST_HEAD(sock->accept_list);
-- while (ndev != NULL) {
-- printf("\t\tdev: %p\n", ldev);
-- ndev = ISC_LIST_NEXT(ndev, ev_link);
-- }
--}
--
--static void
--socket_log(int lineno, isc_socket_t *sock, isc_sockaddr_t *address,
-- isc_logcategory_t *category, isc_logmodule_t *module, int level,
-- isc_msgcat_t *msgcat, int msgset, int message,
-- const char *fmt, ...) ISC_FORMAT_PRINTF(9, 10);
--
--/* This function will add an entry to the I/O completion port
-- * that will signal the I/O thread to exit (gracefully)
-- */
--static void
--signal_iocompletionport_exit(isc_socketmgr_t *manager) {
-- int i;
-- int errval;
-- char strbuf[ISC_STRERRORSIZE];
--
-- REQUIRE(VALID_MANAGER(manager));
-- for (i = 0; i < manager->maxIOCPThreads; i++) {
-- if (!PostQueuedCompletionStatus(manager->hIoCompletionPort,
-- 0, 0, 0)) {
-- errval = GetLastError();
-- isc__strerror(errval, strbuf, sizeof(strbuf));
-- FATAL_ERROR(__FILE__, __LINE__,
-- isc_msgcat_get(isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_FAILED,
-- "Can't request service thread to exit: %s"),
-- strbuf);
-- }
-- }
--}
--
--/*
-- * Create the worker threads for the I/O Completion Port
-- */
--void
--iocompletionport_createthreads(int total_threads, isc_socketmgr_t *manager) {
-- int errval;
-- char strbuf[ISC_STRERRORSIZE];
-- int i;
--
-- INSIST(total_threads > 0);
-- REQUIRE(VALID_MANAGER(manager));
-- /*
-- * We need at least one
-- */
-- for (i = 0; i < total_threads; i++) {
-- manager->hIOCPThreads[i] = CreateThread(NULL, 0, SocketIoThread,
-- manager, 0,
-- &manager->dwIOCPThreadIds[i]);
-- if (manager->hIOCPThreads[i] == NULL) {
-- errval = GetLastError();
-- isc__strerror(errval, strbuf, sizeof(strbuf));
-- FATAL_ERROR(__FILE__, __LINE__,
-- isc_msgcat_get(isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_FAILED,
-- "Can't create IOCP thread: %s"),
-- strbuf);
-- exit(1);
-- }
-- }
--}
--
--/*
-- * Create/initialise the I/O completion port
-- */
--void
--iocompletionport_init(isc_socketmgr_t *manager) {
-- int errval;
-- char strbuf[ISC_STRERRORSIZE];
--
-- REQUIRE(VALID_MANAGER(manager));
-- /*
-- * Create a private heap to handle the socket overlapped structure
-- * The minimum number of structures is 10, there is no maximum
-- */
-- hHeapHandle = HeapCreate(0, 10 * sizeof(IoCompletionInfo), 0);
-- if (hHeapHandle == NULL) {
-- errval = GetLastError();
-- isc__strerror(errval, strbuf, sizeof(strbuf));
-- FATAL_ERROR(__FILE__, __LINE__,
-- isc_msgcat_get(isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_FAILED,
-- "HeapCreate() failed during "
-- "initialization: %s"),
-- strbuf);
-- exit(1);
-- }
--
-- manager->maxIOCPThreads = min(isc_os_ncpus() + 1, MAX_IOCPTHREADS);
--
-- /* Now Create the Completion Port */
-- manager->hIoCompletionPort = CreateIoCompletionPort(
-- INVALID_HANDLE_VALUE, NULL,
-- 0, manager->maxIOCPThreads);
-- if (manager->hIoCompletionPort == NULL) {
-- errval = GetLastError();
-- isc__strerror(errval, strbuf, sizeof(strbuf));
-- FATAL_ERROR(__FILE__, __LINE__,
-- isc_msgcat_get(isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_FAILED,
-- "CreateIoCompletionPort() failed "
-- "during initialization: %s"),
-- strbuf);
-- exit(1);
-- }
--
-- /*
-- * Worker threads for servicing the I/O
-- */
-- iocompletionport_createthreads(manager->maxIOCPThreads, manager);
--}
--
--/*
-- * Associate a socket with an IO Completion Port. This allows us to queue events for it
-- * and have our worker pool of threads process them.
-- */
--void
--iocompletionport_update(isc_socket_t *sock) {
-- HANDLE hiocp;
-- char strbuf[ISC_STRERRORSIZE];
--
-- REQUIRE(VALID_SOCKET(sock));
--
-- hiocp = CreateIoCompletionPort((HANDLE)sock->fd,
-- sock->manager->hIoCompletionPort, (ULONG_PTR)sock, 0);
--
-- if (hiocp == NULL) {
-- DWORD errval = GetLastError();
-- isc__strerror(errval, strbuf, sizeof(strbuf));
-- isc_log_iwrite(isc_lctx,
-- ISC_LOGCATEGORY_GENERAL,
-- ISC_LOGMODULE_SOCKET, ISC_LOG_ERROR,
-- isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_TOOMANYHANDLES,
-- "iocompletionport_update: failed to open"
-- " io completion port: %s",
-- strbuf);
--
-- /* XXXMLG temporary hack to make failures detected.
-- * This function should return errors to the caller, not
-- * exit here.
-- */
-- FATAL_ERROR(__FILE__, __LINE__,
-- isc_msgcat_get(isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_FAILED,
-- "CreateIoCompletionPort() failed "
-- "during initialization: %s"),
-- strbuf);
-- exit(1);
-- }
--
-- InterlockedIncrement(&sock->manager->iocp_total);
--}
--
--/*
-- * Routine to cleanup and then close the socket.
-- * Only close the socket here if it is NOT associated
-- * with an event, otherwise the WSAWaitForMultipleEvents
-- * may fail due to the fact that the Wait should not
-- * be running while closing an event or a socket.
-- * The socket is locked before calling this function
-- */
--void
--socket_close(isc_socket_t *sock) {
--
-- REQUIRE(sock != NULL);
--
-- if (sock->fd != INVALID_SOCKET) {
-- closesocket(sock->fd);
-- sock->fd = INVALID_SOCKET;
-- _set_state(sock, SOCK_CLOSED);
-- InterlockedDecrement(&sock->manager->totalSockets);
-- }
--}
--
--static isc_once_t initialise_once = ISC_ONCE_INIT;
--static isc_boolean_t initialised = ISC_FALSE;
--
--static void
--initialise(void) {
-- WORD wVersionRequested;
-- WSADATA wsaData;
-- int err;
-- SOCKET sock;
-- GUID GUIDConnectEx = WSAID_CONNECTEX;
-- GUID GUIDAcceptEx = WSAID_ACCEPTEX;
-- GUID GUIDGetAcceptExSockaddrs = WSAID_GETACCEPTEXSOCKADDRS;
-- DWORD dwBytes;
--
-- /* Need Winsock 2.2 or better */
-- wVersionRequested = MAKEWORD(2, 2);
--
-- err = WSAStartup(wVersionRequested, &wsaData);
-- if (err != 0) {
-- char strbuf[ISC_STRERRORSIZE];
-- isc__strerror(err, strbuf, sizeof(strbuf));
-- FATAL_ERROR(__FILE__, __LINE__, "WSAStartup() %s: %s",
-- isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
-- ISC_MSG_FAILED, "failed"),
-- strbuf);
-- exit(1);
-- }
-- /*
-- * The following APIs do not exist as functions in a library, but we must
-- * ask winsock for them. They are "extensions" -- but why they cannot be
-- * actual functions is beyond me. So, ask winsock for the pointers to the
-- * functions we need.
-- */
-- sock = socket(AF_INET, SOCK_STREAM, IPPROTO_TCP);
-- INSIST(sock != INVALID_SOCKET);
-- err = WSAIoctl(sock, SIO_GET_EXTENSION_FUNCTION_POINTER,
-- &GUIDConnectEx, sizeof(GUIDConnectEx),
-- &ISCConnectEx, sizeof(ISCConnectEx),
-- &dwBytes, NULL, NULL);
-- INSIST(err == 0);
--
-- err = WSAIoctl(sock, SIO_GET_EXTENSION_FUNCTION_POINTER,
-- &GUIDAcceptEx, sizeof(GUIDAcceptEx),
-- &ISCAcceptEx, sizeof(ISCAcceptEx),
-- &dwBytes, NULL, NULL);
-- INSIST(err == 0);
--
-- err = WSAIoctl(sock, SIO_GET_EXTENSION_FUNCTION_POINTER,
-- &GUIDGetAcceptExSockaddrs, sizeof(GUIDGetAcceptExSockaddrs),
-- &ISCGetAcceptExSockaddrs, sizeof(ISCGetAcceptExSockaddrs),
-- &dwBytes, NULL, NULL);
-- INSIST(err == 0);
--
-- closesocket(sock);
--
-- initialised = ISC_TRUE;
--}
--
--/*
-- * Initialize socket services
-- */
--void
--InitSockets(void) {
-- RUNTIME_CHECK(isc_once_do(&initialise_once,
-- initialise) == ISC_R_SUCCESS);
-- if (!initialised)
-- exit(1);
--}
--
--int
--internal_sendmsg(isc_socket_t *sock, IoCompletionInfo *lpo,
-- struct msghdr *messagehdr, int flags, int *Error)
--{
-- int Result;
-- DWORD BytesSent;
-- DWORD Flags = flags;
-- int total_sent;
--
-- *Error = 0;
-- Result = WSASendTo(sock->fd, messagehdr->msg_iov,
-- messagehdr->msg_iovlen, &BytesSent,
-- Flags, (SOCKADDR *)&messagehdr->to_addr,
-- messagehdr->to_addr_len, (LPWSAOVERLAPPED)lpo,
-- NULL);
--
-- total_sent = (int)BytesSent;
--
-- /* Check for errors.*/
-- if (Result == SOCKET_ERROR) {
-- *Error = WSAGetLastError();
--
-- switch (*Error) {
-- case WSA_IO_INCOMPLETE:
-- case WSA_WAIT_IO_COMPLETION:
-- case WSA_IO_PENDING:
-- case NO_ERROR: /* Strange, but okay */
-- sock->pending_iocp++;
-- sock->pending_send++;
-- break;
--
-- default:
-- return (-1);
-- break;
-- }
-- } else {
-- sock->pending_iocp++;
-- sock->pending_send++;
-- }
--
-- if (lpo != NULL)
-- return (0);
-- else
-- return (total_sent);
--}
--
--static void
--queue_receive_request(isc_socket_t *sock) {
-- DWORD Flags = 0;
-- DWORD NumBytes = 0;
-- int total_bytes = 0;
-- int Result;
-- int Error;
-- WSABUF iov[1];
-- IoCompletionInfo *lpo;
-- isc_result_t isc_result;
--
-- /*
-- * If we already have a receive pending, do nothing.
-- */
-- if (sock->pending_recv > 0)
-- return;
--
-- /*
-- * If no one is waiting, do nothing.
-- */
-- if (ISC_LIST_EMPTY(sock->recv_list))
-- return;
--
-- INSIST(sock->recvbuf.remaining == 0);
-- INSIST(sock->fd != INVALID_SOCKET);
--
-- iov[0].len = sock->recvbuf.len;
-- iov[0].buf = sock->recvbuf.base;
--
-- lpo = (IoCompletionInfo *)HeapAlloc(hHeapHandle,
-- HEAP_ZERO_MEMORY,
-- sizeof(IoCompletionInfo));
-- RUNTIME_CHECK(lpo != NULL);
-- lpo->request_type = SOCKET_RECV;
--
-- sock->recvbuf.from_addr_len = sizeof(sock->recvbuf.from_addr);
--
-- Error = 0;
-- Result = WSARecvFrom((SOCKET)sock->fd, iov, 1,
-- &NumBytes, &Flags,
-- (SOCKADDR *)&sock->recvbuf.from_addr,
-- &sock->recvbuf.from_addr_len,
-- (LPWSAOVERLAPPED)lpo, NULL);
--
-- /* Check for errors. */
-- if (Result == SOCKET_ERROR) {
-- Error = WSAGetLastError();
--
-- switch (Error) {
-- case WSA_IO_PENDING:
-- sock->pending_iocp++;
-- sock->pending_recv++;
-- break;
--
-- default:
-- isc_result = isc__errno2result(Error);
-- if (isc_result == ISC_R_UNEXPECTED)
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-- "WSARecvFrom: Windows error code: %d, isc result %d",
-- Error, isc_result);
-- send_recvdone_abort(sock, isc_result);
-- break;
-- }
-- } else {
-- /*
-- * The recv() finished immediately, but we will still get
-- * a completion event. Rather than duplicate code, let
-- * that thread handle sending the data along its way.
-- */
-- sock->pending_iocp++;
-- sock->pending_recv++;
-- }
--
-- socket_log(__LINE__, sock, NULL, IOEVENT,
-- isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_DOIORECV,
-- "queue_io_request: fd %d result %d error %d",
-- sock->fd, Result, Error);
--
-- CONSISTENT(sock);
--}
--
--static void
--manager_log(isc_socketmgr_t *sockmgr, isc_logcategory_t *category,
-- isc_logmodule_t *module, int level, const char *fmt, ...)
--{
-- char msgbuf[2048];
-- va_list ap;
--
-- if (!isc_log_wouldlog(isc_lctx, level))
-- return;
--
-- va_start(ap, fmt);
-- vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);
-- va_end(ap);
--
-- isc_log_write(isc_lctx, category, module, level,
-- "sockmgr %p: %s", sockmgr, msgbuf);
--}
--
--static void
--socket_log(int lineno, isc_socket_t *sock, isc_sockaddr_t *address,
-- isc_logcategory_t *category, isc_logmodule_t *module, int level,
-- isc_msgcat_t *msgcat, int msgset, int message,
-- const char *fmt, ...)
--{
-- char msgbuf[2048];
-- char peerbuf[256];
-- va_list ap;
--
--
-- if (!isc_log_wouldlog(isc_lctx, level))
-- return;
--
-- va_start(ap, fmt);
-- vsnprintf(msgbuf, sizeof(msgbuf), fmt, ap);
-- va_end(ap);
--
-- if (address == NULL) {
-- isc_log_iwrite(isc_lctx, category, module, level,
-- msgcat, msgset, message,
-- "socket %p line %d: %s", sock, lineno, msgbuf);
-- } else {
-- isc_sockaddr_format(address, peerbuf, sizeof(peerbuf));
-- isc_log_iwrite(isc_lctx, category, module, level,
-- msgcat, msgset, message,
-- "socket %p line %d peer %s: %s", sock, lineno,
-- peerbuf, msgbuf);
-- }
--
--}
--
--/*
-- * Make an fd SOCKET non-blocking.
-- */
--static isc_result_t
--make_nonblock(SOCKET fd) {
-- int ret;
-- unsigned long flags = 1;
-- char strbuf[ISC_STRERRORSIZE];
--
-- /* Set the socket to non-blocking */
-- ret = ioctlsocket(fd, FIONBIO, &flags);
--
-- if (ret == -1) {
-- isc__strerror(errno, strbuf, sizeof(strbuf));
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-- "ioctlsocket(%d, FIOBIO, %d): %s",
-- fd, flags, strbuf);
--
-- return (ISC_R_UNEXPECTED);
-- }
--
-- return (ISC_R_SUCCESS);
--}
--
--/*
-- * Windows 2000 systems incorrectly cause UDP sockets using WASRecvFrom
-- * to not work correctly, returning a WSACONNRESET error when a WSASendTo
-- * fails with an "ICMP port unreachable" response and preventing the
-- * socket from using the WSARecvFrom in subsequent operations.
-- * The function below fixes this, but requires that Windows 2000
-- * Service Pack 2 or later be installed on the system. NT 4.0
-- * systems are not affected by this and work correctly.
-- * See Microsoft Knowledge Base Article Q263823 for details of this.
-- */
--isc_result_t
--connection_reset_fix(SOCKET fd) {
-- DWORD dwBytesReturned = 0;
-- BOOL bNewBehavior = FALSE;
-- DWORD status;
--
-- if (isc_win32os_majorversion() < 5)
-- return (ISC_R_SUCCESS); /* NT 4.0 has no problem */
--
-- /* disable bad behavior using IOCTL: SIO_UDP_CONNRESET */
-- status = WSAIoctl(fd, SIO_UDP_CONNRESET, &bNewBehavior,
-- sizeof(bNewBehavior), NULL, 0,
-- &dwBytesReturned, NULL, NULL);
-- if (status != SOCKET_ERROR)
-- return (ISC_R_SUCCESS);
-- else {
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-- "WSAIoctl(SIO_UDP_CONNRESET, oldBehaviour) %s",
-- isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
-- ISC_MSG_FAILED, "failed"));
-- return (ISC_R_UNEXPECTED);
-- }
--}
--
--/*
-- * Construct an iov array and attach it to the msghdr passed in. This is
-- * the SEND constructor, which will use the used region of the buffer
-- * (if using a buffer list) or will use the internal region (if a single
-- * buffer I/O is requested).
-- *
-- * Nothing can be NULL, and the done event must list at least one buffer
-- * on the buffer linked list for this function to be meaningful.
-- */
--static void
--build_msghdr_send(isc_socket_t *sock, isc_socketevent_t *dev,
-- struct msghdr *msg, char *cmsg, WSABUF *iov,
-- IoCompletionInfo *lpo)
--{
-- unsigned int iovcount;
-- isc_buffer_t *buffer;
-- buflist_t *cpbuffer;
-- isc_region_t used;
-- size_t write_count;
-- size_t skip_count;
--
-- memset(msg, 0, sizeof(*msg));
--
-- memcpy(&msg->to_addr, &dev->address.type, dev->address.length);
-- msg->to_addr_len = dev->address.length;
--
-- buffer = ISC_LIST_HEAD(dev->bufferlist);
-- write_count = 0;
-- iovcount = 0;
--
-- /*
-- * Single buffer I/O? Skip what we've done so far in this region.
-- */
-- if (buffer == NULL) {
-- write_count = dev->region.length - dev->n;
-- cpbuffer = HeapAlloc(hHeapHandle, HEAP_ZERO_MEMORY, sizeof(buflist_t));
-- RUNTIME_CHECK(cpbuffer != NULL);
-- cpbuffer->buf = HeapAlloc(hHeapHandle, HEAP_ZERO_MEMORY, write_count);
-- RUNTIME_CHECK(cpbuffer->buf != NULL);
--
-- socket_log(__LINE__, sock, NULL, TRACE,
-- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_ACCEPTLOCK,
-- "alloc_buffer %p %d %p %d", cpbuffer, sizeof(buflist_t),
-- cpbuffer->buf, write_count);
--
-- memcpy(cpbuffer->buf,(dev->region.base + dev->n), write_count);
-- cpbuffer->buflen = write_count;
-- ISC_LIST_ENQUEUE(lpo->bufferlist, cpbuffer, link);
-- iov[0].buf = cpbuffer->buf;
-- iov[0].len = write_count;
-- iovcount = 1;
--
-- goto config;
-- }
--
-- /*
-- * Multibuffer I/O.
-- * Skip the data in the buffer list that we have already written.
-- */
-- skip_count = dev->n;
-- while (buffer != NULL) {
-- REQUIRE(ISC_BUFFER_VALID(buffer));
-- if (skip_count < isc_buffer_usedlength(buffer))
-- break;
-- skip_count -= isc_buffer_usedlength(buffer);
-- buffer = ISC_LIST_NEXT(buffer, link);
-- }
--
-- while (buffer != NULL) {
-- INSIST(iovcount < MAXSCATTERGATHER_SEND);
--
-- isc_buffer_usedregion(buffer, &used);
--
-- if (used.length > 0) {
-- int uselen = used.length - skip_count;
-- cpbuffer = HeapAlloc(hHeapHandle, HEAP_ZERO_MEMORY, sizeof(buflist_t));
-- RUNTIME_CHECK(cpbuffer != NULL);
-- cpbuffer->buf = HeapAlloc(hHeapHandle, HEAP_ZERO_MEMORY, uselen);
-- RUNTIME_CHECK(cpbuffer->buf != NULL);
--
-- socket_log(__LINE__, sock, NULL, TRACE,
-- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_ACCEPTLOCK,
-- "alloc_buffer %p %d %p %d", cpbuffer, sizeof(buflist_t),
-- cpbuffer->buf, write_count);
--
-- memcpy(cpbuffer->buf,(used.base + skip_count), uselen);
-- cpbuffer->buflen = uselen;
-- iov[iovcount].buf = cpbuffer->buf;
-- iov[iovcount].len = used.length - skip_count;
-- write_count += uselen;
-- skip_count = 0;
-- iovcount++;
-- }
-- buffer = ISC_LIST_NEXT(buffer, link);
-- }
--
-- INSIST(skip_count == 0);
--
-- config:
-- msg->msg_iov = iov;
-- msg->msg_iovlen = iovcount;
-- msg->msg_totallen = write_count;
--}
--
--static void
--set_dev_address(isc_sockaddr_t *address, isc_socket_t *sock,
-- isc_socketevent_t *dev)
--{
-- if (sock->type == isc_sockettype_udp) {
-- if (address != NULL)
-- dev->address = *address;
-- else
-- dev->address = sock->address;
-- } else if (sock->type == isc_sockettype_tcp) {
-- INSIST(address == NULL);
-- dev->address = sock->address;
-- }
--}
--
--static void
--destroy_socketevent(isc_event_t *event) {
-- isc_socketevent_t *ev = (isc_socketevent_t *)event;
--
-- INSIST(ISC_LIST_EMPTY(ev->bufferlist));
--
-- (ev->destroy)(event);
--}
--
--static isc_socketevent_t *
--allocate_socketevent(isc_socket_t *sock, isc_eventtype_t eventtype,
-- isc_taskaction_t action, const void *arg)
--{
-- isc_socketevent_t *ev;
--
-- ev = (isc_socketevent_t *)isc_event_allocate(sock->manager->mctx,
-- sock, eventtype,
-- action, arg,
-- sizeof(*ev));
-- if (ev == NULL)
-- return (NULL);
--
-- ev->result = ISC_R_IOERROR; // XXXMLG temporary change to detect failure to set
-- ISC_LINK_INIT(ev, ev_link);
-- ISC_LIST_INIT(ev->bufferlist);
-- ev->region.base = NULL;
-- ev->n = 0;
-- ev->offset = 0;
-- ev->attributes = 0;
-- ev->destroy = ev->ev_destroy;
-- ev->ev_destroy = destroy_socketevent;
--
-- return (ev);
--}
--
--#if defined(ISC_SOCKET_DEBUG)
--static void
--dump_msg(struct msghdr *msg, isc_socket_t *sock) {
-- unsigned int i;
--
-- printf("MSGHDR %p, Socket #: %u\n", msg, sock->fd);
-- printf("\tname %p, namelen %d\n", msg->msg_name, msg->msg_namelen);
-- printf("\tiov %p, iovlen %d\n", msg->msg_iov, msg->msg_iovlen);
-- for (i = 0; i < (unsigned int)msg->msg_iovlen; i++)
-- printf("\t\t%d\tbase %p, len %d\n", i,
-- msg->msg_iov[i].buf,
-- msg->msg_iov[i].len);
--}
--#endif
--
--/*
-- * map the error code
-- */
--int
--map_socket_error(isc_socket_t *sock, int windows_errno, int *isc_errno,
-- char *errorstring, size_t bufsize) {
--
-- int doreturn;
-- switch (windows_errno) {
-- case WSAECONNREFUSED:
-- *isc_errno = ISC_R_CONNREFUSED;
-- if (sock->connected)
-- doreturn = DOIO_HARD;
-- else
-- doreturn = DOIO_SOFT;
-- break;
-- case WSAENETUNREACH:
-- case ERROR_NETWORK_UNREACHABLE:
-- *isc_errno = ISC_R_NETUNREACH;
-- if (sock->connected)
-- doreturn = DOIO_HARD;
-- else
-- doreturn = DOIO_SOFT;
-- break;
-- case ERROR_PORT_UNREACHABLE:
-- case ERROR_HOST_UNREACHABLE:
-- case WSAEHOSTUNREACH:
-- *isc_errno = ISC_R_HOSTUNREACH;
-- if (sock->connected)
-- doreturn = DOIO_HARD;
-- else
-- doreturn = DOIO_SOFT;
-- break;
-- case WSAENETDOWN:
-- *isc_errno = ISC_R_NETDOWN;
-- if (sock->connected)
-- doreturn = DOIO_HARD;
-- else
-- doreturn = DOIO_SOFT;
-- break;
-- case WSAEHOSTDOWN:
-- *isc_errno = ISC_R_HOSTDOWN;
-- if (sock->connected)
-- doreturn = DOIO_HARD;
-- else
-- doreturn = DOIO_SOFT;
-- break;
-- case WSAEACCES:
-- *isc_errno = ISC_R_NOPERM;
-- if (sock->connected)
-- doreturn = DOIO_HARD;
-- else
-- doreturn = DOIO_SOFT;
-- break;
-- case WSAECONNRESET:
-- case WSAENETRESET:
-- case WSAECONNABORTED:
-- case WSAEDISCON:
-- *isc_errno = ISC_R_CONNECTIONRESET;
-- if (sock->connected)
-- doreturn = DOIO_HARD;
-- else
-- doreturn = DOIO_SOFT;
-- break;
-- case WSAENOTCONN:
-- *isc_errno = ISC_R_NOTCONNECTED;
-- if (sock->connected)
-- doreturn = DOIO_HARD;
-- else
-- doreturn = DOIO_SOFT;
-- break;
-- case ERROR_OPERATION_ABORTED:
-- case ERROR_CONNECTION_ABORTED:
-- case ERROR_REQUEST_ABORTED:
-- *isc_errno = ISC_R_CONNECTIONRESET;
-- doreturn = DOIO_HARD;
-- break;
-- case WSAENOBUFS:
-- *isc_errno = ISC_R_NORESOURCES;
-- doreturn = DOIO_HARD;
-- break;
-- case WSAEAFNOSUPPORT:
-- *isc_errno = ISC_R_FAMILYNOSUPPORT;
-- doreturn = DOIO_HARD;
-- break;
-- case WSAEADDRNOTAVAIL:
-- *isc_errno = ISC_R_ADDRNOTAVAIL;
-- doreturn = DOIO_HARD;
-- break;
-- case WSAEDESTADDRREQ:
-- *isc_errno = ISC_R_BADADDRESSFORM;
-- doreturn = DOIO_HARD;
-- break;
-- case ERROR_NETNAME_DELETED:
-- *isc_errno = ISC_R_NETDOWN;
-- doreturn = DOIO_HARD;
-- break;
-- default:
-- *isc_errno = ISC_R_IOERROR;
-- doreturn = DOIO_HARD;
-- break;
-- }
-- if (doreturn == DOIO_HARD) {
-- isc__strerror(windows_errno, errorstring, bufsize);
-- }
-- return (doreturn);
--}
--
--static void
--fill_recv(isc_socket_t *sock, isc_socketevent_t *dev) {
-- isc_region_t r;
-- int copylen;
-- isc_buffer_t *buffer;
--
-- INSIST(dev->n < dev->minimum);
-- INSIST(sock->recvbuf.remaining > 0);
-- INSIST(sock->pending_recv == 0);
--
-- if (sock->type == isc_sockettype_udp) {
-- dev->address.length = sock->recvbuf.from_addr_len;
-- memcpy(&dev->address.type, &sock->recvbuf.from_addr,
-- sock->recvbuf.from_addr_len);
-- if (isc_sockaddr_getport(&dev->address) == 0) {
-- if (isc_log_wouldlog(isc_lctx, IOEVENT_LEVEL)) {
-- socket_log(__LINE__, sock, &dev->address, IOEVENT,
-- isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_ZEROPORT,
-- "dropping source port zero packet");
-- }
-- sock->recvbuf.remaining = 0;
-- return;
-- }
-- } else if (sock->type == isc_sockettype_tcp) {
-- dev->address = sock->address;
-- }
--
-- /*
-- * Run through the list of buffers we were given, and find the
-- * first one with space. Once it is found, loop through, filling
-- * the buffers as much as possible.
-- */
-- buffer = ISC_LIST_HEAD(dev->bufferlist);
-- if (buffer != NULL) { // Multi-buffer receive
-- while (buffer != NULL && sock->recvbuf.remaining > 0) {
-- REQUIRE(ISC_BUFFER_VALID(buffer));
-- if (isc_buffer_availablelength(buffer) > 0) {
-- isc_buffer_availableregion(buffer, &r);
-- copylen = min(r.length, sock->recvbuf.remaining);
-- memcpy(r.base, sock->recvbuf.consume_position, copylen);
-- sock->recvbuf.consume_position += copylen;
-- sock->recvbuf.remaining -= copylen;
-- isc_buffer_add(buffer, copylen);
-- dev->n += copylen;
-- }
-- buffer = ISC_LIST_NEXT(buffer, link);
-- }
-- } else { // Single-buffer receive
-- copylen = min(dev->region.length - dev->n, sock->recvbuf.remaining);
-- memcpy(dev->region.base + dev->n, sock->recvbuf.consume_position, copylen);
-- sock->recvbuf.consume_position += copylen;
-- sock->recvbuf.remaining -= copylen;
-- dev->n += copylen;
-- }
--
-- /*
-- * UDP receives are all-consuming. That is, if we have 4k worth of
-- * data in our receive buffer, and the caller only gave us
-- * 1k of space, we will toss the remaining 3k of data. TCP
-- * will keep the extra data around and use it for later requests.
-- */
-- if (sock->type == isc_sockettype_udp)
-- sock->recvbuf.remaining = 0;
--}
--
--/*
-- * Copy out as much data from the internal buffer to done events.
-- * As each done event is filled, send it along its way.
-- */
--static void
--completeio_recv(isc_socket_t *sock)
--{
-- isc_socketevent_t *dev;
--
-- /*
-- * If we are in the process of filling our buffer, we cannot
-- * touch it yet, so don't.
-- */
-- if (sock->pending_recv > 0)
-- return;
--
-- while (sock->recvbuf.remaining > 0 && !ISC_LIST_EMPTY(sock->recv_list)) {
-- dev = ISC_LIST_HEAD(sock->recv_list);
--
-- /*
-- * See if we have sufficient data in our receive buffer
-- * to handle this. If we do, copy out the data.
-- */
-- fill_recv(sock, dev);
--
-- /*
-- * Did we satisfy it?
-- */
-- if (dev->n >= dev->minimum) {
-- dev->result = ISC_R_SUCCESS;
-- send_recvdone_event(sock, &dev);
-- }
-- }
--}
--
--/*
-- * Returns:
-- * DOIO_SUCCESS The operation succeeded. dev->result contains
-- * ISC_R_SUCCESS.
-- *
-- * DOIO_HARD A hard or unexpected I/O error was encountered.
-- * dev->result contains the appropriate error.
-- *
-- * DOIO_SOFT A soft I/O error was encountered. No senddone
-- * event was sent. The operation should be retried.
-- *
-- * No other return values are possible.
-- */
--static int
--completeio_send(isc_socket_t *sock, isc_socketevent_t *dev,
-- struct msghdr *messagehdr, int cc, int send_errno)
--{
-- char addrbuf[ISC_SOCKADDR_FORMATSIZE];
-- char strbuf[ISC_STRERRORSIZE];
--
-- if (send_errno != 0) {
-- if (SOFT_ERROR(send_errno))
-- return (DOIO_SOFT);
--
-- return (map_socket_error(sock, send_errno, &dev->result,
-- strbuf, sizeof(strbuf)));
--
-- /*
-- * The other error types depend on whether or not the
-- * socket is UDP or TCP. If it is UDP, some errors
-- * that we expect to be fatal under TCP are merely
-- * annoying, and are really soft errors.
-- *
-- * However, these soft errors are still returned as
-- * a status.
-- */
-- isc_sockaddr_format(&dev->address, addrbuf, sizeof(addrbuf));
-- isc__strerror(send_errno, strbuf, sizeof(strbuf));
-- UNEXPECTED_ERROR(__FILE__, __LINE__, "completeio_send: %s: %s",
-- addrbuf, strbuf);
-- dev->result = isc__errno2result(send_errno);
-- return (DOIO_HARD);
-- }
--
-- /*
-- * If we write less than we expected, update counters, poke.
-- */
-- dev->n += cc;
-- if (cc != messagehdr->msg_totallen)
-- return (DOIO_SOFT);
--
-- /*
-- * Exactly what we wanted to write. We're done with this
-- * entry. Post its completion event.
-- */
-- dev->result = ISC_R_SUCCESS;
-- return (DOIO_SUCCESS);
--}
--
--static int
--startio_send(isc_socket_t *sock, isc_socketevent_t *dev, int *nbytes,
-- int *send_errno)
--{
-- char *cmsg = NULL;
-- char strbuf[ISC_STRERRORSIZE];
-- IoCompletionInfo *lpo;
-- int status;
-- struct msghdr *msghdr;
--
-- lpo = (IoCompletionInfo *)HeapAlloc(hHeapHandle,
-- HEAP_ZERO_MEMORY,
-- sizeof(IoCompletionInfo));
-- RUNTIME_CHECK(lpo != NULL);
-- lpo->request_type = SOCKET_SEND;
-- lpo->dev = dev;
-- msghdr = &lpo->messagehdr;
-- memset(msghdr, 0, sizeof(struct msghdr));
-- ISC_LIST_INIT(lpo->bufferlist);
--
-- build_msghdr_send(sock, dev, msghdr, cmsg, sock->iov, lpo);
--
-- *nbytes = internal_sendmsg(sock, lpo, msghdr, 0, send_errno);
--
-- if (*nbytes < 0) {
-- /*
-- * I/O has been initiated
-- * completion will be through the completion port
-- */
-- if (PENDING_ERROR(*send_errno)) {
-- status = DOIO_PENDING;
-- goto done;
-- }
--
-- if (SOFT_ERROR(*send_errno)) {
-- status = DOIO_SOFT;
-- goto done;
-- }
--
-- /*
-- * If we got this far then something is wrong
-- */
-- if (isc_log_wouldlog(isc_lctx, IOEVENT_LEVEL)) {
-- isc__strerror(*send_errno, strbuf, sizeof(strbuf));
-- socket_log(__LINE__, sock, NULL, IOEVENT,
-- isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_INTERNALSEND,
-- "startio_send: internal_sendmsg(%d) %d "
-- "bytes, err %d/%s",
-- sock->fd, *nbytes, *send_errno, strbuf);
-- }
-- goto done;
-- }
-- dev->result = ISC_R_SUCCESS;
-- status = DOIO_SOFT;
-- done:
-- _set_state(sock, SOCK_DATA);
-- return (status);
--}
--
--static isc_result_t
--allocate_socket(isc_socketmgr_t *manager, isc_sockettype_t type,
-- isc_socket_t **socketp) {
-- isc_socket_t *sock;
-- isc_result_t result;
--
-- sock = isc_mem_get(manager->mctx, sizeof(*sock));
--
-- if (sock == NULL)
-- return (ISC_R_NOMEMORY);
--
-- sock->magic = 0;
-- sock->references = 0;
--
-- sock->manager = manager;
-- sock->type = type;
-- sock->fd = INVALID_SOCKET;
--
-- ISC_LINK_INIT(sock, link);
--
-- /*
-- * set up list of readers and writers to be initially empty
-- */
-- ISC_LIST_INIT(sock->recv_list);
-- ISC_LIST_INIT(sock->send_list);
-- ISC_LIST_INIT(sock->accept_list);
-- sock->connect_ev = NULL;
-- sock->pending_accept = 0;
-- sock->pending_recv = 0;
-- sock->pending_send = 0;
-- sock->pending_iocp = 0;
-- sock->listener = 0;
-- sock->connected = 0;
-- sock->pending_connect = 0;
-- sock->bound = 0;
-- memset(sock->name, 0, sizeof(sock->name)); // zero the name field
-- _set_state(sock, SOCK_INITIALIZED);
--
-- sock->recvbuf.len = 65536;
-- sock->recvbuf.consume_position = sock->recvbuf.base;
-- sock->recvbuf.remaining = 0;
-- sock->recvbuf.base = isc_mem_get(manager->mctx, sock->recvbuf.len); // max buffer size
-- if (sock->recvbuf.base == NULL) {
-- sock->magic = 0;
-- goto error;
-- }
--
-- /*
-- * initialize the lock
-- */
-- result = isc_mutex_init(&sock->lock);
-- if (result != ISC_R_SUCCESS) {
-- sock->magic = 0;
-- isc_mem_put(manager->mctx, sock->recvbuf.base, sock->recvbuf.len);
-- sock->recvbuf.base = NULL;
-- goto error;
-- }
--
-- socket_log(__LINE__, sock, NULL, EVENT, NULL, 0, 0,
-- "allocated");
--
-- sock->magic = SOCKET_MAGIC;
-- *socketp = sock;
--
-- return (ISC_R_SUCCESS);
--
-- error:
-- isc_mem_put(manager->mctx, sock, sizeof(*sock));
--
-- return (result);
--}
--
--/*
-- * Verify that the socket state is consistent.
-- */
--static void
--consistent(isc_socket_t *sock) {
--
-- isc_socketevent_t *dev;
-- isc_socket_newconnev_t *nev;
-- unsigned int count;
-- char *crash_reason;
-- isc_boolean_t crash = ISC_FALSE;
--
-- REQUIRE(sock->pending_iocp == sock->pending_recv + sock->pending_send
-- + sock->pending_accept + sock->pending_connect);
--
-- dev = ISC_LIST_HEAD(sock->send_list);
-- count = 0;
-- while (dev != NULL) {
-- count++;
-- dev = ISC_LIST_NEXT(dev, ev_link);
-- }
-- if (count > sock->pending_send) {
-- crash = ISC_TRUE;
-- crash_reason = "send_list > sock->pending_send";
-- }
--
-- nev = ISC_LIST_HEAD(sock->accept_list);
-- count = 0;
-- while (nev != NULL) {
-- count++;
-- nev = ISC_LIST_NEXT(nev, ev_link);
-- }
-- if (count > sock->pending_accept) {
-- crash = ISC_TRUE;
-- crash_reason = "send_list > sock->pending_send";
-- }
--
-- if (crash) {
-- socket_log(__LINE__, sock, NULL, CREATION, isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_DESTROYING, "SOCKET INCONSISTENT: %s",
-- crash_reason);
-- sock_dump(sock);
-- INSIST(crash == ISC_FALSE);
-- }
--}
--
--/*
-- * Maybe free the socket.
-- *
-- * This function will verify tht the socket is no longer in use in any way,
-- * either internally or externally. This is the only place where this
-- * check is to be made; if some bit of code believes that IT is done with
-- * the socket (e.g., some reference counter reaches zero), it should call
-- * this function.
-- *
-- * When calling this function, the socket must be locked, and the manager
-- * must be unlocked.
-- *
-- * When this function returns, *socketp will be NULL. No tricks to try
-- * to hold on to this pointer are allowed.
-- */
--static void
--maybe_free_socket(isc_socket_t **socketp, int lineno) {
-- isc_socket_t *sock = *socketp;
-- *socketp = NULL;
--
-- INSIST(VALID_SOCKET(sock));
-- CONSISTENT(sock);
--
-- if (sock->pending_iocp > 0
-- || sock->pending_recv > 0
-- || sock->pending_send > 0
-- || sock->pending_accept > 0
-- || sock->references > 0
-- || sock->pending_connect == 1
-- || !ISC_LIST_EMPTY(sock->recv_list)
-- || !ISC_LIST_EMPTY(sock->send_list)
-- || !ISC_LIST_EMPTY(sock->accept_list)
-- || sock->fd != INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return;
-- }
-- UNLOCK(&sock->lock);
--
-- free_socket(&sock, lineno);
--}
--
--void
--free_socket(isc_socket_t **sockp, int lineno) {
-- isc_socketmgr_t *manager;
-- isc_socket_t *sock = *sockp;
-- *sockp = NULL;
--
-- manager = sock->manager;
--
-- /*
-- * Seems we can free the socket after all.
-- */
-- manager = sock->manager;
-- socket_log(__LINE__, sock, NULL, CREATION, isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_DESTROYING, "freeing socket line %d fd %d lock %p semaphore %p",
-- lineno, sock->fd, &sock->lock, sock->lock.LockSemaphore);
--
-- sock->magic = 0;
-- DESTROYLOCK(&sock->lock);
--
-- if (sock->recvbuf.base != NULL)
-- isc_mem_put(manager->mctx, sock->recvbuf.base, sock->recvbuf.len);
--
-- LOCK(&manager->lock);
-- if (ISC_LINK_LINKED(sock, link))
-- ISC_LIST_UNLINK(manager->socklist, sock, link);
-- isc_mem_put(manager->mctx, sock, sizeof(*sock));
--
-- if (ISC_LIST_EMPTY(manager->socklist))
-- SIGNAL(&manager->shutdown_ok);
-- UNLOCK(&manager->lock);
--}
--
--/*
-- * Create a new 'type' socket managed by 'manager'. Events
-- * will be posted to 'task' and when dispatched 'action' will be
-- * called with 'arg' as the arg value. The new socket is returned
-- * in 'socketp'.
-- */
--isc_result_t
--isc__socket_create(isc_socketmgr_t *manager, int pf, isc_sockettype_t type,
-- isc_socket_t **socketp) {
-- isc_socket_t *sock = NULL;
-- isc_result_t result;
--#if defined(USE_CMSG)
-- int on = 1;
--#endif
--#if defined(SO_RCVBUF)
-- ISC_SOCKADDR_LEN_T optlen;
-- int size;
--#endif
-- int socket_errno;
-- char strbuf[ISC_STRERRORSIZE];
--
-- REQUIRE(VALID_MANAGER(manager));
-- REQUIRE(socketp != NULL && *socketp == NULL);
-- REQUIRE(type != isc_sockettype_fdwatch);
--
-- result = allocate_socket(manager, type, &sock);
-- if (result != ISC_R_SUCCESS)
-- return (result);
--
-- sock->pf = pf;
-- switch (type) {
-- case isc_sockettype_udp:
-- sock->fd = socket(pf, SOCK_DGRAM, IPPROTO_UDP);
-- if (sock->fd != INVALID_SOCKET) {
-- result = connection_reset_fix(sock->fd);
-- if (result != ISC_R_SUCCESS) {
-- socket_log(__LINE__, sock, NULL, EVENT, NULL, 0, 0,
-- "closed %d %d %d con_reset_fix_failed",
-- sock->pending_recv, sock->pending_send,
-- sock->references);
-- closesocket(sock->fd);
-- _set_state(sock, SOCK_CLOSED);
-- sock->fd = INVALID_SOCKET;
-- free_socket(&sock, __LINE__);
-- return (result);
-- }
-- }
-- break;
-- case isc_sockettype_tcp:
-- sock->fd = socket(pf, SOCK_STREAM, IPPROTO_TCP);
-- break;
-- }
--
-- if (sock->fd == INVALID_SOCKET) {
-- socket_errno = WSAGetLastError();
-- free_socket(&sock, __LINE__);
--
-- switch (socket_errno) {
-- case WSAEMFILE:
-- case WSAENOBUFS:
-- return (ISC_R_NORESOURCES);
--
-- case WSAEPROTONOSUPPORT:
-- case WSAEPFNOSUPPORT:
-- case WSAEAFNOSUPPORT:
-- return (ISC_R_FAMILYNOSUPPORT);
--
-- default:
-- isc__strerror(socket_errno, strbuf, sizeof(strbuf));
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-- "socket() %s: %s",
-- isc_msgcat_get(isc_msgcat,
-- ISC_MSGSET_GENERAL,
-- ISC_MSG_FAILED,
-- "failed"),
-- strbuf);
-- return (ISC_R_UNEXPECTED);
-- }
-- }
--
-- result = make_nonblock(sock->fd);
-- if (result != ISC_R_SUCCESS) {
-- socket_log(__LINE__, sock, NULL, EVENT, NULL, 0, 0,
-- "closed %d %d %d make_nonblock_failed",
-- sock->pending_recv, sock->pending_send,
-- sock->references);
-- closesocket(sock->fd);
-- sock->fd = INVALID_SOCKET;
-- free_socket(&sock, __LINE__);
-- return (result);
-- }
--
--
--#if defined(USE_CMSG) || defined(SO_RCVBUF)
-- if (type == isc_sockettype_udp) {
--
--#if defined(USE_CMSG)
--#if defined(ISC_PLATFORM_HAVEIPV6)
--#ifdef IPV6_RECVPKTINFO
-- /* 2292bis */
-- if ((pf == AF_INET6)
-- && (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_RECVPKTINFO,
-- (void *)&on, sizeof(on)) < 0)) {
-- isc__strerror(WSAGetLastError(), strbuf, sizeof(strbuf));
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-- "setsockopt(%d, IPV6_RECVPKTINFO) "
-- "%s: %s", sock->fd,
-- isc_msgcat_get(isc_msgcat,
-- ISC_MSGSET_GENERAL,
-- ISC_MSG_FAILED,
-- "failed"),
-- strbuf);
-- }
--#else
-- /* 2292 */
-- if ((pf == AF_INET6)
-- && (setsockopt(sock->fd, IPPROTO_IPV6, IPV6_PKTINFO,
-- (void *)&on, sizeof(on)) < 0)) {
-- isc__strerror(WSAGetLastError(), strbuf, sizeof(strbuf));
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-- "setsockopt(%d, IPV6_PKTINFO) %s: %s",
-- sock->fd,
-- isc_msgcat_get(isc_msgcat,
-- ISC_MSGSET_GENERAL,
-- ISC_MSG_FAILED,
-- "failed"),
-- strbuf);
-- }
--#endif /* IPV6_RECVPKTINFO */
--#ifdef IPV6_USE_MIN_MTU /*2292bis, not too common yet*/
-- /* use minimum MTU */
-- if (pf == AF_INET6) {
-- (void)setsockopt(sock->fd, IPPROTO_IPV6,
-- IPV6_USE_MIN_MTU,
-- (void *)&on, sizeof(on));
-- }
--#endif
--#endif /* ISC_PLATFORM_HAVEIPV6 */
--#endif /* defined(USE_CMSG) */
--
--#if defined(SO_RCVBUF)
-- optlen = sizeof(size);
-- if (getsockopt(sock->fd, SOL_SOCKET, SO_RCVBUF,
-- (void *)&size, &optlen) >= 0 &&
-- size < RCVBUFSIZE) {
-- size = RCVBUFSIZE;
-- (void)setsockopt(sock->fd, SOL_SOCKET, SO_RCVBUF,
-- (void *)&size, sizeof(size));
-- }
--#endif
--
-- }
--#endif /* defined(USE_CMSG) || defined(SO_RCVBUF) */
--
-- _set_state(sock, SOCK_OPEN);
-- sock->references = 1;
-- *socketp = sock;
--
-- iocompletionport_update(sock);
--
-- /*
-- * Note we don't have to lock the socket like we normally would because
-- * there are no external references to it yet.
-- */
-- LOCK(&manager->lock);
-- ISC_LIST_APPEND(manager->socklist, sock, link);
-- InterlockedIncrement(&manager->totalSockets);
-- UNLOCK(&manager->lock);
--
-- socket_log(__LINE__, sock, NULL, CREATION, isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_CREATED, "created %u type %u", sock->fd, type);
--
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--isc_socket_open(isc_socket_t *sock) {
-- REQUIRE(VALID_SOCKET(sock));
-- REQUIRE(sock->type != isc_sockettype_fdwatch);
--
-- return (ISC_R_NOTIMPLEMENTED);
--}
--
--/*
-- * Attach to a socket. Caller must explicitly detach when it is done.
-- */
--void
--isc__socket_attach(isc_socket_t *sock, isc_socket_t **socketp) {
-- REQUIRE(VALID_SOCKET(sock));
-- REQUIRE(socketp != NULL && *socketp == NULL);
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
-- sock->references++;
-- UNLOCK(&sock->lock);
--
-- *socketp = sock;
--}
--
--/*
-- * Dereference a socket. If this is the last reference to it, clean things
-- * up by destroying the socket.
-- */
--void
--isc__socket_detach(isc_socket_t **socketp) {
-- isc_socket_t *sock;
-- isc_boolean_t kill_socket = ISC_FALSE;
--
-- REQUIRE(socketp != NULL);
-- sock = *socketp;
-- REQUIRE(VALID_SOCKET(sock));
-- REQUIRE(sock->type != isc_sockettype_fdwatch);
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
-- REQUIRE(sock->references > 0);
-- sock->references--;
--
-- socket_log(__LINE__, sock, NULL, EVENT, NULL, 0, 0,
-- "detach_socket %d %d %d",
-- sock->pending_recv, sock->pending_send,
-- sock->references);
--
-- if (sock->references == 0 && sock->fd != INVALID_SOCKET) {
-- closesocket(sock->fd);
-- sock->fd = INVALID_SOCKET;
-- _set_state(sock, SOCK_CLOSED);
-- }
--
-- maybe_free_socket(&sock, __LINE__);
--
-- *socketp = NULL;
--}
--
--isc_result_t
--isc_socket_close(isc_socket_t *sock) {
-- REQUIRE(VALID_SOCKET(sock));
-- REQUIRE(sock->type != isc_sockettype_fdwatch);
--
-- return (ISC_R_NOTIMPLEMENTED);
--}
--
--/*
-- * Dequeue an item off the given socket's read queue, set the result code
-- * in the done event to the one provided, and send it to the task it was
-- * destined for.
-- *
-- * If the event to be sent is on a list, remove it before sending. If
-- * asked to, send and detach from the task as well.
-- *
-- * Caller must have the socket locked if the event is attached to the socket.
-- */
--static void
--send_recvdone_event(isc_socket_t *sock, isc_socketevent_t **dev) {
-- isc_task_t *task;
--
-- task = (*dev)->ev_sender;
-- (*dev)->ev_sender = sock;
--
-- if (ISC_LINK_LINKED(*dev, ev_link))
-- ISC_LIST_DEQUEUE(sock->recv_list, *dev, ev_link);
--
-- if (((*dev)->attributes & ISC_SOCKEVENTATTR_ATTACHED)
-- == ISC_SOCKEVENTATTR_ATTACHED)
-- isc_task_sendanddetach(&task, (isc_event_t **)dev);
-- else
-- isc_task_send(task, (isc_event_t **)dev);
--
-- CONSISTENT(sock);
--}
--
--/*
-- * See comments for send_recvdone_event() above.
-- */
--static void
--send_senddone_event(isc_socket_t *sock, isc_socketevent_t **dev) {
-- isc_task_t *task;
--
-- INSIST(dev != NULL && *dev != NULL);
--
-- task = (*dev)->ev_sender;
-- (*dev)->ev_sender = sock;
--
-- if (ISC_LINK_LINKED(*dev, ev_link))
-- ISC_LIST_DEQUEUE(sock->send_list, *dev, ev_link);
--
-- if (((*dev)->attributes & ISC_SOCKEVENTATTR_ATTACHED)
-- == ISC_SOCKEVENTATTR_ATTACHED)
-- isc_task_sendanddetach(&task, (isc_event_t **)dev);
-- else
-- isc_task_send(task, (isc_event_t **)dev);
--
-- CONSISTENT(sock);
--}
--
--/*
-- * See comments for send_recvdone_event() above.
-- */
--static void
--send_acceptdone_event(isc_socket_t *sock, isc_socket_newconnev_t **adev) {
-- isc_task_t *task;
--
-- INSIST(adev != NULL && *adev != NULL);
--
-- task = (*adev)->ev_sender;
-- (*adev)->ev_sender = sock;
--
-- if (ISC_LINK_LINKED(*adev, ev_link))
-- ISC_LIST_DEQUEUE(sock->accept_list, *adev, ev_link);
--
-- isc_task_sendanddetach(&task, (isc_event_t **)adev);
--
-- CONSISTENT(sock);
--}
--
--/*
-- * See comments for send_recvdone_event() above.
-- */
--static void
--send_connectdone_event(isc_socket_t *sock, isc_socket_connev_t **cdev) {
-- isc_task_t *task;
--
-- INSIST(cdev != NULL && *cdev != NULL);
--
-- task = (*cdev)->ev_sender;
-- (*cdev)->ev_sender = sock;
--
-- sock->connect_ev = NULL;
--
-- isc_task_sendanddetach(&task, (isc_event_t **)cdev);
--
-- CONSISTENT(sock);
--}
--
--/*
-- * On entry to this function, the event delivered is the internal
-- * readable event, and the first item on the accept_list should be
-- * the done event we want to send. If the list is empty, this is a no-op,
-- * so just close the new connection, unlock, and return.
-- *
-- * Note the socket is locked before entering here
-- */
--static void
--internal_accept(isc_socket_t *sock, IoCompletionInfo *lpo, int accept_errno) {
-- isc_socket_newconnev_t *adev;
-- isc_result_t result = ISC_R_SUCCESS;
-- isc_socket_t *nsock;
-- struct sockaddr *localaddr;
-- int localaddr_len = sizeof(*localaddr);
-- struct sockaddr *remoteaddr;
-- int remoteaddr_len = sizeof(*remoteaddr);
--
-- INSIST(VALID_SOCKET(sock));
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- socket_log(__LINE__, sock, NULL, TRACE,
-- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_ACCEPTLOCK,
-- "internal_accept called");
--
-- INSIST(sock->listener);
--
-- INSIST(sock->pending_iocp > 0);
-- sock->pending_iocp--;
-- INSIST(sock->pending_accept > 0);
-- sock->pending_accept--;
--
-- adev = lpo->adev;
--
-- /*
-- * If the event is no longer in the list we can just return.
-- */
-- if (!acceptdone_is_active(sock, adev))
-- goto done;
--
-- nsock = adev->newsocket;
--
-- /*
-- * Pull off the done event.
-- */
-- ISC_LIST_UNLINK(sock->accept_list, adev, ev_link);
--
-- /*
-- * Extract the addresses from the socket, copy them into the structure,
-- * and return the new socket.
-- */
-- ISCGetAcceptExSockaddrs(lpo->acceptbuffer, 0,
-- sizeof(SOCKADDR_STORAGE) + 16, sizeof(SOCKADDR_STORAGE) + 16,
-- (LPSOCKADDR *)&localaddr, &localaddr_len,
-- (LPSOCKADDR *)&remoteaddr, &remoteaddr_len);
-- memcpy(&adev->address.type, remoteaddr, remoteaddr_len);
-- adev->address.length = remoteaddr_len;
-- nsock->address = adev->address;
-- nsock->pf = adev->address.type.sa.sa_family;
--
-- socket_log(__LINE__, nsock, &nsock->address, TRACE,
-- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_ACCEPTLOCK,
-- "internal_accept parent %p", sock);
--
-- result = make_nonblock(adev->newsocket->fd);
-- INSIST(result == ISC_R_SUCCESS);
--
-- INSIST(setsockopt(nsock->fd, SOL_SOCKET, SO_UPDATE_ACCEPT_CONTEXT,
-- (char *)&sock->fd, sizeof(sock->fd)) == 0);
--
-- /*
-- * Hook it up into the manager.
-- */
-- nsock->bound = 1;
-- nsock->connected = 1;
-- _set_state(nsock, SOCK_OPEN);
--
-- LOCK(&nsock->manager->lock);
-- ISC_LIST_APPEND(nsock->manager->socklist, nsock, link);
-- InterlockedIncrement(&nsock->manager->totalSockets);
-- UNLOCK(&nsock->manager->lock);
--
-- socket_log(__LINE__, sock, &nsock->address, CREATION,
-- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_ACCEPTEDCXN,
-- "accepted_connection new_socket %p fd %d",
-- nsock, nsock->fd);
--
-- adev->result = result;
-- send_acceptdone_event(sock, &adev);
--
--done:
-- CONSISTENT(sock);
-- UNLOCK(&sock->lock);
--
-- HeapFree(hHeapHandle, 0, lpo->acceptbuffer);
-- lpo->acceptbuffer = NULL;
--}
--
--/*
-- * Called when a socket with a pending connect() finishes.
-- * Note that the socket is locked before entering.
-- */
--static void
--internal_connect(isc_socket_t *sock, IoCompletionInfo *lpo, int connect_errno) {
-- isc_socket_connev_t *cdev;
-- char strbuf[ISC_STRERRORSIZE];
--
-- INSIST(VALID_SOCKET(sock));
--
-- LOCK(&sock->lock);
--
-- INSIST(sock->pending_iocp > 0);
-- sock->pending_iocp--;
-- INSIST(sock->pending_connect == 1);
-- sock->pending_connect = 0;
--
-- /*
-- * Has this event been canceled?
-- */
-- cdev = lpo->cdev;
-- if (!connectdone_is_active(sock, cdev)) {
-- sock->pending_connect = 0;
-- if (sock->fd != INVALID_SOCKET) {
-- closesocket(sock->fd);
-- sock->fd = INVALID_SOCKET;
-- _set_state(sock, SOCK_CLOSED);
-- }
-- CONSISTENT(sock);
-- UNLOCK(&sock->lock);
-- return;
-- }
--
-- /*
-- * Check possible Windows network event error status here.
-- */
-- if (connect_errno != 0) {
-- /*
-- * If the error is SOFT, just try again on this
-- * fd and pretend nothing strange happened.
-- */
-- if (SOFT_ERROR(connect_errno) ||
-- connect_errno == WSAEINPROGRESS) {
-- sock->pending_connect = 1;
-- CONSISTENT(sock);
-- UNLOCK(&sock->lock);
-- return;
-- }
--
-- /*
-- * Translate other errors into ISC_R_* flavors.
-- */
-- switch (connect_errno) {
--#define ERROR_MATCH(a, b) case a: cdev->result = b; break;
-- ERROR_MATCH(WSAEACCES, ISC_R_NOPERM);
-- ERROR_MATCH(WSAEADDRNOTAVAIL, ISC_R_ADDRNOTAVAIL);
-- ERROR_MATCH(WSAEAFNOSUPPORT, ISC_R_ADDRNOTAVAIL);
-- ERROR_MATCH(WSAECONNREFUSED, ISC_R_CONNREFUSED);
-- ERROR_MATCH(WSAEHOSTUNREACH, ISC_R_HOSTUNREACH);
-- ERROR_MATCH(WSAEHOSTDOWN, ISC_R_HOSTDOWN);
-- ERROR_MATCH(WSAENETUNREACH, ISC_R_NETUNREACH);
-- ERROR_MATCH(WSAENETDOWN, ISC_R_NETDOWN);
-- ERROR_MATCH(WSAENOBUFS, ISC_R_NORESOURCES);
-- ERROR_MATCH(WSAECONNRESET, ISC_R_CONNECTIONRESET);
-- ERROR_MATCH(WSAECONNABORTED, ISC_R_CONNECTIONRESET);
-- ERROR_MATCH(WSAETIMEDOUT, ISC_R_TIMEDOUT);
--#undef ERROR_MATCH
-- default:
-- cdev->result = ISC_R_UNEXPECTED;
-- isc__strerror(connect_errno, strbuf, sizeof(strbuf));
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-- "internal_connect: connect() %s",
-- strbuf);
-- }
-- } else {
-- INSIST(setsockopt(sock->fd, SOL_SOCKET, SO_UPDATE_CONNECT_CONTEXT, NULL, 0) == 0);
-- cdev->result = ISC_R_SUCCESS;
-- sock->connected = 1;
-- socket_log(__LINE__, sock, &sock->address, IOEVENT,
-- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_ACCEPTEDCXN,
-- "internal_connect: success");
-- }
--
-- send_connectdone_event(sock, &cdev);
--
-- UNLOCK(&sock->lock);
--}
--
--/*
-- * Loop through the socket, returning ISC_R_EOF for each done event pending.
-- */
--static void
--send_recvdone_abort(isc_socket_t *sock, isc_result_t result) {
-- isc_socketevent_t *dev;
--
-- while (!ISC_LIST_EMPTY(sock->recv_list)) {
-- dev = ISC_LIST_HEAD(sock->recv_list);
-- dev->result = result;
-- send_recvdone_event(sock, &dev);
-- }
--}
--
--/*
-- * Take the data we received in our private buffer, and if any recv() calls on
-- * our list are satisfied, send the corresponding done event.
-- *
-- * If we need more data (there are still items on the recv_list after we consume all
-- * our data) then arrange for another system recv() call to fill our buffers.
-- */
--static void
--internal_recv(isc_socket_t *sock, int nbytes)
--{
-- INSIST(VALID_SOCKET(sock));
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- socket_log(__LINE__, sock, NULL, IOEVENT,
-- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_INTERNALRECV,
-- "internal_recv: %d bytes received", nbytes);
--
-- /*
-- * If we got here, the I/O operation succeeded. However, we might still have removed this
-- * event from our notification list (or never placed it on it due to immediate completion.)
-- * Handle the reference counting here, and handle the cancellation event just after.
-- */
-- INSIST(sock->pending_iocp > 0);
-- sock->pending_iocp--;
-- INSIST(sock->pending_recv > 0);
-- sock->pending_recv--;
--
-- /*
-- * The only way we could have gotten here is that our I/O has successfully completed.
-- * Update our pointers, and move on. The only odd case here is that we might not
-- * have received enough data on a TCP stream to satisfy the minimum requirements. If
-- * this is the case, we will re-issue the recv() call for what we need.
-- *
-- * We do check for a recv() of 0 bytes on a TCP stream. This means the remote end
-- * has closed.
-- */
-- if (nbytes == 0 && sock->type == isc_sockettype_tcp) {
-- send_recvdone_abort(sock, ISC_R_EOF);
-- maybe_free_socket(&sock, __LINE__);
-- return;
-- }
-- sock->recvbuf.remaining = nbytes;
-- sock->recvbuf.consume_position = sock->recvbuf.base;
-- completeio_recv(sock);
--
-- /*
-- * If there are more receivers waiting for data, queue another receive
-- * here.
-- */
-- queue_receive_request(sock);
--
-- /*
-- * Unlock and/or destroy if we are the last thing this socket has left to do.
-- */
-- maybe_free_socket(&sock, __LINE__);
--}
--
--static void
--internal_send(isc_socket_t *sock, isc_socketevent_t *dev,
-- struct msghdr *messagehdr, int nbytes, int send_errno, IoCompletionInfo *lpo)
--{
-- buflist_t *buffer;
--
-- /*
-- * Find out what socket this is and lock it.
-- */
-- INSIST(VALID_SOCKET(sock));
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- socket_log(__LINE__, sock, NULL, IOEVENT,
-- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_INTERNALSEND,
-- "internal_send: task got socket event %p", dev);
--
-- buffer = ISC_LIST_HEAD(lpo->bufferlist);
-- while (buffer != NULL) {
-- ISC_LIST_DEQUEUE(lpo->bufferlist, buffer, link);
--
-- socket_log(__LINE__, sock, NULL, TRACE,
-- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_ACCEPTLOCK,
-- "free_buffer %p %p", buffer, buffer->buf);
--
-- HeapFree(hHeapHandle, 0, buffer->buf);
-- HeapFree(hHeapHandle, 0, buffer);
-- buffer = ISC_LIST_HEAD(lpo->bufferlist);
-- }
--
-- INSIST(sock->pending_iocp > 0);
-- sock->pending_iocp--;
-- INSIST(sock->pending_send > 0);
-- sock->pending_send--;
--
-- /* If the event is no longer in the list we can just return */
-- if (!senddone_is_active(sock, dev))
-- goto done;
--
-- /*
-- * Set the error code and send things on its way.
-- */
-- switch (completeio_send(sock, dev, messagehdr, nbytes, send_errno)) {
-- case DOIO_SOFT:
-- break;
-- case DOIO_HARD:
-- case DOIO_SUCCESS:
-- send_senddone_event(sock, &dev);
-- break;
-- }
--
-- done:
-- maybe_free_socket(&sock, __LINE__);
--}
--
--/*
-- * These return if the done event passed in is on the list (or for connect, is
-- * the one we're waiting for. Using these ensures we will not double-send an
-- * event.
-- */
--static isc_boolean_t
--senddone_is_active(isc_socket_t *sock, isc_socketevent_t *dev)
--{
-- isc_socketevent_t *ldev;
--
-- ldev = ISC_LIST_HEAD(sock->send_list);
-- while (ldev != NULL && ldev != dev)
-- ldev = ISC_LIST_NEXT(ldev, ev_link);
--
-- return (ldev == NULL ? ISC_FALSE : ISC_TRUE);
--}
--
--static isc_boolean_t
--acceptdone_is_active(isc_socket_t *sock, isc_socket_newconnev_t *dev)
--{
-- isc_socket_newconnev_t *ldev;
--
-- ldev = ISC_LIST_HEAD(sock->accept_list);
-- while (ldev != NULL && ldev != dev)
-- ldev = ISC_LIST_NEXT(ldev, ev_link);
--
-- return (ldev == NULL ? ISC_FALSE : ISC_TRUE);
--}
--
--static isc_boolean_t
--connectdone_is_active(isc_socket_t *sock, isc_socket_connev_t *dev)
--{
-- return (sock->connect_ev == dev ? ISC_TRUE : ISC_FALSE);
--}
--
--/*
-- * This is the I/O Completion Port Worker Function. It loops forever
-- * waiting for I/O to complete and then forwards them for further
-- * processing. There are a number of these in separate threads.
-- */
--static isc_threadresult_t WINAPI
--SocketIoThread(LPVOID ThreadContext) {
-- isc_socketmgr_t *manager = ThreadContext;
-- BOOL bSuccess = FALSE;
-- DWORD nbytes;
-- IoCompletionInfo *lpo = NULL;
-- isc_socket_t *sock = NULL;
-- int request;
-- struct msghdr *messagehdr = NULL;
-- int errval;
-- char strbuf[ISC_STRERRORSIZE];
-- int errstatus;
--
-- REQUIRE(VALID_MANAGER(manager));
--
-- /*
-- * Set the thread priority high enough so I/O will
-- * preempt normal recv packet processing, but not
-- * higher than the timer sync thread.
-- */
-- if (!SetThreadPriority(GetCurrentThread(),
-- THREAD_PRIORITY_ABOVE_NORMAL)) {
-- errval = GetLastError();
-- isc__strerror(errval, strbuf, sizeof(strbuf));
-- FATAL_ERROR(__FILE__, __LINE__,
-- isc_msgcat_get(isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_FAILED,
-- "Can't set thread priority: %s"),
-- strbuf);
-- }
--
-- /*
-- * Loop forever waiting on I/O Completions and then processing them
-- */
-- while (TRUE) {
-- bSuccess = GetQueuedCompletionStatus(manager->hIoCompletionPort,
-- &nbytes, (LPDWORD)&sock,
-- (LPWSAOVERLAPPED *)&lpo,
-- INFINITE);
-- if (lpo == NULL) /* Received request to exit */
-- break;
--
-- REQUIRE(VALID_SOCKET(sock));
--
-- request = lpo->request_type;
--
-- errstatus = 0;
-- if (!bSuccess) {
-- isc_result_t isc_result;
--
-- /*
-- * Did the I/O operation complete?
-- */
-- errstatus = WSAGetLastError();
-- isc_result = isc__errno2resultx(errstatus, __FILE__, __LINE__);
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
-- switch (request) {
-- case SOCKET_RECV:
-- INSIST(sock->pending_iocp > 0);
-- sock->pending_iocp--;
-- INSIST(sock->pending_recv > 0);
-- sock->pending_recv--;
-- send_recvdone_abort(sock, isc_result);
-- if (isc_result == ISC_R_UNEXPECTED) {
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-- "SOCKET_RECV: Windows error code: %d, returning ISC error %d",
-- errstatus, isc_result);
-- }
-- break;
--
-- case SOCKET_SEND:
-- INSIST(sock->pending_iocp > 0);
-- sock->pending_iocp--;
-- INSIST(sock->pending_send > 0);
-- sock->pending_send--;
-- if (senddone_is_active(sock, lpo->dev)) {
-- lpo->dev->result = isc_result;
-- socket_log(__LINE__, sock, NULL, EVENT, NULL, 0, 0,
-- "canceled_send");
-- send_senddone_event(sock, &lpo->dev);
-- }
-- break;
--
-- case SOCKET_ACCEPT:
-- INSIST(sock->pending_iocp > 0);
-- sock->pending_iocp--;
-- INSIST(sock->pending_accept > 0);
-- sock->pending_accept--;
-- if (acceptdone_is_active(sock, lpo->adev)) {
-- closesocket(lpo->adev->newsocket->fd);
-- lpo->adev->newsocket->fd = INVALID_SOCKET;
-- lpo->adev->newsocket->references--;
-- free_socket(&lpo->adev->newsocket, __LINE__);
-- lpo->adev->result = isc_result;
-- socket_log(__LINE__, sock, NULL, EVENT, NULL, 0, 0,
-- "canceled_accept");
-- send_acceptdone_event(sock, &lpo->adev);
-- }
-- break;
--
-- case SOCKET_CONNECT:
-- INSIST(sock->pending_iocp > 0);
-- sock->pending_iocp--;
-- INSIST(sock->pending_connect == 1);
-- sock->pending_connect = 0;
-- if (connectdone_is_active(sock, lpo->cdev)) {
-- lpo->cdev->result = isc_result;
-- socket_log(__LINE__, sock, NULL, EVENT, NULL, 0, 0,
-- "canceled_connect");
-- send_connectdone_event(sock, &lpo->cdev);
-- }
-- break;
-- }
-- maybe_free_socket(&sock, __LINE__);
--
-- if (lpo != NULL)
-- HeapFree(hHeapHandle, 0, lpo);
-- continue;
-- }
--
-- messagehdr = &lpo->messagehdr;
--
-- switch (request) {
-- case SOCKET_RECV:
-- internal_recv(sock, nbytes);
-- break;
-- case SOCKET_SEND:
-- internal_send(sock, lpo->dev, messagehdr, nbytes, errstatus, lpo);
-- break;
-- case SOCKET_ACCEPT:
-- internal_accept(sock, lpo, errstatus);
-- break;
-- case SOCKET_CONNECT:
-- internal_connect(sock, lpo, errstatus);
-- break;
-- }
--
-- if (lpo != NULL)
-- HeapFree(hHeapHandle, 0, lpo);
-- }
--
-- /*
-- * Exit Completion Port Thread
-- */
-- manager_log(manager, TRACE,
-- isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
-- ISC_MSG_EXITING, "SocketIoThread exiting"));
-- return ((isc_threadresult_t)0);
--}
--
--/*
-- * Create a new socket manager.
-- */
--isc_result_t
--isc__socketmgr_create(isc_mem_t *mctx, isc_socketmgr_t **managerp) {
-- return (isc_socketmgr_create2(mctx, managerp, 0));
--}
--
--isc_result_t
--isc__socketmgr_create2(isc_mem_t *mctx, isc_socketmgr_t **managerp,
-- unsigned int maxsocks)
--{
-- isc_socketmgr_t *manager;
-- isc_result_t result;
--
-- REQUIRE(managerp != NULL && *managerp == NULL);
--
-- if (maxsocks != 0)
-- return (ISC_R_NOTIMPLEMENTED);
--
-- manager = isc_mem_get(mctx, sizeof(*manager));
-- if (manager == NULL)
-- return (ISC_R_NOMEMORY);
--
-- InitSockets();
--
-- manager->magic = SOCKET_MANAGER_MAGIC;
-- manager->mctx = NULL;
-- manager->stats = NULL;
-- ISC_LIST_INIT(manager->socklist);
-- result = isc_mutex_init(&manager->lock);
-- if (result != ISC_R_SUCCESS) {
-- isc_mem_put(mctx, manager, sizeof(*manager));
-- return (result);
-- }
-- if (isc_condition_init(&manager->shutdown_ok) != ISC_R_SUCCESS) {
-- DESTROYLOCK(&manager->lock);
-- isc_mem_put(mctx, manager, sizeof(*manager));
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-- "isc_condition_init() %s",
-- isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
-- ISC_MSG_FAILED, "failed"));
-- return (ISC_R_UNEXPECTED);
-- }
--
-- isc_mem_attach(mctx, &manager->mctx);
--
-- iocompletionport_init(manager); /* Create the Completion Ports */
--
-- manager->bShutdown = ISC_FALSE;
-- manager->totalSockets = 0;
-- manager->iocp_total = 0;
--
-- *managerp = manager;
--
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--isc__socketmgr_getmaxsockets(isc_socketmgr_t *manager, unsigned int *nsockp) {
-- REQUIRE(VALID_MANAGER(manager));
-- REQUIRE(nsockp != NULL);
--
-- return (ISC_R_NOTIMPLEMENTED);
--}
--
--void
--isc__socketmgr_setstats(isc_socketmgr_t *manager, isc_stats_t *stats) {
-- REQUIRE(VALID_MANAGER(manager));
-- REQUIRE(ISC_LIST_EMPTY(manager->socklist));
-- REQUIRE(manager->stats == NULL);
-- REQUIRE(isc_stats_ncounters(stats) == isc_sockstatscounter_max);
--
-- isc_stats_attach(stats, &manager->stats);
--}
--
--void
--isc__socketmgr_destroy(isc_socketmgr_t **managerp) {
-- isc_socketmgr_t *manager;
-- int i;
-- isc_mem_t *mctx;
--
-- /*
-- * Destroy a socket manager.
-- */
--
-- REQUIRE(managerp != NULL);
-- manager = *managerp;
-- REQUIRE(VALID_MANAGER(manager));
--
-- LOCK(&manager->lock);
--
-- /*
-- * Wait for all sockets to be destroyed.
-- */
-- while (!ISC_LIST_EMPTY(manager->socklist)) {
-- manager_log(manager, CREATION,
-- isc_msgcat_get(isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_SOCKETSREMAIN,
-- "sockets exist"));
-- WAIT(&manager->shutdown_ok, &manager->lock);
-- }
--
-- UNLOCK(&manager->lock);
--
-- /*
-- * Here, we need to had some wait code for the completion port
-- * thread.
-- */
-- signal_iocompletionport_exit(manager);
-- manager->bShutdown = ISC_TRUE;
--
-- /*
-- * Wait for threads to exit.
-- */
-- for (i = 0; i < manager->maxIOCPThreads; i++) {
-- if (isc_thread_join((isc_thread_t) manager->hIOCPThreads[i],
-- NULL) != ISC_R_SUCCESS)
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-- "isc_thread_join() for Completion Port %s",
-- isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
-- ISC_MSG_FAILED, "failed"));
-- }
-- /*
-- * Clean up.
-- */
--
-- CloseHandle(manager->hIoCompletionPort);
--
-- (void)isc_condition_destroy(&manager->shutdown_ok);
--
-- DESTROYLOCK(&manager->lock);
-- if (manager->stats != NULL)
-- isc_stats_detach(&manager->stats);
-- manager->magic = 0;
-- mctx= manager->mctx;
-- isc_mem_put(mctx, manager, sizeof(*manager));
--
-- isc_mem_detach(&mctx);
--
-- *managerp = NULL;
--}
--
--static void
--queue_receive_event(isc_socket_t *sock, isc_task_t *task, isc_socketevent_t *dev)
--{
-- isc_task_t *ntask = NULL;
--
-- isc_task_attach(task, &ntask);
-- dev->attributes |= ISC_SOCKEVENTATTR_ATTACHED;
--
-- /*
-- * Enqueue the request.
-- */
-- INSIST(!ISC_LINK_LINKED(dev, ev_link));
-- ISC_LIST_ENQUEUE(sock->recv_list, dev, ev_link);
--
-- socket_log(__LINE__, sock, NULL, EVENT, NULL, 0, 0,
-- "queue_receive_event: event %p -> task %p",
-- dev, ntask);
--}
--
--/*
-- * Check the pending receive queue, and if we have data pending, give it to this
-- * caller. If we have none, queue an I/O request. If this caller is not the first
-- * on the list, then we will just queue this event and return.
-- *
-- * Caller must have the socket locked.
-- */
--static isc_result_t
--socket_recv(isc_socket_t *sock, isc_socketevent_t *dev, isc_task_t *task,
-- unsigned int flags)
--{
-- int cc = 0;
-- isc_task_t *ntask = NULL;
-- isc_result_t result = ISC_R_SUCCESS;
-- int recv_errno = 0;
--
-- dev->ev_sender = task;
--
-- if (sock->fd == INVALID_SOCKET)
-- return (ISC_R_EOF);
--
-- /*
-- * Queue our event on the list of things to do. Call our function to
-- * attempt to fill buffers as much as possible, and return done events.
-- * We are going to lie about our handling of the ISC_SOCKFLAG_IMMEDIATE
-- * here and tell our caller that we could not satisfy it immediately.
-- */
-- queue_receive_event(sock, task, dev);
-- if ((flags & ISC_SOCKFLAG_IMMEDIATE) != 0)
-- result = ISC_R_INPROGRESS;
--
-- completeio_recv(sock);
--
-- /*
-- * If there are more receivers waiting for data, queue another receive
-- * here. If the
-- */
-- queue_receive_request(sock);
--
-- return (result);
--}
--
--isc_result_t
--isc__socket_recvv(isc_socket_t *sock, isc_bufferlist_t *buflist,
-- unsigned int minimum, isc_task_t *task,
-- isc_taskaction_t action, const void *arg)
--{
-- isc_socketevent_t *dev;
-- isc_socketmgr_t *manager;
-- unsigned int iocount;
-- isc_buffer_t *buffer;
-- isc_result_t ret;
--
-- REQUIRE(VALID_SOCKET(sock));
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- /*
-- * Make sure that the socket is not closed. XXXMLG change error here?
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_CONNREFUSED);
-- }
--
-- REQUIRE(buflist != NULL);
-- REQUIRE(!ISC_LIST_EMPTY(*buflist));
-- REQUIRE(task != NULL);
-- REQUIRE(action != NULL);
--
-- manager = sock->manager;
-- REQUIRE(VALID_MANAGER(manager));
--
-- iocount = isc_bufferlist_availablecount(buflist);
-- REQUIRE(iocount > 0);
--
-- INSIST(sock->bound);
--
-- dev = allocate_socketevent(sock, ISC_SOCKEVENT_RECVDONE, action, arg);
-- if (dev == NULL) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_NOMEMORY);
-- }
--
-- /*
-- * UDP sockets are always partial read
-- */
-- if (sock->type == isc_sockettype_udp)
-- dev->minimum = 1;
-- else {
-- if (minimum == 0)
-- dev->minimum = iocount;
-- else
-- dev->minimum = minimum;
-- }
--
-- /*
-- * Move each buffer from the passed in list to our internal one.
-- */
-- buffer = ISC_LIST_HEAD(*buflist);
-- while (buffer != NULL) {
-- ISC_LIST_DEQUEUE(*buflist, buffer, link);
-- ISC_LIST_ENQUEUE(dev->bufferlist, buffer, link);
-- buffer = ISC_LIST_HEAD(*buflist);
-- }
--
-- ret = socket_recv(sock, dev, task, 0);
--
-- UNLOCK(&sock->lock);
-- return (ret);
--}
--
--isc_result_t
--isc__socket_recv(isc_socket_t *sock, isc_region_t *region,
-- unsigned int minimum, isc_task_t *task,
-- isc_taskaction_t action, const void *arg)
--{
-- isc_socketevent_t *dev;
-- isc_socketmgr_t *manager;
-- isc_result_t ret;
--
-- REQUIRE(VALID_SOCKET(sock));
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_CONNREFUSED);
-- }
-- REQUIRE(action != NULL);
--
-- manager = sock->manager;
-- REQUIRE(VALID_MANAGER(manager));
--
-- INSIST(sock->bound);
--
-- dev = allocate_socketevent(sock, ISC_SOCKEVENT_RECVDONE, action, arg);
-- if (dev == NULL) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_NOMEMORY);
-- }
--
-- ret = isc_socket_recv2(sock, region, minimum, task, dev, 0);
-- UNLOCK(&sock->lock);
-- return (ret);
--}
--
--isc_result_t
--isc__socket_recv2(isc_socket_t *sock, isc_region_t *region,
-- unsigned int minimum, isc_task_t *task,
-- isc_socketevent_t *event, unsigned int flags)
--{
-- isc_result_t ret;
--
-- REQUIRE(VALID_SOCKET(sock));
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- event->result = ISC_R_UNEXPECTED;
-- event->ev_sender = sock;
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_CONNREFUSED);
-- }
--
-- ISC_LIST_INIT(event->bufferlist);
-- event->region = *region;
-- event->n = 0;
-- event->offset = 0;
-- event->attributes = 0;
--
-- /*
-- * UDP sockets are always partial read.
-- */
-- if (sock->type == isc_sockettype_udp)
-- event->minimum = 1;
-- else {
-- if (minimum == 0)
-- event->minimum = region->length;
-- else
-- event->minimum = minimum;
-- }
--
-- ret = socket_recv(sock, event, task, flags);
-- UNLOCK(&sock->lock);
-- return (ret);
--}
--
--/*
-- * Caller must have the socket locked.
-- */
--static isc_result_t
--socket_send(isc_socket_t *sock, isc_socketevent_t *dev, isc_task_t *task,
-- isc_sockaddr_t *address, struct in6_pktinfo *pktinfo,
-- unsigned int flags)
--{
-- int io_state;
-- int send_errno = 0;
-- int cc = 0;
-- isc_task_t *ntask = NULL;
-- isc_result_t result = ISC_R_SUCCESS;
--
-- dev->ev_sender = task;
--
-- set_dev_address(address, sock, dev);
-- if (pktinfo != NULL) {
-- socket_log(__LINE__, sock, NULL, TRACE, isc_msgcat, ISC_MSGSET_SOCKET,
-- ISC_MSG_PKTINFOPROVIDED,
-- "pktinfo structure provided, ifindex %u (set to 0)",
-- pktinfo->ipi6_ifindex);
--
-- dev->attributes |= ISC_SOCKEVENTATTR_PKTINFO;
-- dev->pktinfo = *pktinfo;
-- /*
-- * Set the pktinfo index to 0 here, to let the kernel decide
-- * what interface it should send on.
-- */
-- dev->pktinfo.ipi6_ifindex = 0;
-- }
--
-- io_state = startio_send(sock, dev, &cc, &send_errno);
-- switch (io_state) {
-- case DOIO_PENDING: /* I/O started. Nothing more to do */
-- case DOIO_SOFT:
-- /*
-- * We couldn't send all or part of the request right now, so
-- * queue it unless ISC_SOCKFLAG_NORETRY is set.
-- */
-- if ((flags & ISC_SOCKFLAG_NORETRY) == 0) {
-- isc_task_attach(task, &ntask);
-- dev->attributes |= ISC_SOCKEVENTATTR_ATTACHED;
--
-- /*
-- * Enqueue the request.
-- */
-- INSIST(!ISC_LINK_LINKED(dev, ev_link));
-- ISC_LIST_ENQUEUE(sock->send_list, dev, ev_link);
--
-- socket_log(__LINE__, sock, NULL, EVENT, NULL, 0, 0,
-- "socket_send: event %p -> task %p",
-- dev, ntask);
--
-- if ((flags & ISC_SOCKFLAG_IMMEDIATE) != 0)
-- result = ISC_R_INPROGRESS;
-- break;
-- }
--
-- case DOIO_SUCCESS:
-- break;
-- }
--
-- return (result);
--}
--
--isc_result_t
--isc__socket_send(isc_socket_t *sock, isc_region_t *region,
-- isc_task_t *task, isc_taskaction_t action, const void *arg)
--{
-- /*
-- * REQUIRE() checking is performed in isc_socket_sendto().
-- */
-- return (isc_socket_sendto(sock, region, task, action, arg, NULL,
-- NULL));
--}
--
--isc_result_t
--isc__socket_sendto(isc_socket_t *sock, isc_region_t *region,
-- isc_task_t *task, isc_taskaction_t action, const void *arg,
-- isc_sockaddr_t *address, struct in6_pktinfo *pktinfo)
--{
-- isc_socketevent_t *dev;
-- isc_socketmgr_t *manager;
-- isc_result_t ret;
--
-- REQUIRE(VALID_SOCKET(sock));
-- REQUIRE(sock->type != isc_sockettype_fdwatch);
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_CONNREFUSED);
-- }
-- REQUIRE(region != NULL);
-- REQUIRE(task != NULL);
-- REQUIRE(action != NULL);
--
-- manager = sock->manager;
-- REQUIRE(VALID_MANAGER(manager));
--
-- INSIST(sock->bound);
--
-- dev = allocate_socketevent(sock, ISC_SOCKEVENT_SENDDONE, action, arg);
-- if (dev == NULL) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_NOMEMORY);
-- }
-- dev->region = *region;
--
-- ret = socket_send(sock, dev, task, address, pktinfo, 0);
-- UNLOCK(&sock->lock);
-- return (ret);
--}
--
--isc_result_t
--isc__socket_sendv(isc_socket_t *sock, isc_bufferlist_t *buflist,
-- isc_task_t *task, isc_taskaction_t action, const void *arg)
--{
-- return (isc_socket_sendtov(sock, buflist, task, action, arg, NULL,
-- NULL));
--}
--
--isc_result_t
--isc__socket_sendtov(isc_socket_t *sock, isc_bufferlist_t *buflist,
-- isc_task_t *task, isc_taskaction_t action, const void *arg,
-- isc_sockaddr_t *address, struct in6_pktinfo *pktinfo)
--{
-- isc_socketevent_t *dev;
-- isc_socketmgr_t *manager;
-- unsigned int iocount;
-- isc_buffer_t *buffer;
-- isc_result_t ret;
--
-- REQUIRE(VALID_SOCKET(sock));
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_CONNREFUSED);
-- }
-- REQUIRE(buflist != NULL);
-- REQUIRE(!ISC_LIST_EMPTY(*buflist));
-- REQUIRE(task != NULL);
-- REQUIRE(action != NULL);
--
-- manager = sock->manager;
-- REQUIRE(VALID_MANAGER(manager));
--
-- iocount = isc_bufferlist_usedcount(buflist);
-- REQUIRE(iocount > 0);
--
-- dev = allocate_socketevent(sock, ISC_SOCKEVENT_SENDDONE, action, arg);
-- if (dev == NULL) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_NOMEMORY);
-- }
--
-- /*
-- * Move each buffer from the passed in list to our internal one.
-- */
-- buffer = ISC_LIST_HEAD(*buflist);
-- while (buffer != NULL) {
-- ISC_LIST_DEQUEUE(*buflist, buffer, link);
-- ISC_LIST_ENQUEUE(dev->bufferlist, buffer, link);
-- buffer = ISC_LIST_HEAD(*buflist);
-- }
--
-- ret = socket_send(sock, dev, task, address, pktinfo, 0);
-- UNLOCK(&sock->lock);
-- return (ret);
--}
--
--isc_result_t
--isc__socket_sendto2(isc_socket_t *sock, isc_region_t *region,
-- isc_task_t *task,
-- isc_sockaddr_t *address, struct in6_pktinfo *pktinfo,
-- isc_socketevent_t *event, unsigned int flags)
--{
-- isc_result_t ret;
--
-- REQUIRE(VALID_SOCKET(sock));
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- REQUIRE((flags & ~(ISC_SOCKFLAG_IMMEDIATE|ISC_SOCKFLAG_NORETRY)) == 0);
-- if ((flags & ISC_SOCKFLAG_NORETRY) != 0)
-- REQUIRE(sock->type == isc_sockettype_udp);
-- event->ev_sender = sock;
-- event->result = ISC_R_UNEXPECTED;
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_CONNREFUSED);
-- }
-- ISC_LIST_INIT(event->bufferlist);
-- event->region = *region;
-- event->n = 0;
-- event->offset = 0;
-- event->attributes = 0;
--
-- ret = socket_send(sock, event, task, address, pktinfo, flags);
-- UNLOCK(&sock->lock);
-- return (ret);
--}
--
--isc_result_t
--isc__socket_bind(isc_socket_t *sock, isc_sockaddr_t *sockaddr,
-- unsigned int options) {
-- int bind_errno;
-- char strbuf[ISC_STRERRORSIZE];
-- int on = 1;
--
-- REQUIRE(VALID_SOCKET(sock));
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_CONNREFUSED);
-- }
--
-- INSIST(!sock->bound);
--
-- if (sock->pf != sockaddr->type.sa.sa_family) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_FAMILYMISMATCH);
-- }
-- /*
-- * Only set SO_REUSEADDR when we want a specific port.
-- */
-- if ((options & ISC_SOCKET_REUSEADDRESS) != 0 &&
-- isc_sockaddr_getport(sockaddr) != (in_port_t)0 &&
-- setsockopt(sock->fd, SOL_SOCKET, SO_REUSEADDR, (void *)&on,
-- sizeof(on)) < 0) {
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-- "setsockopt(%d) %s", sock->fd,
-- isc_msgcat_get(isc_msgcat, ISC_MSGSET_GENERAL,
-- ISC_MSG_FAILED, "failed"));
-- /* Press on... */
-- }
-- if (bind(sock->fd, &sockaddr->type.sa, sockaddr->length) < 0) {
-- bind_errno = WSAGetLastError();
-- UNLOCK(&sock->lock);
-- switch (bind_errno) {
-- case WSAEACCES:
-- return (ISC_R_NOPERM);
-- case WSAEADDRNOTAVAIL:
-- return (ISC_R_ADDRNOTAVAIL);
-- case WSAEADDRINUSE:
-- return (ISC_R_ADDRINUSE);
-- case WSAEINVAL:
-- return (ISC_R_BOUND);
-- default:
-- isc__strerror(bind_errno, strbuf, sizeof(strbuf));
-- UNEXPECTED_ERROR(__FILE__, __LINE__, "bind: %s",
-- strbuf);
-- return (ISC_R_UNEXPECTED);
-- }
-- }
--
-- socket_log(__LINE__, sock, sockaddr, TRACE,
-- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_BOUND, "bound");
-- sock->bound = 1;
--
-- UNLOCK(&sock->lock);
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--isc__socket_filter(isc_socket_t *sock, const char *filter) {
-- UNUSED(sock);
-- UNUSED(filter);
--
-- REQUIRE(VALID_SOCKET(sock));
-- return (ISC_R_NOTIMPLEMENTED);
--}
--
--/*
-- * Set up to listen on a given socket. We do this by creating an internal
-- * event that will be dispatched when the socket has read activity. The
-- * watcher will send the internal event to the task when there is a new
-- * connection.
-- *
-- * Unlike in read, we don't preallocate a done event here. Every time there
-- * is a new connection we'll have to allocate a new one anyway, so we might
-- * as well keep things simple rather than having to track them.
-- */
--isc_result_t
--isc__socket_listen(isc_socket_t *sock, unsigned int backlog) {
-- char strbuf[ISC_STRERRORSIZE];
--
-- REQUIRE(VALID_SOCKET(sock));
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_CONNREFUSED);
-- }
--
-- REQUIRE(!sock->listener);
-- REQUIRE(sock->bound);
-- REQUIRE(sock->type == isc_sockettype_tcp);
--
-- if (backlog == 0)
-- backlog = SOMAXCONN;
--
-- if (listen(sock->fd, (int)backlog) < 0) {
-- UNLOCK(&sock->lock);
-- isc__strerror(WSAGetLastError(), strbuf, sizeof(strbuf));
--
-- UNEXPECTED_ERROR(__FILE__, __LINE__, "listen: %s", strbuf);
--
-- return (ISC_R_UNEXPECTED);
-- }
--
-- socket_log(__LINE__, sock, NULL, TRACE,
-- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_BOUND, "listening");
-- sock->listener = 1;
-- _set_state(sock, SOCK_LISTEN);
--
-- UNLOCK(&sock->lock);
-- return (ISC_R_SUCCESS);
--}
--
--/*
-- * This should try to do aggressive accept() XXXMLG
-- */
--isc_result_t
--isc__socket_accept(isc_socket_t *sock,
-- isc_task_t *task, isc_taskaction_t action, const void *arg)
--{
-- isc_socket_newconnev_t *adev;
-- isc_socketmgr_t *manager;
-- isc_task_t *ntask = NULL;
-- isc_socket_t *nsock;
-- isc_result_t result;
-- IoCompletionInfo *lpo;
--
-- REQUIRE(VALID_SOCKET(sock));
--
-- manager = sock->manager;
-- REQUIRE(VALID_MANAGER(manager));
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_CONNREFUSED);
-- }
--
-- REQUIRE(sock->listener);
--
-- /*
-- * Sender field is overloaded here with the task we will be sending
-- * this event to. Just before the actual event is delivered the
-- * actual ev_sender will be touched up to be the socket.
-- */
-- adev = (isc_socket_newconnev_t *)
-- isc_event_allocate(manager->mctx, task, ISC_SOCKEVENT_NEWCONN,
-- action, arg, sizeof(*adev));
-- if (adev == NULL) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_NOMEMORY);
-- }
-- ISC_LINK_INIT(adev, ev_link);
--
-- result = allocate_socket(manager, sock->type, &nsock);
-- if (result != ISC_R_SUCCESS) {
-- isc_event_free((isc_event_t **)&adev);
-- UNLOCK(&sock->lock);
-- return (result);
-- }
--
-- /*
-- * AcceptEx() requires we pass in a socket.
-- */
-- nsock->fd = socket(sock->pf, SOCK_STREAM, IPPROTO_TCP);
-- if (nsock->fd == INVALID_SOCKET) {
-- free_socket(&nsock, __LINE__);
-- isc_event_free((isc_event_t **)&adev);
-- UNLOCK(&sock->lock);
-- return (ISC_R_FAILURE); // XXXMLG need real error message
-- }
--
-- /*
-- * Attach to socket and to task.
-- */
-- isc_task_attach(task, &ntask);
-- nsock->references++;
--
-- adev->ev_sender = ntask;
-- adev->newsocket = nsock;
-- _set_state(nsock, SOCK_ACCEPT);
--
-- /*
-- * Queue io completion for an accept().
-- */
-- lpo = (IoCompletionInfo *)HeapAlloc(hHeapHandle,
-- HEAP_ZERO_MEMORY,
-- sizeof(IoCompletionInfo));
-- RUNTIME_CHECK(lpo != NULL);
-- lpo->acceptbuffer = (void *)HeapAlloc(hHeapHandle, HEAP_ZERO_MEMORY,
-- (sizeof(SOCKADDR_STORAGE) + 16) * 2);
-- RUNTIME_CHECK(lpo->acceptbuffer != NULL);
--
-- lpo->adev = adev;
-- lpo->request_type = SOCKET_ACCEPT;
--
-- ISCAcceptEx(sock->fd,
-- nsock->fd, /* Accepted Socket */
-- lpo->acceptbuffer, /* Buffer for initial Recv */
-- 0, /* Length of Buffer */
-- sizeof(SOCKADDR_STORAGE) + 16, /* Local address length + 16 */
-- sizeof(SOCKADDR_STORAGE) + 16, /* Remote address lengh + 16 */
-- (LPDWORD)&lpo->received_bytes, /* Bytes Recved */
-- (LPOVERLAPPED)lpo /* Overlapped structure */
-- );
-- iocompletionport_update(nsock);
--
-- socket_log(__LINE__, sock, NULL, TRACE,
-- isc_msgcat, ISC_MSGSET_SOCKET, ISC_MSG_BOUND,
-- "accepting for nsock %p fd %d", nsock, nsock->fd);
--
-- /*
-- * Enqueue the event
-- */
-- ISC_LIST_ENQUEUE(sock->accept_list, adev, ev_link);
-- sock->pending_accept++;
-- sock->pending_iocp++;
--
-- UNLOCK(&sock->lock);
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--isc__socket_connect(isc_socket_t *sock, isc_sockaddr_t *addr,
-- isc_task_t *task, isc_taskaction_t action, const void *arg)
--{
-- char strbuf[ISC_STRERRORSIZE];
-- isc_socket_connev_t *cdev;
-- isc_task_t *ntask = NULL;
-- isc_socketmgr_t *manager;
-- IoCompletionInfo *lpo;
-- int bind_errno;
--
-- REQUIRE(VALID_SOCKET(sock));
-- REQUIRE(addr != NULL);
-- REQUIRE(task != NULL);
-- REQUIRE(action != NULL);
--
-- manager = sock->manager;
-- REQUIRE(VALID_MANAGER(manager));
-- REQUIRE(addr != NULL);
--
-- if (isc_sockaddr_ismulticast(addr))
-- return (ISC_R_MULTICAST);
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_CONNREFUSED);
-- }
--
-- /*
-- * Windows sockets won't connect unless the socket is bound.
-- */
-- if (!sock->bound) {
-- isc_sockaddr_t any;
--
-- isc_sockaddr_anyofpf(&any, isc_sockaddr_pf(addr));
-- if (bind(sock->fd, &any.type.sa, any.length) < 0) {
-- bind_errno = WSAGetLastError();
-- UNLOCK(&sock->lock);
-- switch (bind_errno) {
-- case WSAEACCES:
-- return (ISC_R_NOPERM);
-- case WSAEADDRNOTAVAIL:
-- return (ISC_R_ADDRNOTAVAIL);
-- case WSAEADDRINUSE:
-- return (ISC_R_ADDRINUSE);
-- case WSAEINVAL:
-- return (ISC_R_BOUND);
-- default:
-- isc__strerror(bind_errno, strbuf,
-- sizeof(strbuf));
-- UNEXPECTED_ERROR(__FILE__, __LINE__,
-- "bind: %s", strbuf);
-- return (ISC_R_UNEXPECTED);
-- }
-- }
-- sock->bound = 1;
-- }
--
-- REQUIRE(!sock->pending_connect);
--
-- cdev = (isc_socket_connev_t *)isc_event_allocate(manager->mctx, sock,
-- ISC_SOCKEVENT_CONNECT,
-- action, arg,
-- sizeof(*cdev));
-- if (cdev == NULL) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_NOMEMORY);
-- }
-- ISC_LINK_INIT(cdev, ev_link);
--
-- if (sock->type == isc_sockettype_tcp) {
-- /*
-- * Queue io completion for an accept().
-- */
-- lpo = (IoCompletionInfo *)HeapAlloc(hHeapHandle,
-- HEAP_ZERO_MEMORY,
-- sizeof(IoCompletionInfo));
-- lpo->cdev = cdev;
-- lpo->request_type = SOCKET_CONNECT;
--
-- sock->address = *addr;
-- ISCConnectEx(sock->fd, &addr->type.sa, addr->length,
-- NULL, 0, NULL, (LPOVERLAPPED)lpo);
--
-- /*
-- * Attach to task.
-- */
-- isc_task_attach(task, &ntask);
-- cdev->ev_sender = ntask;
--
-- sock->pending_connect = 1;
-- _set_state(sock, SOCK_CONNECT);
--
-- /*
-- * Enqueue the request.
-- */
-- sock->connect_ev = cdev;
-- sock->pending_iocp++;
-- } else {
-- WSAConnect(sock->fd, &addr->type.sa, addr->length, NULL, NULL, NULL, NULL);
-- cdev->result = ISC_R_SUCCESS;
-- isc_task_send(task, (isc_event_t **)&cdev);
-- }
-- CONSISTENT(sock);
-- UNLOCK(&sock->lock);
--
-- return (ISC_R_SUCCESS);
--}
--
--isc_result_t
--isc__socket_getpeername(isc_socket_t *sock, isc_sockaddr_t *addressp) {
-- isc_result_t result;
--
-- REQUIRE(VALID_SOCKET(sock));
-- REQUIRE(addressp != NULL);
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_CONNREFUSED);
-- }
--
-- if (sock->connected) {
-- *addressp = sock->address;
-- result = ISC_R_SUCCESS;
-- } else {
-- result = ISC_R_NOTCONNECTED;
-- }
--
-- UNLOCK(&sock->lock);
--
-- return (result);
--}
--
--isc_result_t
--isc__socket_getsockname(isc_socket_t *sock, isc_sockaddr_t *addressp) {
-- ISC_SOCKADDR_LEN_T len;
-- isc_result_t result;
-- char strbuf[ISC_STRERRORSIZE];
--
-- REQUIRE(VALID_SOCKET(sock));
-- REQUIRE(addressp != NULL);
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_CONNREFUSED);
-- }
--
-- if (!sock->bound) {
-- result = ISC_R_NOTBOUND;
-- goto out;
-- }
--
-- result = ISC_R_SUCCESS;
--
-- len = sizeof(addressp->type);
-- if (getsockname(sock->fd, &addressp->type.sa, (void *)&len) < 0) {
-- isc__strerror(WSAGetLastError(), strbuf, sizeof(strbuf));
-- UNEXPECTED_ERROR(__FILE__, __LINE__, "getsockname: %s",
-- strbuf);
-- result = ISC_R_UNEXPECTED;
-- goto out;
-- }
-- addressp->length = (unsigned int)len;
--
-- out:
-- UNLOCK(&sock->lock);
--
-- return (result);
--}
--
--/*
-- * Run through the list of events on this socket, and cancel the ones
-- * queued for task "task" of type "how". "how" is a bitmask.
-- */
--void
--isc__socket_cancel(isc_socket_t *sock, isc_task_t *task, unsigned int how) {
--
-- REQUIRE(VALID_SOCKET(sock));
--
-- /*
-- * Quick exit if there is nothing to do. Don't even bother locking
-- * in this case.
-- */
-- if (how == 0)
-- return;
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return;
-- }
--
-- /*
-- * All of these do the same thing, more or less.
-- * Each will:
-- * o If the internal event is marked as "posted" try to
-- * remove it from the task's queue. If this fails, mark it
-- * as canceled instead, and let the task clean it up later.
-- * o For each I/O request for that task of that type, post
-- * its done event with status of "ISC_R_CANCELED".
-- * o Reset any state needed.
-- */
--
-- if ((how & ISC_SOCKCANCEL_RECV) == ISC_SOCKCANCEL_RECV) {
-- isc_socketevent_t *dev;
-- isc_socketevent_t *next;
-- isc_task_t *current_task;
--
-- dev = ISC_LIST_HEAD(sock->recv_list);
-- while (dev != NULL) {
-- current_task = dev->ev_sender;
-- next = ISC_LIST_NEXT(dev, ev_link);
-- if ((task == NULL) || (task == current_task)) {
-- dev->result = ISC_R_CANCELED;
-- send_recvdone_event(sock, &dev);
-- }
-- dev = next;
-- }
-- }
-- how &= ~ISC_SOCKCANCEL_RECV;
--
-- if ((how & ISC_SOCKCANCEL_SEND) == ISC_SOCKCANCEL_SEND) {
-- isc_socketevent_t *dev;
-- isc_socketevent_t *next;
-- isc_task_t *current_task;
--
-- dev = ISC_LIST_HEAD(sock->send_list);
--
-- while (dev != NULL) {
-- current_task = dev->ev_sender;
-- next = ISC_LIST_NEXT(dev, ev_link);
-- if ((task == NULL) || (task == current_task)) {
-- dev->result = ISC_R_CANCELED;
-- send_senddone_event(sock, &dev);
-- }
-- dev = next;
-- }
-- }
-- how &= ~ISC_SOCKCANCEL_SEND;
--
-- if (((how & ISC_SOCKCANCEL_ACCEPT) == ISC_SOCKCANCEL_ACCEPT)
-- && !ISC_LIST_EMPTY(sock->accept_list)) {
-- isc_socket_newconnev_t *dev;
-- isc_socket_newconnev_t *next;
-- isc_task_t *current_task;
--
-- dev = ISC_LIST_HEAD(sock->accept_list);
-- while (dev != NULL) {
-- current_task = dev->ev_sender;
-- next = ISC_LIST_NEXT(dev, ev_link);
--
-- if ((task == NULL) || (task == current_task)) {
--
-- dev->newsocket->references--;
-- closesocket(dev->newsocket->fd);
-- dev->newsocket->fd = INVALID_SOCKET;
-- free_socket(&dev->newsocket, __LINE__);
--
-- dev->result = ISC_R_CANCELED;
-- send_acceptdone_event(sock, &dev);
-- }
--
-- dev = next;
-- }
-- }
-- how &= ~ISC_SOCKCANCEL_ACCEPT;
--
-- /*
-- * Connecting is not a list.
-- */
-- if (((how & ISC_SOCKCANCEL_CONNECT) == ISC_SOCKCANCEL_CONNECT)
-- && sock->connect_ev != NULL) {
-- isc_socket_connev_t *dev;
-- isc_task_t *current_task;
--
-- INSIST(sock->pending_connect);
--
-- dev = sock->connect_ev;
-- current_task = dev->ev_sender;
--
-- if ((task == NULL) || (task == current_task)) {
-- closesocket(sock->fd);
-- sock->fd = INVALID_SOCKET;
-- _set_state(sock, SOCK_CLOSED);
--
-- sock->connect_ev = NULL;
-- dev->result = ISC_R_CANCELED;
-- send_connectdone_event(sock, &dev);
-- }
-- }
-- how &= ~ISC_SOCKCANCEL_CONNECT;
--
-- maybe_free_socket(&sock, __LINE__);
--}
--
--isc_sockettype_t
--isc__socket_gettype(isc_socket_t *sock) {
-- isc_sockettype_t type;
--
-- REQUIRE(VALID_SOCKET(sock));
--
-- LOCK(&sock->lock);
--
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_R_CONNREFUSED);
-- }
--
-- type = sock->type;
-- UNLOCK(&sock->lock);
-- return (type);
--}
--
--isc_boolean_t
--isc__socket_isbound(isc_socket_t *sock) {
-- isc_boolean_t val;
--
-- REQUIRE(VALID_SOCKET(sock));
--
-- LOCK(&sock->lock);
-- CONSISTENT(sock);
--
-- /*
-- * make sure that the socket's not closed
-- */
-- if (sock->fd == INVALID_SOCKET) {
-- UNLOCK(&sock->lock);
-- return (ISC_FALSE);
-- }
--
-- val = ((sock->bound) ? ISC_TRUE : ISC_FALSE);
-- UNLOCK(&sock->lock);
--
-- return (val);
--}
--
--void
--isc__socket_ipv6only(isc_socket_t *sock, isc_boolean_t yes) {
--#if defined(IPV6_V6ONLY)
-- int onoff = yes ? 1 : 0;
--#else
-- UNUSED(yes);
--#endif
--
-- REQUIRE(VALID_SOCKET(sock));
--
--#ifdef IPV6_V6ONLY
-- if (sock->pf == AF_INET6) {
-- (void)setsockopt(sock->fd, IPPROTO_IPV6, IPV6_V6ONLY,
-- (void *)&onoff, sizeof(onoff));
-- }
--#endif
--}
--
--void
--isc__socket_cleanunix(isc_sockaddr_t *addr, isc_boolean_t active) {
-- UNUSED(addr);
-- UNUSED(active);
--}
--
--isc_result_t
--isc__socket_permunix(isc_sockaddr_t *addr, isc_uint32_t perm,
-- isc_uint32_t owner, isc_uint32_t group)
--{
-- UNUSED(addr);
-- UNUSED(perm);
-- UNUSED(owner);
-- UNUSED(group);
-- return (ISC_R_NOTIMPLEMENTED);
--}
--
--void
--isc__socket_setname(isc_socket_t *socket, const char *name, void *tag) {
--
-- /*
-- * Name 'socket'.
-- */
--
-- REQUIRE(VALID_SOCKET(socket));
--
-- LOCK(&socket->lock);
-- memset(socket->name, 0, sizeof(socket->name));
-- strncpy(socket->name, name, sizeof(socket->name) - 1);
-- socket->tag = tag;
-- UNLOCK(&socket->lock);
--}
--
--const char *
--isc__socket_getname(isc_socket_t *socket) {
-- return (socket->name);
--}
--
--void *
--isc__socket_gettag(isc_socket_t *socket) {
-- return (socket->tag);
--}
--
--void
--isc__socketmgr_setreserved(isc_socketmgr_t *manager, isc_uint32_t reserved) {
-- UNUSED(manager);
-- UNUSED(reserved);
--}
--
--void
--isc___socketmgr_maxudp(isc_socketmgr_t *manager, int maxudp) {
--
-- UNUSED(manager);
-- UNUSED(maxudp);
--}
--
--#ifdef HAVE_LIBXML2
--
--static const char *
--_socktype(isc_sockettype_t type)
--{
-- if (type == isc_sockettype_udp)
-- return ("udp");
-- else if (type == isc_sockettype_tcp)
-- return ("tcp");
-- else if (type == isc_sockettype_unix)
-- return ("unix");
-- else if (type == isc_sockettype_fdwatch)
-- return ("fdwatch");
-- else
-- return ("not-initialized");
--}
--
--void
--isc_socketmgr_renderxml(isc_socketmgr_t *mgr, xmlTextWriterPtr writer)
--{
-- isc_socket_t *sock;
-- char peerbuf[ISC_SOCKADDR_FORMATSIZE];
-- isc_sockaddr_t addr;
-- ISC_SOCKADDR_LEN_T len;
--
-- LOCK(&mgr->lock);
--
--#ifndef ISC_PLATFORM_USETHREADS
-- xmlTextWriterStartElement(writer, ISC_XMLCHAR "references");
-- xmlTextWriterWriteFormatString(writer, "%d", mgr->refs);
-- xmlTextWriterEndElement(writer);
--#endif
--
-- xmlTextWriterStartElement(writer, ISC_XMLCHAR "sockets");
-- sock = ISC_LIST_HEAD(mgr->socklist);
-- while (sock != NULL) {
-- LOCK(&sock->lock);
-- xmlTextWriterStartElement(writer, ISC_XMLCHAR "socket");
--
-- xmlTextWriterStartElement(writer, ISC_XMLCHAR "id");
-- xmlTextWriterWriteFormatString(writer, "%p", sock);
-- xmlTextWriterEndElement(writer);
--
-- if (sock->name[0] != 0) {
-- xmlTextWriterStartElement(writer, ISC_XMLCHAR "name");
-- xmlTextWriterWriteFormatString(writer, "%s",
-- sock->name);
-- xmlTextWriterEndElement(writer); /* name */
-- }
--
-- xmlTextWriterStartElement(writer, ISC_XMLCHAR "references");
-- xmlTextWriterWriteFormatString(writer, "%d", sock->references);
-- xmlTextWriterEndElement(writer);
--
-- xmlTextWriterWriteElement(writer, ISC_XMLCHAR "type",
-- ISC_XMLCHAR _socktype(sock->type));
--
-- if (sock->connected) {
-- isc_sockaddr_format(&sock->address, peerbuf,
-- sizeof(peerbuf));
-- xmlTextWriterWriteElement(writer,
-- ISC_XMLCHAR "peer-address",
-- ISC_XMLCHAR peerbuf);
-- }
--
-- len = sizeof(addr);
-- if (getsockname(sock->fd, &addr.type.sa, (void *)&len) == 0) {
-- isc_sockaddr_format(&addr, peerbuf, sizeof(peerbuf));
-- xmlTextWriterWriteElement(writer,
-- ISC_XMLCHAR "local-address",
-- ISC_XMLCHAR peerbuf);
-- }
--
-- xmlTextWriterStartElement(writer, ISC_XMLCHAR "states");
-- if (sock->pending_recv)
-- xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state",
-- ISC_XMLCHAR "pending-receive");
-- if (sock->pending_send)
-- xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state",
-- ISC_XMLCHAR "pending-send");
-- if (sock->pending_accept)
-- xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state",
-- ISC_XMLCHAR "pending_accept");
-- if (sock->listener)
-- xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state",
-- ISC_XMLCHAR "listener");
-- if (sock->connected)
-- xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state",
-- ISC_XMLCHAR "connected");
-- if (sock->pending_connect)
-- xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state",
-- ISC_XMLCHAR "connecting");
-- if (sock->bound)
-- xmlTextWriterWriteElement(writer, ISC_XMLCHAR "state",
-- ISC_XMLCHAR "bound");
--
-- xmlTextWriterEndElement(writer); /* states */
--
-- xmlTextWriterEndElement(writer); /* socket */
--
-- UNLOCK(&sock->lock);
-- sock = ISC_LIST_NEXT(sock, link);
-- }
-- xmlTextWriterEndElement(writer); /* sockets */
--
-- UNLOCK(&mgr->lock);
--}
--#endif /* HAVE_LIBXML2 */
+++ /dev/null
--./.cvsignore X 1998,1999,2000,2001,2004
--./CHANGES X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./COPYRIGHT TXT 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./FAQ X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./FAQ.xml SGML 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./Makefile.in MAKE 1998,1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./NSEC3-NOTES X 2008,2009
--./README X 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./README.idnkit X 2005,2009
--./README.libdns X 2009
--./README.pkcs11 X 2008,2009
--./README.rfc5011 X 2009
--./acconfig.h C 1999,2000,2001,2002,2003,2004,2005,2007,2008
--./aclocal.m4 X 1999,2000,2001
--./bin/.cvsignore X 1998,1999,2000,2001
--./bin/Makefile.in MAKE 1998,1999,2000,2001,2004,2007,2009
--./bin/check/.cvsignore X 2000,2001
--./bin/check/Makefile.in MAKE 2000,2001,2002,2003,2004,2005,2006,2007,2009
--./bin/check/check-tool.c C 2000,2001,2002,2004,2005,2006,2007,2008,2009
--./bin/check/check-tool.h C 2000,2001,2002,2004,2005,2007
--./bin/check/named-checkconf.8 MAN DOCBOOK
--./bin/check/named-checkconf.c C 1999,2000,2001,2002,2004,2005,2006,2007,2009
--./bin/check/named-checkconf.docbook SGML 2000,2001,2002,2004,2005,2007,2009
--./bin/check/named-checkconf.html HTML DOCBOOK
--./bin/check/named-checkzone.8 MAN DOCBOOK
--./bin/check/named-checkzone.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/check/named-checkzone.docbook SGML 2000,2001,2002,2004,2005,2006,2007,2009
--./bin/check/named-checkzone.html HTML DOCBOOK
--./bin/check/win32/checktool.dsp X 2006,2009
--./bin/check/win32/checktool.dsw X 2006
--./bin/check/win32/namedcheckconf.dsp X 2001,2004,2005,2006,2009
--./bin/check/win32/namedcheckconf.dsw X 2001
--./bin/check/win32/namedcheckconf.mak X 2001,2002,2004,2005,2006,2009
--./bin/check/win32/namedcheckzone.dsp X 2001,2002,2004,2005,2006,2009
--./bin/check/win32/namedcheckzone.dsw X 2001
--./bin/check/win32/namedcheckzone.mak X 2001,2002,2004,2005,2006,2009
--./bin/confgen/.cvsignore X 2009
--./bin/confgen/Makefile.in MAKE 2009
--./bin/confgen/ddns-confgen.8 MAN DOCBOOK
--./bin/confgen/ddns-confgen.c C 2009
--./bin/confgen/ddns-confgen.docbook SGML 2009
--./bin/confgen/ddns-confgen.html HTML DOCBOOK
--./bin/confgen/include/confgen/os.h C 2009
--./bin/confgen/keygen.c C 2009
--./bin/confgen/keygen.h C 2009
--./bin/confgen/rndc-confgen.8 MAN DOCBOOK
--./bin/confgen/rndc-confgen.c C 2001,2003,2004,2005,2007,2008,2009
--./bin/confgen/rndc-confgen.docbook SGML 2001,2003,2004,2005,2007,2009
--./bin/confgen/rndc-confgen.html HTML DOCBOOK
--./bin/confgen/unix/.cvsignore X 2009
--./bin/confgen/unix/Makefile.in MAKE 2009
--./bin/confgen/unix/os.c C 2009
--./bin/confgen/util.c C 2009
--./bin/confgen/util.h C 2009
--./bin/confgen/win32/confgentool.dsp X 2009
--./bin/confgen/win32/confgentool.dsw X 2009
--./bin/confgen/win32/ddnsconfgen.dsp X 2009
--./bin/confgen/win32/ddnsconfgen.dsw X 2009
--./bin/confgen/win32/ddnsconfgen.mak X 2009
--./bin/confgen/win32/os.c C 2009
--./bin/confgen/win32/rndcconfgen.dsp X 2001,2009
--./bin/confgen/win32/rndcconfgen.dsw X 2001,2004,2005,2006,2009
--./bin/confgen/win32/rndcconfgen.mak X 2001,2004,2005,2006,2009
--./bin/dig/.cvsignore X 2000,2001
--./bin/dig/Makefile.in MAKE 2000,2001,2002,2004,2005,2007,2009
--./bin/dig/dig.1 MAN DOCBOOK
--./bin/dig/dig.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/dig/dig.docbook SGML 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/dig/dig.html HTML DOCBOOK
--./bin/dig/dighost.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/dig/host.1 MAN DOCBOOK
--./bin/dig/host.c C 2000,2001,2002,2003,2004,2005,2006,2007,2009
--./bin/dig/host.docbook SGML 2000,2001,2002,2004,2005,2007,2008,2009
--./bin/dig/host.html HTML DOCBOOK
--./bin/dig/include/dig/dig.h C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/dig/nslookup.1 MAN DOCBOOK
--./bin/dig/nslookup.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/dig/nslookup.docbook SGML 2004,2005,2006,2007
--./bin/dig/nslookup.html HTML DOCBOOK
--./bin/dig/win32/dig.dsp X 2001,2002,2004,2005,2006,2009
--./bin/dig/win32/dig.dsw X 2001
--./bin/dig/win32/dig.mak X 2001,2002,2004,2005,2006,2009
--./bin/dig/win32/dighost.dsp X 2006,2009
--./bin/dig/win32/dighost.dsw X 2006
--./bin/dig/win32/host.dsp X 2001,2002,2004,2005,2006,2009
--./bin/dig/win32/host.dsw X 2001
--./bin/dig/win32/host.mak X 2001,2002,2004,2005,2006,2009
--./bin/dig/win32/nslookup.dsp X 2001,2002,2004,2005,2009
--./bin/dig/win32/nslookup.dsw X 2001
--./bin/dig/win32/nslookup.mak X 2001,2002,2004,2005,2006,2009
--./bin/dnssec/.cvsignore X 2000,2001,2008,2009
--./bin/dnssec/Makefile.in MAKE 2000,2001,2002,2004,2005,2007,2008,2009
--./bin/dnssec/dnssec-dsfromkey.8 MAN 2008,2009
--./bin/dnssec/dnssec-dsfromkey.c C 2008,2009
--./bin/dnssec/dnssec-dsfromkey.docbook SGML 2008,2009
--./bin/dnssec/dnssec-dsfromkey.html HTML 2008,2009
--./bin/dnssec/dnssec-keyfromlabel.8 MAN DOCBOOK
--./bin/dnssec/dnssec-keyfromlabel.c C 2007,2008,2009
--./bin/dnssec/dnssec-keyfromlabel.docbook SGML 2008,2009
--./bin/dnssec/dnssec-keyfromlabel.html HTML DOCBOOK
--./bin/dnssec/dnssec-keygen.8 MAN DOCBOOK
--./bin/dnssec/dnssec-keygen.c C.NAI 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/dnssec/dnssec-keygen.docbook SGML 2000,2001,2002,2003,2004,2005,2007,2008,2009
--./bin/dnssec/dnssec-keygen.html HTML DOCBOOK
--./bin/dnssec/dnssec-revoke.8 MAN 2009
--./bin/dnssec/dnssec-revoke.c C 2009
--./bin/dnssec/dnssec-revoke.docbook SGML 2009
--./bin/dnssec/dnssec-revoke.html HTML 2009
--./bin/dnssec/dnssec-settime.8 MAN 2009
--./bin/dnssec/dnssec-settime.c C 2009
--./bin/dnssec/dnssec-settime.docbook SGML 2009
--./bin/dnssec/dnssec-settime.html HTML 2009
--./bin/dnssec/dnssec-signzone.8 MAN DOCBOOK
--./bin/dnssec/dnssec-signzone.c C.NAI 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/dnssec/dnssec-signzone.docbook SGML 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/dnssec/dnssec-signzone.html HTML DOCBOOK
--./bin/dnssec/dnssectool.c C 2000,2001,2003,2004,2005,2007,2009
--./bin/dnssec/dnssectool.h C 2000,2001,2003,2004,2007,2008,2009
--./bin/dnssec/win32/dnssectool.dsp X 2006,2009
--./bin/dnssec/win32/dnssectool.dsw X 2006,2009
--./bin/dnssec/win32/dsfromkey.dsp X 2008,2009
--./bin/dnssec/win32/dsfromkey.dsw X 2008
--./bin/dnssec/win32/dsfromkey.mak X 2008,2009
--./bin/dnssec/win32/keyfromlabel.dsp X 2008,2009
--./bin/dnssec/win32/keyfromlabel.dsw X 2008
--./bin/dnssec/win32/keyfromlabel.mak X 2008,2009
--./bin/dnssec/win32/keygen.dsp X 2001,2004,2005,2006,2009
--./bin/dnssec/win32/keygen.dsw X 2001
--./bin/dnssec/win32/keygen.mak X 2001,2004,2005,2006,2009
--./bin/dnssec/win32/nsupdate.dsp X 2001,2004,2005
--./bin/dnssec/win32/nsupdate.dsw X 2001
--./bin/dnssec/win32/revoke.dsp X 2009
--./bin/dnssec/win32/revoke.dsw X 2009
--./bin/dnssec/win32/revoke.mak X 2009
--./bin/dnssec/win32/settime.dsp X 2009
--./bin/dnssec/win32/settime.dsw X 2009
--./bin/dnssec/win32/settime.mak X 2009
--./bin/dnssec/win32/signzone.dsp X 2001,2004,2005,2006,2009
--./bin/dnssec/win32/signzone.dsw X 2001
--./bin/dnssec/win32/signzone.mak X 2001,2004,2005,2006,2009
--./bin/named/.cvsignore X 1999,2000,2001,2007,2008
--./bin/named/Makefile.in MAKE 1998,1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./bin/named/bind.keys.h X 2009
--./bin/named/bind9.xsl SGML 2006,2007,2008,2009
--./bin/named/bind9.xsl.h X 2007,2008,2009
--./bin/named/bindkeys.pl PERL 2009
--./bin/named/builtin.c C 2001,2002,2003,2004,2005,2007,2009
--./bin/named/client.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/named/config.c C 2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/named/control.c C 2001,2002,2003,2004,2005,2006,2007,2009
--./bin/named/controlconf.c C 2001,2002,2003,2004,2005,2006,2007,2008
--./bin/named/convertxsl.pl PERL 2006,2007,2008
--./bin/named/include/named/builtin.h C 2001,2004,2005,2007
--./bin/named/include/named/client.h C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/named/include/named/config.h C 2001,2002,2004,2005,2006,2007,2009
--./bin/named/include/named/control.h C 2001,2002,2003,2004,2005,2006,2007
--./bin/named/include/named/globals.h C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/named/include/named/interfacemgr.h C 1999,2000,2001,2002,2004,2005,2007
--./bin/named/include/named/listenlist.h C 2000,2001,2004,2005,2007
--./bin/named/include/named/log.h C 1999,2000,2001,2002,2004,2005,2007,2009
--./bin/named/include/named/logconf.h C 1999,2000,2001,2004,2005,2006,2007
--./bin/named/include/named/lwaddr.h C 2000,2001,2004,2005,2007
--./bin/named/include/named/lwdclient.h C 2000,2001,2004,2005,2007,2009
--./bin/named/include/named/lwresd.h C 2000,2001,2004,2005,2006,2007
--./bin/named/include/named/lwsearch.h C 2000,2001,2004,2005,2007
--./bin/named/include/named/main.h C 1999,2000,2001,2002,2004,2005,2007
--./bin/named/include/named/notify.h C 1999,2000,2001,2004,2005,2007,2009
--./bin/named/include/named/ns_smf_globals.h C 2005,2007
--./bin/named/include/named/query.h C 1999,2000,2001,2002,2004,2005,2007
--./bin/named/include/named/server.h C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/named/include/named/sortlist.h C 2000,2001,2004,2005,2006,2007
--./bin/named/include/named/statschannel.h C 2008
--./bin/named/include/named/tkeyconf.h C 1999,2000,2001,2004,2005,2006,2007
--./bin/named/include/named/tsigconf.h C 1999,2000,2001,2004,2005,2006,2007,2009
--./bin/named/include/named/types.h C 1999,2000,2001,2004,2005,2006,2007,2008,2009
--./bin/named/include/named/update.h C 1999,2000,2001,2004,2005,2007
--./bin/named/include/named/xfrout.h C 1999,2000,2001,2004,2005,2007
--./bin/named/include/named/zoneconf.h C 1999,2000,2001,2002,2004,2005,2006,2007
--./bin/named/interfacemgr.c C 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./bin/named/listenlist.c C 2000,2001,2004,2005,2007
--./bin/named/log.c C 1999,2000,2001,2002,2004,2005,2006,2007,2009
--./bin/named/logconf.c C 1999,2000,2001,2004,2005,2006,2007
--./bin/named/lwaddr.c C 2000,2001,2004,2005,2007,2008
--./bin/named/lwdclient.c C 2000,2001,2004,2005,2007
--./bin/named/lwderror.c C 2000,2001,2004,2005,2007
--./bin/named/lwdgabn.c C 2000,2001,2004,2005,2006,2007,2009
--./bin/named/lwdgnba.c C 2000,2001,2002,2004,2005,2007,2008
--./bin/named/lwdgrbn.c C 2000,2001,2003,2004,2005,2006,2007,2009
--./bin/named/lwdnoop.c C 2000,2001,2004,2005,2007,2008
--./bin/named/lwresd.8 MAN DOCBOOK
--./bin/named/lwresd.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/named/lwresd.docbook SGML 2000,2001,2004,2005,2007,2008,2009
--./bin/named/lwresd.html HTML DOCBOOK
--./bin/named/lwsearch.c C 2000,2001,2004,2005,2007
--./bin/named/main.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/named/named.8 MAN DOCBOOK
--./bin/named/named.conf.5 MAN DOCBOOK
--./bin/named/named.conf.docbook SGML 2004,2005,2006,2007,2008
--./bin/named/named.conf.html HTML DOCBOOK
--./bin/named/named.docbook SGML 2000,2001,2003,2004,2005,2006,2007,2008,2009
--./bin/named/named.html HTML DOCBOOK
--./bin/named/notify.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007
--./bin/named/query.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/named/server.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/named/sortlist.c C 2000,2001,2004,2005,2006,2007
--./bin/named/statschannel.c C 2008,2009
--./bin/named/tkeyconf.c C 1999,2000,2001,2004,2005,2006,2007,2009
--./bin/named/tsigconf.c C 1999,2000,2001,2004,2005,2006,2007,2009
--./bin/named/unix/.cvsignore X 1999,2000,2001
--./bin/named/unix/Makefile.in MAKE 1999,2000,2001,2004,2007,2009
--./bin/named/unix/include/named/os.h C 1999,2000,2001,2002,2004,2005,2007,2008,2009
--./bin/named/unix/os.c C 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./bin/named/update.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/named/win32/include/named/ntservice.h C 1999,2000,2001,2002,2003,2004,2007
--./bin/named/win32/include/named/os.h C 1999,2000,2001,2002,2004,2007,2008,2009
--./bin/named/win32/named.dsp X 2001,2004,2005,2008,2009
--./bin/named/win32/named.dsw X 2001
--./bin/named/win32/named.mak X 2001,2002,2004,2005,2006,2008,2009
--./bin/named/win32/ntservice.c C 1999,2000,2001,2002,2004,2006,2007,2009
--./bin/named/win32/os.c C 1999,2000,2001,2002,2004,2005,2007,2008,2009
--./bin/named/xfrout.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/named/zoneconf.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/nsupdate/.cvsignore X 2000,2001
--./bin/nsupdate/Makefile.in MAKE 2000,2001,2002,2004,2006,2007,2008,2009
--./bin/nsupdate/nsupdate.1 MAN DOCBOOK
--./bin/nsupdate/nsupdate.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/nsupdate/nsupdate.docbook SGML 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/nsupdate/nsupdate.html HTML DOCBOOK
--./bin/nsupdate/win32/nsupdate.dsp X 2001,2004,2005,2009
--./bin/nsupdate/win32/nsupdate.dsw X 2001
--./bin/nsupdate/win32/nsupdate.mak X 2001,2002,2004,2005,2006,2009
--./bin/pkcs11/.cvsignore X 2009
--./bin/pkcs11/pkcs11-destroy.c X 2009
--./bin/pkcs11/pkcs11-keygen.c X 2009
--./bin/pkcs11/pkcs11-list.c X 2009
--./bin/rndc/.cvsignore X 2000,2001
--./bin/rndc/Makefile.in MAKE 2000,2001,2002,2004,2007,2009
--./bin/rndc/include/rndc/os.h C 2001,2004,2005,2007,2009
--./bin/rndc/rndc.8 MAN DOCBOOK
--./bin/rndc/rndc.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/rndc/rndc.conf CONF-C 2000,2001,2004,2007
--./bin/rndc/rndc.conf.5 MAN DOCBOOK
--./bin/rndc/rndc.conf.docbook SGML 2000,2001,2004,2005,2007
--./bin/rndc/rndc.conf.html HTML DOCBOOK
--./bin/rndc/rndc.docbook SGML 2000,2001,2004,2005,2007
--./bin/rndc/rndc.html HTML DOCBOOK
--./bin/rndc/util.c C 2000,2001,2004,2005,2007
--./bin/rndc/util.h C 2000,2001,2004,2005,2007
--./bin/rndc/win32/rndc.dsp X 2001,2004,2005,2006,2009
--./bin/rndc/win32/rndc.dsw X 2001
--./bin/rndc/win32/rndc.mak X 2001,2002,2004,2005,2006,2009
--./bin/rndc/win32/rndcutil.dsp X 2006
--./bin/rndc/win32/rndcutil.dsw X 2006
--./bin/tests/.cvsignore X 1998,1999,2000,2001
--./bin/tests/Kchild.example.+003+04017.key X 2000,2001
--./bin/tests/Kchild.example.+003+04017.private X 2000,2001
--./bin/tests/Makefile.in MAKE 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/tests/adb_test.c C 1999,2000,2001,2004,2005,2007,2009
--./bin/tests/b8t.mk MAKE 1999,2000,2001,2004,2007
--./bin/tests/b9t.mk MAKE 1999,2000,2001,2004,2007
--./bin/tests/backtrace_test.c C 2009
--./bin/tests/byaddr_test.c C 2000,2001,2002,2004,2005,2007
--./bin/tests/byname_test.c C 2000,2001,2004,2005,2007,2009
--./bin/tests/cfg_test.c C 2001,2002,2004,2005,2007,2009
--./bin/tests/compress_test.c C 1999,2000,2001,2004,2005,2006,2007
--./bin/tests/db/.cvsignore X 1999,2000,2001
--./bin/tests/db/Makefile.in MAKE 1999,2000,2001,2002,2004,2007,2009
--./bin/tests/db/dns_db_class_1.data X 1999,2000,2001
--./bin/tests/db/dns_db_class_data X 1999,2000,2001
--./bin/tests/db/dns_db_closeversion_1.data X 1999,2000,2001
--./bin/tests/db/dns_db_closeversion_1_data X 1999,2000,2001
--./bin/tests/db/dns_db_closeversion_2.data X 1999,2000,2001
--./bin/tests/db/dns_db_closeversion_2_data X 1999,2000,2001
--./bin/tests/db/dns_db_currentversion.data X 1999,2000,2001
--./bin/tests/db/dns_db_currentversion_data X 1999,2000,2001
--./bin/tests/db/dns_db_expirenode.data X 1999,2000,2001
--./bin/tests/db/dns_db_expirenode_data X 1999,2000,2001
--./bin/tests/db/dns_db_find_1.data X 1999,2000,2001
--./bin/tests/db/dns_db_find_10.data X 1999,2000,2001
--./bin/tests/db/dns_db_find_10_data X 1999,2000,2001
--./bin/tests/db/dns_db_find_1_data X 1999,2000,2001
--./bin/tests/db/dns_db_find_2.data X 1999,2000,2001
--./bin/tests/db/dns_db_find_2_data X 1999,2000,2001
--./bin/tests/db/dns_db_find_3.data X 1999,2000,2001
--./bin/tests/db/dns_db_find_3_data X 1999,2000,2001
--./bin/tests/db/dns_db_find_4.data X 1999,2000,2001
--./bin/tests/db/dns_db_find_4_data X 1999,2000,2001
--./bin/tests/db/dns_db_find_5.data X 1999,2000,2001
--./bin/tests/db/dns_db_find_5_data X 1999,2000,2001
--./bin/tests/db/dns_db_find_6.data X 1999,2000,2001
--./bin/tests/db/dns_db_find_6_data X 1999,2000,2001
--./bin/tests/db/dns_db_find_7.data X 1999,2000,2001
--./bin/tests/db/dns_db_find_7_data X 1999,2000,2001
--./bin/tests/db/dns_db_find_8.data X 1999,2000,2001
--./bin/tests/db/dns_db_find_8_data X 1999,2000,2001
--./bin/tests/db/dns_db_find_9.data X 1999,2000,2001
--./bin/tests/db/dns_db_find_9_data X 1999,2000,2001
--./bin/tests/db/dns_db_findnode_1.data X 1999,2000,2001
--./bin/tests/db/dns_db_findnode_1_data X 1999,2000,2001
--./bin/tests/db/dns_db_findnode_2.data X 1999,2000,2001
--./bin/tests/db/dns_db_findnode_2_data X 1999,2000,2001
--./bin/tests/db/dns_db_iscache_1.data X 1999,2000,2001
--./bin/tests/db/dns_db_iscache_1_data X 1999,2000,2001
--./bin/tests/db/dns_db_iscache_2.data X 1999,2000,2001
--./bin/tests/db/dns_db_iscache_2_data X 1999,2000,2001
--./bin/tests/db/dns_db_iszone_1.data X 1999,2000,2001
--./bin/tests/db/dns_db_iszone_1_data X 1999,2000,2001
--./bin/tests/db/dns_db_iszone_2.data X 1999,2000,2001
--./bin/tests/db/dns_db_iszone_2_data X 1999,2000,2001
--./bin/tests/db/dns_db_load_1.data X 1999,2000,2001
--./bin/tests/db/dns_db_load_25.data X 2000,2001
--./bin/tests/db/dns_db_load_data X 1999,2000,2001
--./bin/tests/db/dns_db_load_soa_not_top X 2000,2001
--./bin/tests/db/dns_db_newversion.data X 1999,2000,2001
--./bin/tests/db/dns_db_newversion_data X 1999,2000,2001
--./bin/tests/db/dns_db_origin_1.data X 1999,2000,2001
--./bin/tests/db/dns_db_origin_data X 1999,2000,2001
--./bin/tests/db/t_db.c C 1999,2000,2001,2004,2005,2007,2009
--./bin/tests/db_test.c C 1999,2000,2001,2004,2005,2007,2008,2009
--./bin/tests/dnssec-signzone/Kexample.com.+005+07065.key X 2009
--./bin/tests/dnssec-signzone/Kexample.com.+005+07065.private X 2009
--./bin/tests/dnssec-signzone/Kexample.com.+005+23362.key X 2009
--./bin/tests/dnssec-signzone/Kexample.com.+005+23362.private X 2009
--./bin/tests/dnssec-signzone/bogus-ksk.key X 2009
--./bin/tests/dnssec-signzone/bogus-zsk.key X 2009
--./bin/tests/dnssec-signzone/run-test.sh SH 2009
--./bin/tests/dnssec-signzone/test1.zone X 2009
--./bin/tests/dnssec-signzone/test2.zone X 2009
--./bin/tests/dnssec-signzone/test3.zone X 2009
--./bin/tests/dnssec-signzone/test4.zone X 2009
--./bin/tests/dnssec-signzone/test5.zone X 2009
--./bin/tests/dnssec-signzone/test6.zone X 2009
--./bin/tests/dnssec-signzone/test7.zone X 2009
--./bin/tests/dnssec-signzone/test8.zone X 2009
--./bin/tests/dst/.cvsignore X 1999,2000,2001,2006
--./bin/tests/dst/Kdh.+002+18602.key X 2001
--./bin/tests/dst/Kdh.+002+18602.private X 2001
--./bin/tests/dst/Kdh.+002+48957.key X 2001
--./bin/tests/dst/Kdh.+002+48957.private X 2001
--./bin/tests/dst/Ktest.+001+00002.key X 2001,2004
--./bin/tests/dst/Ktest.+001+54622.key X 1999,2000,2001,2004
--./bin/tests/dst/Ktest.+001+54622.private X 1999,2000,2001
--./bin/tests/dst/Ktest.+003+23616.key X 2001,2004
--./bin/tests/dst/Ktest.+003+23616.private X 2001
--./bin/tests/dst/Ktest.+003+49667.key X 2001,2004
--./bin/tests/dst/Makefile.in MAKE 1999,2000,2001,2002,2004,2006,2007,2008,2009
--./bin/tests/dst/dst_2_data X 1999,2000,2001
--./bin/tests/dst/dst_test.c C 1999,2000,2001,2004,2005,2007,2009
--./bin/tests/dst/gsstest.c C 2006,2007,2009
--./bin/tests/dst/t2_data_1 X 1999,2000,2001
--./bin/tests/dst/t2_data_2 X 1999,2000,2001
--./bin/tests/dst/t2_dsasig X 1999,2000,2001
--./bin/tests/dst/t2_rsasig X 1999,2000,2001
--./bin/tests/dst/t_dst.c C 1999,2000,2001,2004,2005,2007,2008,2009
--./bin/tests/entropy2_test.c C 2000,2001,2004,2005,2007
--./bin/tests/entropy_test.c C 2000,2001,2004,2005,2007
--./bin/tests/fsaccess_test.c C 2000,2001,2004,2005,2007
--./bin/tests/gxba_test.c C 2000,2001,2004,2005,2007
--./bin/tests/gxbn_test.c C 2000,2001,2004,2005,2007
--./bin/tests/hash_test.c C 2000,2001,2004,2005,2006,2007
--./bin/tests/headerdep_test.sh.in SH 2000,2001,2004,2007
--./bin/tests/inter_test.c C 2000,2001,2003,2004,2005,2007,2008
--./bin/tests/keyboard_test.c C 2000,2001,2004,2005,2007
--./bin/tests/lex_test.c C 1998,1999,2000,2001,2004,2005,2007
--./bin/tests/lfsr_test.c C 1999,2000,2001,2004,2005,2007
--./bin/tests/log_test.c C 1999,2000,2001,2004,2007
--./bin/tests/lwres_test.c C 2000,2001,2004,2005,2007
--./bin/tests/lwresconf_test.c C 2000,2001,2004,2007
--./bin/tests/master/.cvsignore X 1999,2000,2001
--./bin/tests/master/Makefile.in MAKE 1999,2000,2001,2002,2004,2007,2009
--./bin/tests/master/dns_master_load_10_data X 2000,2001
--./bin/tests/master/dns_master_load_11_data X 2000,2001
--./bin/tests/master/dns_master_load_1_data X 1999,2000,2001
--./bin/tests/master/dns_master_load_2_data X 1999,2000,2001
--./bin/tests/master/dns_master_load_3_data X 1999,2000,2001
--./bin/tests/master/dns_master_load_4_data X 1999,2000,2001
--./bin/tests/master/dns_master_load_5_data X 1999,2000,2001
--./bin/tests/master/dns_master_load_6_data X 1999,2000,2001
--./bin/tests/master/dns_master_load_7_data X 1999,2000,2001
--./bin/tests/master/dns_master_load_8_data X 2000,2001
--./bin/tests/master/dns_master_load_9_data X 2000,2001
--./bin/tests/master/master1.data X 1999,2000,2001
--./bin/tests/master/master10.data X 2000,2001
--./bin/tests/master/master11.data X 2000,2001
--./bin/tests/master/master2.data X 1999,2000,2001
--./bin/tests/master/master3.data X 1999,2000,2001
--./bin/tests/master/master4.data X 1999,2000,2001
--./bin/tests/master/master5.data X 1999,2000,2001
--./bin/tests/master/master6.data X 1999,2000,2001,2003
--./bin/tests/master/master7.data X 1999,2000,2001,2003
--./bin/tests/master/master8.data X 2000,2001
--./bin/tests/master/master9.data X 2000,2001
--./bin/tests/master/t_master.c C 1998,1999,2000,2001,2003,2004,2005,2007,2009
--./bin/tests/master_test.c C 1999,2000,2001,2004,2007,2009
--./bin/tests/mem/.cvsignore X 1999,2000,2001
--./bin/tests/mem/Makefile.in MAKE 1998,1999,2000,2001,2002,2004,2005,2007,2009
--./bin/tests/mem/t_mem.c C 1999,2000,2001,2004,2007,2009
--./bin/tests/mempool_test.c C 1999,2000,2001,2004,2007
--./bin/tests/name_test.c C 1998,1999,2000,2001,2003,2004,2005,2007,2009
--./bin/tests/named.conf CONF-C 1999,2000,2001,2004,2007
--./bin/tests/names/.cvsignore X 1999,2000,2001
--./bin/tests/names/Makefile.in MAKE 1999,2000,2001,2002,2004,2007,2009
--./bin/tests/names/dns_name_compare_data X 1999,2000,2001
--./bin/tests/names/dns_name_countlabels_data X 1999,2000,2001,2003
--./bin/tests/names/dns_name_fromregion_data X 1999,2000,2001,2003
--./bin/tests/names/dns_name_fromtext_data X 1999,2000,2001
--./bin/tests/names/dns_name_fromwire_1_data X 1999,2000,2001
--./bin/tests/names/dns_name_fromwire_2_data X 1999,2000,2001
--./bin/tests/names/dns_name_fromwire_3_data X 1999,2000,2001
--./bin/tests/names/dns_name_fromwire_4_data X 1999,2000,2001
--./bin/tests/names/dns_name_fromwire_5_data X 1999,2000,2001
--./bin/tests/names/dns_name_fromwire_6_data X 1999,2000,2001
--./bin/tests/names/dns_name_fromwire_7_data X 1999,2000,2001
--./bin/tests/names/dns_name_fromwire_8_data X 1999,2000,2001,2006
--./bin/tests/names/dns_name_fullcompare_data X 1999,2000,2001
--./bin/tests/names/dns_name_getlabel_data X 1999,2000,2001
--./bin/tests/names/dns_name_getlabelsequence_data X 1999,2000,2001
--./bin/tests/names/dns_name_hash_data X 1999,2000,2001,2003
--./bin/tests/names/dns_name_isabsolute_data X 1999,2000,2001,2003
--./bin/tests/names/dns_name_issubdomain_data X 1999,2000,2001
--./bin/tests/names/dns_name_rdatacompare_data X 1999,2000,2001
--./bin/tests/names/dns_name_toregion_data X 1999,2000,2001,2003
--./bin/tests/names/dns_name_totext_data X 1999,2000,2001
--./bin/tests/names/dns_name_towire_1_data X 1999,2000,2001
--./bin/tests/names/dns_name_towire_2_data X 1999,2000,2001
--./bin/tests/names/t_names.c C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/tests/names/wire_test1.data X 1999,2000,2001
--./bin/tests/names/wire_test2.data X 1999,2000,2001
--./bin/tests/names/wire_test3_1.data X 1999,2000,2001
--./bin/tests/names/wire_test3_2.data X 1999,2000,2001
--./bin/tests/names/wire_test4.data X 1999,2000,2001
--./bin/tests/names/wire_test5.data X 1999,2000,2001
--./bin/tests/names/wire_test6.data X 1999,2000,2001
--./bin/tests/names/wire_test7.data X 1999,2000,2001
--./bin/tests/names/wire_test8.data X 1999,2000,2001
--./bin/tests/ndc.conf CONF-C 2000,2001,2004,2007
--./bin/tests/ndc.conf-include CONF-C 2001,2004,2007
--./bin/tests/net/.cvsignore X 2000,2001
--./bin/tests/net/Makefile.in MAKE 2000,2001,2002,2004,2007,2009
--./bin/tests/net/driver.c C 2000,2001,2004,2007
--./bin/tests/net/driver.h C 2000,2001,2004,2007
--./bin/tests/net/netaddr_multicast.c C 2000,2001,2004,2007
--./bin/tests/net/sockaddr_multicast.c C 2000,2001,2004,2007
--./bin/tests/net/testsuite.h C 2000,2001,2004,2007
--./bin/tests/nsecify.c C 1999,2000,2001,2003,2004,2007,2008,2009
--./bin/tests/printmsg.c C 1998,1999,2000,2001,2004,2007
--./bin/tests/printmsg.h C 1998,1999,2000,2001,2004,2007
--./bin/tests/ratelimiter_test.c C 1999,2000,2001,2004,2007
--./bin/tests/rbt/.cvsignore X 1999,2000,2001
--./bin/tests/rbt/Makefile.in MAKE 1999,2000,2001,2002,2004,2007,2009
--./bin/tests/rbt/dns_rbt.data X 1999,2000,2001
--./bin/tests/rbt/dns_rbt_addname_1_data X 1999,2000,2001,2003
--./bin/tests/rbt/dns_rbt_addname_2_data X 1999,2000,2001
--./bin/tests/rbt/dns_rbt_bitstring.data X 1999,2000,2001,2003
--./bin/tests/rbt/dns_rbt_create_1_data X 1999,2000,2001
--./bin/tests/rbt/dns_rbt_deletename_1_data X 1999,2000,2001,2003
--./bin/tests/rbt/dns_rbt_deletename_2_data X 1999,2000,2001,2003
--./bin/tests/rbt/dns_rbt_findname_1_data X 1999,2000,2001,2003
--./bin/tests/rbt/dns_rbt_findname_2_data X 1999,2000,2001,2003
--./bin/tests/rbt/dns_rbt_findname_3_data X 1999,2000,2001,2003
--./bin/tests/rbt/dns_rbtnodechain_first_1.data X 1999,2000,2001
--./bin/tests/rbt/dns_rbtnodechain_first_2.data X 1999,2000,2001
--./bin/tests/rbt/dns_rbtnodechain_first_data X 1999,2000,2001
--./bin/tests/rbt/dns_rbtnodechain_init.data X 1999,2000,2001
--./bin/tests/rbt/dns_rbtnodechain_init_data X 1999,2000,2001
--./bin/tests/rbt/dns_rbtnodechain_last_1.data X 1999,2000,2001
--./bin/tests/rbt/dns_rbtnodechain_last_2.data X 1999,2000,2001
--./bin/tests/rbt/dns_rbtnodechain_last_data X 1999,2000,2001
--./bin/tests/rbt/dns_rbtnodechain_next.data X 1999,2000,2001
--./bin/tests/rbt/dns_rbtnodechain_next_data X 1999,2000,2001
--./bin/tests/rbt/dns_rbtnodechain_prev.data X 1999,2000,2001
--./bin/tests/rbt/dns_rbtnodechain_prev_data X 1999,2000,2001
--./bin/tests/rbt/t_rbt.c C 1998,1999,2000,2001,2003,2004,2005,2007,2009
--./bin/tests/rbt_test.c C 1999,2000,2001,2004,2005,2007,2009
--./bin/tests/rbt_test.out X 1999,2000,2001
--./bin/tests/rbt_test.txt SH 1999,2000,2001,2004,2007
--./bin/tests/rdata_test.c C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007
--./bin/tests/resolv.conf.sample CONF-SH 2000,2001,2004,2007
--./bin/tests/rwlock_test.c C 1998,1999,2000,2001,2004,2005,2007
--./bin/tests/serial_test.c C 1999,2000,2001,2003,2004,2007
--./bin/tests/shutdown_test.c C 1998,1999,2000,2001,2004,2007
--./bin/tests/sig0_test.c C 2000,2001,2004,2005,2007,2008,2009
--./bin/tests/sock_test.c C 1998,1999,2000,2001,2004,2007,2008
--./bin/tests/sockaddr/.cvsignore X 1999,2000,2001
--./bin/tests/sockaddr/Makefile.in MAKE 1999,2000,2001,2002,2004,2007,2009
--./bin/tests/sockaddr/t_sockaddr.c C 1999,2000,2001,2004,2007
--./bin/tests/sym_test.c C 1998,1999,2000,2001,2004,2005,2007
--./bin/tests/system/.cvsignore X 2000,2001
--./bin/tests/system/Makefile.in MAKE 2000,2001,2004,2007,2008
--./bin/tests/system/README TXT.BRIEF 2000,2001,2004
--./bin/tests/system/acl/clean.sh SH 2008
--./bin/tests/system/acl/ns2/named1.conf CONF-C 2008
--./bin/tests/system/acl/ns2/named2.conf CONF-C 2008
--./bin/tests/system/acl/ns2/named3.conf CONF-C 2008
--./bin/tests/system/acl/ns2/named4.conf CONF-C 2008
--./bin/tests/system/acl/setup.sh SH 2008
--./bin/tests/system/acl/tests.sh SH 2008
--./bin/tests/system/cacheclean/clean.sh SH 2001,2004,2007
--./bin/tests/system/cacheclean/dig.batch X 2001
--./bin/tests/system/cacheclean/knowngood.dig.out X 2001
--./bin/tests/system/cacheclean/ns1/.cvsignore X 2001
--./bin/tests/system/cacheclean/ns1/example.db ZONE 2001,2004,2007
--./bin/tests/system/cacheclean/ns1/named.conf CONF-C 2001,2004,2005,2007
--./bin/tests/system/cacheclean/ns2/.cvsignore X 2001
--./bin/tests/system/cacheclean/ns2/named.conf CONF-C 2001,2004,2005,2007
--./bin/tests/system/cacheclean/tests.sh SH 2001,2004,2007
--./bin/tests/system/checkconf/bad.conf CONF-C 2005,2007
--./bin/tests/system/checkconf/good.conf CONF-C 2005,2007
--./bin/tests/system/checkconf/tests.sh SH 2005,2007
--./bin/tests/system/checknames/clean.sh SH 2004,2007
--./bin/tests/system/checknames/ns1/fail.example.db.in ZONE 2004,2007
--./bin/tests/system/checknames/ns1/fail.update.db.in ZONE 2004,2007
--./bin/tests/system/checknames/ns1/ignore.example.db.in ZONE 2004,2007
--./bin/tests/system/checknames/ns1/ignore.update.db.in ZONE 2004,2007
--./bin/tests/system/checknames/ns1/named.conf CONF-C 2004,2005,2007
--./bin/tests/system/checknames/ns1/root.db ZONE 2004,2007
--./bin/tests/system/checknames/ns1/warn.example.db.in ZONE 2004,2007
--./bin/tests/system/checknames/ns1/warn.update.db.in ZONE 2004,2007
--./bin/tests/system/checknames/ns2/named.conf CONF-C 2004,2007
--./bin/tests/system/checknames/ns2/root.hints ZONE 2004,2007
--./bin/tests/system/checknames/ns3/named.conf CONF-C 2004,2007
--./bin/tests/system/checknames/ns3/root.hints ZONE 2004,2007
--./bin/tests/system/checknames/setup.sh SH 2004,2007
--./bin/tests/system/checknames/tests.sh SH 2004,2007
--./bin/tests/system/cleanall.sh SH 2000,2001,2004,2007
--./bin/tests/system/common/controls.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/common/rndc.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/common/root.hint ZONE 2000,2001,2004,2007
--./bin/tests/system/conf.sh.in SH 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./bin/tests/system/dialup/ns1/.cvsignore X 2000,2001
--./bin/tests/system/dialup/ns1/example.db ZONE 2000,2001,2004,2007
--./bin/tests/system/dialup/ns1/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/dialup/ns1/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/dialup/ns2/.cvsignore X 2000,2001
--./bin/tests/system/dialup/ns2/hint.db ZONE 2000,2001,2004,2007
--./bin/tests/system/dialup/ns2/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/dialup/ns3/.cvsignore X 2000,2001
--./bin/tests/system/dialup/ns3/hint.db ZONE 2000,2001,2004,2007
--./bin/tests/system/dialup/ns3/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/dialup/setup.sh SH 2000,2001,2004,2007
--./bin/tests/system/dialup/tests.sh SH 2000,2001,2004,2007
--./bin/tests/system/digcomp.pl PERL 2000,2001,2004,2007
--./bin/tests/system/dlv/clean.sh SH 2004,2007
--./bin/tests/system/dlv/ns1/named.conf CONF-C 2004,2007
--./bin/tests/system/dlv/ns1/root.db ZONE 2004,2007
--./bin/tests/system/dlv/ns1/rootservers.utld.db ZONE 2004,2007
--./bin/tests/system/dlv/ns2/hints ZONE 2004,2007
--./bin/tests/system/dlv/ns2/named.conf CONF-C 2004,2007
--./bin/tests/system/dlv/ns2/utld.db ZONE 2004,2007
--./bin/tests/system/dlv/ns3/child.db.in ZONE 2004,2007
--./bin/tests/system/dlv/ns3/dlv.db.in ZONE 2004,2007
--./bin/tests/system/dlv/ns3/hints ZONE 2004,2007
--./bin/tests/system/dlv/ns3/named.conf CONF-C 2004,2007
--./bin/tests/system/dlv/ns3/sign.sh SH 2004,2007
--./bin/tests/system/dlv/ns4/child.db ZONE 2004,2007
--./bin/tests/system/dlv/ns4/hints ZONE 2004,2007
--./bin/tests/system/dlv/ns4/named.conf CONF-C 2004,2007
--./bin/tests/system/dlv/ns5/hints ZONE 2004,2007
--./bin/tests/system/dlv/ns5/named.conf CONF-C 2004,2006,2007
--./bin/tests/system/dlv/ns5/rndc.conf CONF-C 2004,2007
--./bin/tests/system/dlv/setup.sh SH 2004,2007,2009
--./bin/tests/system/dlv/tests.sh SH 2004,2007
--./bin/tests/system/dnssec/README TXT.BRIEF 2000,2001,2002,2004
--./bin/tests/system/dnssec/clean.sh SH 2000,2001,2002,2004,2007,2008
--./bin/tests/system/dnssec/dnssec_update_test.pl PERL 2002,2004,2007
--./bin/tests/system/dnssec/ns1/.cvsignore X 2000,2001
--./bin/tests/system/dnssec/ns1/named.conf CONF-C 2000,2001,2004,2006,2007
--./bin/tests/system/dnssec/ns1/root.db.in ZONE 2000,2001,2004,2007
--./bin/tests/system/dnssec/ns1/sign.sh SH 2000,2001,2002,2003,2004,2006,2007,2008,2009
--./bin/tests/system/dnssec/ns2/.cvsignore X 2000,2001
--./bin/tests/system/dnssec/ns2/child.nsec3.example.db ZONE 2006,2008
--./bin/tests/system/dnssec/ns2/child.optout.example.db ZONE 2006,2008
--./bin/tests/system/dnssec/ns2/dlv.db.in ZONE 2004,2007
--./bin/tests/system/dnssec/ns2/dst.example.db.in ZONE 2004,2007
--./bin/tests/system/dnssec/ns2/example.db.in ZONE 2000,2001,2002,2004,2007,2008
--./bin/tests/system/dnssec/ns2/insecure.secure.example.db ZONE 2000,2001,2004,2007
--./bin/tests/system/dnssec/ns2/named.conf CONF-C 2000,2001,2002,2004,2006,2007,2008
--./bin/tests/system/dnssec/ns2/private.secure.example.db.in ZONE 2000,2001,2004,2007
--./bin/tests/system/dnssec/ns2/rfc2335.example.db X 2004
--./bin/tests/system/dnssec/ns2/sign.sh SH 2000,2001,2002,2003,2004,2006,2007,2008,2009
--./bin/tests/system/dnssec/ns3/.cvsignore X 2000,2001
--./bin/tests/system/dnssec/ns3/bogus.example.db.in ZONE 2000,2001,2004,2007
--./bin/tests/system/dnssec/ns3/dynamic.example.db.in ZONE 2002,2004,2007
--./bin/tests/system/dnssec/ns3/insecure.example.db ZONE 2000,2001,2004,2007
--./bin/tests/system/dnssec/ns3/insecure.nsec3.example.db ZONE 2008
--./bin/tests/system/dnssec/ns3/insecure.optout.example.db ZONE 2008
--./bin/tests/system/dnssec/ns3/keyless.example.db.in ZONE 2001,2002,2004,2007
--./bin/tests/system/dnssec/ns3/multiple.example.db.in ZONE 2006,2008
--./bin/tests/system/dnssec/ns3/named.conf CONF-C 2000,2001,2002,2004,2006,2007,2008
--./bin/tests/system/dnssec/ns3/nsec3-unknown.example.db.in ZONE 2006,2008
--./bin/tests/system/dnssec/ns3/nsec3.example.db.in ZONE 2006,2008
--./bin/tests/system/dnssec/ns3/nsec3.nsec3.example.db.in ZONE 2008
--./bin/tests/system/dnssec/ns3/nsec3.optout.example.db.in ZONE 2008
--./bin/tests/system/dnssec/ns3/optout-unknown.example.db.in ZONE 2006,2008
--./bin/tests/system/dnssec/ns3/optout.example.db.in ZONE 2006,2008
--./bin/tests/system/dnssec/ns3/optout.nsec3.example.db.in ZONE 2008
--./bin/tests/system/dnssec/ns3/optout.optout.example.db.in ZONE 2008
--./bin/tests/system/dnssec/ns3/secure.example.db.in ZONE 2000,2001,2004,2007,2008
--./bin/tests/system/dnssec/ns3/secure.nsec3.example.db.in ZONE 2008
--./bin/tests/system/dnssec/ns3/secure.optout.example.db.in ZONE 2008
--./bin/tests/system/dnssec/ns3/sign.sh SH 2000,2001,2002,2004,2006,2007,2008,2009
--./bin/tests/system/dnssec/ns4/.cvsignore X 2000,2001
--./bin/tests/system/dnssec/ns4/named.conf CONF-C 2000,2001,2004,2006,2007
--./bin/tests/system/dnssec/ns5/.cvsignore X 2000,2001
--./bin/tests/system/dnssec/ns5/named.conf CONF-C 2000,2001,2004,2006,2007
--./bin/tests/system/dnssec/ns5/trusted.conf.bad CONF-C 2000,2001,2004,2007
--./bin/tests/system/dnssec/ns6/named.conf CONF-C 2004,2006,2007
--./bin/tests/system/dnssec/ns7/named.conf CONF-C 2006,2008
--./bin/tests/system/dnssec/prereq.sh SH 2000,2001,2002,2004,2006,2007,2009
--./bin/tests/system/dnssec/setup.sh SH 2000,2001,2004,2007,2009
--./bin/tests/system/dnssec/tests.sh SH 2000,2001,2002,2004,2005,2006,2007,2008
--./bin/tests/system/forward/clean.sh SH 2000,2001,2004,2007
--./bin/tests/system/forward/ns1/.cvsignore X 2000,2001
--./bin/tests/system/forward/ns1/example.db X 2000,2001
--./bin/tests/system/forward/ns1/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/forward/ns1/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/forward/ns2/.cvsignore X 2000,2001
--./bin/tests/system/forward/ns2/example.db X 2000,2001
--./bin/tests/system/forward/ns2/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/forward/ns2/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/forward/ns3/.cvsignore X 2000,2001
--./bin/tests/system/forward/ns3/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/forward/ns3/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/forward/ns4/.cvsignore X 2000,2001
--./bin/tests/system/forward/ns4/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/forward/ns4/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/forward/tests.sh SH 2000,2001,2004,2007
--./bin/tests/system/genzone.sh SH 2001,2002,2003,2004,2007,2009
--./bin/tests/system/glue/clean.sh SH 2000,2001,2004,2007
--./bin/tests/system/glue/fi.good X 2000,2001
--./bin/tests/system/glue/noglue.good X 2000,2001
--./bin/tests/system/glue/ns1/.cvsignore X 2000,2001
--./bin/tests/system/glue/ns1/cache.in ZONE 2000,2001,2004,2007
--./bin/tests/system/glue/ns1/mil.db ZONE 2000,2001,2004,2007
--./bin/tests/system/glue/ns1/named.conf CONF-C 2000,2001,2004,2005,2007,2009
--./bin/tests/system/glue/ns1/net.db ZONE 2000,2001,2004,2007
--./bin/tests/system/glue/ns1/root-servers.nil.db ZONE 2000,2001,2004,2007
--./bin/tests/system/glue/ns1/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/glue/setup.sh SH 2001,2004,2007
--./bin/tests/system/glue/tests.sh SH 2000,2001,2003,2004,2007
--./bin/tests/system/glue/xx.good X 2000,2001
--./bin/tests/system/glue/yy.good X 2000,2001,2003
--./bin/tests/system/ifconfig.sh SH 2000,2001,2002,2003,2004,2007,2008,2009
--./bin/tests/system/ixfr/ans2/.cvsignore X 2001
--./bin/tests/system/ixfr/ans2/ans.pl PERL 2001,2004,2007
--./bin/tests/system/ixfr/clean.sh SH 2001,2004,2007
--./bin/tests/system/ixfr/ns1/.cvsignore X 2001
--./bin/tests/system/ixfr/prereq.sh SH 2001,2004,2007
--./bin/tests/system/ixfr/setup.sh SH 2001,2004,2007
--./bin/tests/system/ixfr/tests.sh SH 2001,2004,2007
--./bin/tests/system/limits/clean.sh SH 2000,2001,2004,2007
--./bin/tests/system/limits/knowngood.dig.out.1000 X 2000,2001
--./bin/tests/system/limits/knowngood.dig.out.2000 X 2000,2001
--./bin/tests/system/limits/knowngood.dig.out.3000 X 2000,2001
--./bin/tests/system/limits/knowngood.dig.out.4000 X 2000,2001
--./bin/tests/system/limits/knowngood.dig.out.a-maximum-rrset X 2000,2001
--./bin/tests/system/limits/ns1/.cvsignore X 2000,2001
--./bin/tests/system/limits/ns1/example.db ZONE 2000,2001,2004,2007
--./bin/tests/system/limits/ns1/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/limits/ns1/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/limits/tests.sh SH 2000,2001,2004,2007
--./bin/tests/system/lwresd/.cvsignore X 2000,2001
--./bin/tests/system/lwresd/Makefile.in MAKE 2000,2001,2002,2004,2007,2009
--./bin/tests/system/lwresd/clean.sh SH 2008
--./bin/tests/system/lwresd/lwresd1/.cvsignore X 2000,2001
--./bin/tests/system/lwresd/lwresd1/lwresd.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/lwresd/lwresd1/resolv.conf CONF-SH 2000,2001,2004,2007
--./bin/tests/system/lwresd/lwtest.c C 2000,2001,2002,2004,2007,2008
--./bin/tests/system/lwresd/ns1/.cvsignore X 2000,2001
--./bin/tests/system/lwresd/ns1/10.10.10.in-addr.arpa.db ZONE 2000,2001,2004,2007
--./bin/tests/system/lwresd/ns1/e.example1.db X 2008
--./bin/tests/system/lwresd/ns1/example1.db ZONE 2000,2001,2002,2003,2004,2007,2008
--./bin/tests/system/lwresd/ns1/example2.db ZONE 2000,2001,2002,2004,2007
--./bin/tests/system/lwresd/ns1/ip6.arpa.db ZONE 2000,2001,2002,2004,2007
--./bin/tests/system/lwresd/ns1/ip6.int.db ZONE 2000,2001,2002,2004,2007
--./bin/tests/system/lwresd/ns1/named.conf CONF-C 2000,2001,2004,2006,2007,2008
--./bin/tests/system/lwresd/ns1/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/lwresd/resolv.conf CONF-SH 2000,2001,2004,2007
--./bin/tests/system/lwresd/tests.sh SH 2000,2001,2004,2007
--./bin/tests/system/masterfile/.cvsignore X 2001
--./bin/tests/system/masterfile/clean.sh SH 2001,2004,2007
--./bin/tests/system/masterfile/knowngood.dig.out X 2001,2004
--./bin/tests/system/masterfile/ns1/.cvsignore X 2001
--./bin/tests/system/masterfile/ns1/include.db ZONE 2001,2004,2007
--./bin/tests/system/masterfile/ns1/named.conf CONF-C 2001,2004,2007
--./bin/tests/system/masterfile/ns1/sub.db ZONE 2001,2004,2007
--./bin/tests/system/masterfile/ns1/ttl1.db ZONE 2001,2004,2007
--./bin/tests/system/masterfile/ns1/ttl2.db ZONE 2001,2004,2007
--./bin/tests/system/masterfile/tests.sh SH 2001,2004,2007
--./bin/tests/system/masterformat/clean.sh SH 2005,2007
--./bin/tests/system/masterformat/ns1/compile.sh SH 2005,2006,2007
--./bin/tests/system/masterformat/ns1/example.db ZONE 2005,2007
--./bin/tests/system/masterformat/ns1/named.conf CONF-C 2005,2007
--./bin/tests/system/masterformat/ns2/named.conf CONF-C 2005,2007
--./bin/tests/system/masterformat/setup.sh SH 2005,2006,2007
--./bin/tests/system/masterformat/tests.sh SH 2005,2007
--./bin/tests/system/notify/clean.sh SH 2000,2001,2004,2007
--./bin/tests/system/notify/ns1/.cvsignore X 2000,2001
--./bin/tests/system/notify/ns1/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/notify/ns1/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/notify/ns2/.cvsignore X 2000,2001
--./bin/tests/system/notify/ns2/example1.db ZONE 2000,2001,2002,2004,2007,2009
--./bin/tests/system/notify/ns2/example2.db ZONE 2000,2001,2002,2004,2007,2009
--./bin/tests/system/notify/ns2/example3.db ZONE 2000,2001,2002,2004,2007,2009
--./bin/tests/system/notify/ns2/example4.db ZONE 2000,2001,2002,2004,2007,2009
--./bin/tests/system/notify/ns2/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/notify/ns3/.cvsignore X 2000,2001
--./bin/tests/system/notify/ns3/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/notify/setup.sh SH 2000,2001,2004,2007
--./bin/tests/system/notify/tests.sh SH 2000,2001,2004,2007
--./bin/tests/system/nsupdate/.cvsignore X 2000,2001
--./bin/tests/system/nsupdate/clean.sh SH 2000,2001,2004,2007,2009
--./bin/tests/system/nsupdate/knowngood.ns1.after X 2000,2001,2003,2004,2009
--./bin/tests/system/nsupdate/knowngood.ns1.afterstop X 2001,2004
--./bin/tests/system/nsupdate/knowngood.ns1.before X 2000,2001,2003,2004,2009
--./bin/tests/system/nsupdate/ns1/.cvsignore X 2000,2001
--./bin/tests/system/nsupdate/ns1/example1.db ZONE 2000,2001,2002,2004,2007,2009
--./bin/tests/system/nsupdate/ns1/named.conf CONF-C 2000,2001,2004,2005,2007,2009
--./bin/tests/system/nsupdate/ns2/.cvsignore X 2000,2001
--./bin/tests/system/nsupdate/ns2/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/nsupdate/setup.sh SH 2000,2001,2004,2007,2009
--./bin/tests/system/nsupdate/tests.sh SH 2000,2001,2004,2007,2009
--./bin/tests/system/nsupdate/update_test.pl PERL 2000,2001,2004,2007
--./bin/tests/system/relay/README TXT.BRIEF 2000,2001,2004
--./bin/tests/system/relay/clean.sh SH 2000,2001,2004,2007
--./bin/tests/system/relay/ns1/.cvsignore X 2000,2001
--./bin/tests/system/relay/ns1/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/relay/ns1/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/relay/ns2/.cvsignore X 2000,2001
--./bin/tests/system/relay/ns2/example1.db ZONE 2000,2001,2002,2004,2007,2009
--./bin/tests/system/relay/ns2/example2.db ZONE 2000,2001,2002,2004,2007,2009
--./bin/tests/system/relay/ns2/example3.db ZONE 2000,2001,2002,2004,2007,2009
--./bin/tests/system/relay/ns2/example4.db ZONE 2000,2001,2002,2004,2007,2009
--./bin/tests/system/relay/ns2/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/relay/ns3/.cvsignore X 2000,2001
--./bin/tests/system/relay/ns3/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/relay/ns4/.cvsignore X 2000,2001
--./bin/tests/system/relay/ns4/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/relay/setup.sh SH 2000,2001,2004,2007
--./bin/tests/system/relay/tests.sh SH 2000,2001,2004,2007
--./bin/tests/system/resolver/ans2/.cvsignore X 2001
--./bin/tests/system/resolver/ans2/ans.pl PERL 2000,2001,2004,2007,2009
--./bin/tests/system/resolver/ans3/.cvsignore X 2001
--./bin/tests/system/resolver/ans3/ans.pl PERL 2000,2001,2004,2007,2009
--./bin/tests/system/resolver/clean.sh SH 2008,2009
--./bin/tests/system/resolver/ns1/.cvsignore X 2001
--./bin/tests/system/resolver/ns1/named.conf CONF-C 2000,2001,2004,2007,2009
--./bin/tests/system/resolver/ns1/root.hint ZONE 2000,2001,2004,2007
--./bin/tests/system/resolver/prereq.sh SH 2000,2001,2004,2007
--./bin/tests/system/resolver/tests.sh SH 2000,2001,2004,2007,2009
--./bin/tests/system/rrsetorder/clean.sh SH 2006,2007,2008
--./bin/tests/system/rrsetorder/dig.out.fixed.good X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good1 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good10 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good11 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good12 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good13 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good14 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good15 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good16 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good17 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good18 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good19 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good2 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good20 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good21 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good22 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good23 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good24 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good3 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good4 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good5 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good6 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good7 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good8 X 2006
--./bin/tests/system/rrsetorder/dig.out.random.good9 X 2006
--./bin/tests/system/rrsetorder/ns1/named.conf CONF-C 2006,2007
--./bin/tests/system/rrsetorder/ns1/root.db ZONE 2006,2007
--./bin/tests/system/rrsetorder/ns2/named.conf CONF-C 2006,2007
--./bin/tests/system/rrsetorder/ns3/named.conf CONF-C 2006,2007
--./bin/tests/system/rrsetorder/tests.sh SH 2006,2007,2008
--./bin/tests/system/run.sh SH 2000,2001,2004,2007
--./bin/tests/system/runall.sh SH 2000,2001,2004,2007
--./bin/tests/system/send.pl PERL 2001,2004,2007
--./bin/tests/system/setup.sh SH 2000,2001,2004,2007
--./bin/tests/system/sortlist/clean.sh SH 2000,2001,2004,2007
--./bin/tests/system/sortlist/ns1/.cvsignore X 2000,2001
--./bin/tests/system/sortlist/ns1/example.db ZONE 2000,2001,2004,2007
--./bin/tests/system/sortlist/ns1/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/sortlist/ns1/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/sortlist/tests.sh SH 2000,2001,2004,2007
--./bin/tests/system/start.pl SH 2001,2004,2005,2006,2007,2008
--./bin/tests/system/start.sh SH 2000,2001,2004,2007
--./bin/tests/system/stop.pl SH 2001,2004,2005,2006,2007
--./bin/tests/system/stop.sh SH 2000,2001,2004,2007
--./bin/tests/system/stress/clean.sh SH 2000,2001,2004,2007
--./bin/tests/system/stress/ns1/.cvsignore X 2000,2001
--./bin/tests/system/stress/ns1/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/stress/ns2/.cvsignore X 2000,2001
--./bin/tests/system/stress/ns2/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/stress/ns3/.cvsignore X 2000,2001
--./bin/tests/system/stress/ns3/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/stress/ns4/.cvsignore X 2000,2001
--./bin/tests/system/stress/ns4/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/stress/setup.pl PERL 2000,2001,2004,2007
--./bin/tests/system/stress/setup.sh SH 2000,2001,2004,2007
--./bin/tests/system/stress/tests.sh SH 2000,2001,2004,2007
--./bin/tests/system/stress/update.pl PERL 2000,2001,2004,2007
--./bin/tests/system/stub/clean.sh SH 2000,2001,2004,2007
--./bin/tests/system/stub/knowngood.dig.out.norec X 2000,2001
--./bin/tests/system/stub/knowngood.dig.out.rec X 2000,2001
--./bin/tests/system/stub/ns1/.cvsignore X 2000,2001
--./bin/tests/system/stub/ns1/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/stub/ns1/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/stub/ns2/.cvsignore X 2000,2001
--./bin/tests/system/stub/ns2/child.example.db ZONE 2000,2001,2004,2007
--./bin/tests/system/stub/ns2/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/stub/ns3/.cvsignore X 2000,2001
--./bin/tests/system/stub/ns3/example.db ZONE 2000,2001,2004,2007
--./bin/tests/system/stub/ns3/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/stub/tests.sh SH 2000,2001,2004,2007
--./bin/tests/system/testsock.pl PERL 2000,2001,2004,2007
--./bin/tests/system/tkey/.cvsignore X 2001
--./bin/tests/system/tkey/Makefile.in MAKE 2001,2002,2004,2007,2009
--./bin/tests/system/tkey/clean.sh SH 2001,2004,2007
--./bin/tests/system/tkey/keycreate.c C 2001,2004,2005,2007,2009
--./bin/tests/system/tkey/keydelete.c C 2001,2004,2005,2007,2009
--./bin/tests/system/tkey/ns1/.cvsignore X 2001
--./bin/tests/system/tkey/ns1/named.conf.in CONF-C 2001,2004,2007,2009
--./bin/tests/system/tkey/ns1/setup.sh SH 2001,2004,2007,2009
--./bin/tests/system/tkey/prereq.sh SH 2001,2004,2006,2007,2009
--./bin/tests/system/tkey/setup.sh SH 2001,2004,2007,2009
--./bin/tests/system/tkey/tests.sh SH 2001,2004,2007,2009
--./bin/tests/system/tsig/clean.sh SH 2005,2006,2007
--./bin/tests/system/tsig/ns1/example.db ZONE 2005,2006,2007,2009
--./bin/tests/system/tsig/ns1/named.conf CONF-C 2005,2006,2007
--./bin/tests/system/tsig/tests.sh SH 2005,2006,2007
--./bin/tests/system/unknown/clean.sh SH 2000,2001,2004,2007
--./bin/tests/system/unknown/ns1/.cvsignore X 2000,2001
--./bin/tests/system/unknown/ns1/broken1.db ZONE 2000,2001,2004,2007
--./bin/tests/system/unknown/ns1/broken2.db ZONE 2000,2001,2004,2007
--./bin/tests/system/unknown/ns1/broken3.db ZONE 2000,2001,2004,2007
--./bin/tests/system/unknown/ns1/broken4.db ZONE 2000,2001,2004,2007
--./bin/tests/system/unknown/ns1/broken5.db ZONE 2000,2001,2004,2007
--./bin/tests/system/unknown/ns1/class10.hints ZONE 2000,2001,2004,2007
--./bin/tests/system/unknown/ns1/example-class10.db ZONE 2000,2001,2004,2007
--./bin/tests/system/unknown/ns1/example-in.db ZONE 2000,2001,2004,2007
--./bin/tests/system/unknown/ns1/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/unknown/tests.sh SH 2000,2001,2004,2007
--./bin/tests/system/upforwd/clean.sh SH 2000,2001,2004,2007
--./bin/tests/system/upforwd/knowngood.after1 X 2000,2001
--./bin/tests/system/upforwd/knowngood.after2 X 2000,2001
--./bin/tests/system/upforwd/knowngood.before X 2000,2001
--./bin/tests/system/upforwd/knowngood.ns2.before X 2000,2001
--./bin/tests/system/upforwd/ns1/.cvsignore X 2000,2001
--./bin/tests/system/upforwd/ns1/example1.db ZONE 2000,2001,2004,2007
--./bin/tests/system/upforwd/ns1/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/upforwd/ns2/.cvsignore X 2000,2001
--./bin/tests/system/upforwd/ns2/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/upforwd/ns3/.cvsignore X 2000,2001
--./bin/tests/system/upforwd/ns3/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/upforwd/setup.sh SH 2000,2001,2004,2007
--./bin/tests/system/upforwd/tests.sh SH 2000,2001,2004,2007
--./bin/tests/system/v6synth/clean.sh SH 2001,2004,2007
--./bin/tests/system/v6synth/ns1/.cvsignore X 2001
--./bin/tests/system/v6synth/ns1/named.conf CONF-C 2001,2004,2007
--./bin/tests/system/v6synth/ns1/root.db ZONE 2001,2004,2007
--./bin/tests/system/v6synth/ns2/.cvsignore X 2001
--./bin/tests/system/v6synth/ns2/example.db ZONE 2001,2004,2007
--./bin/tests/system/v6synth/ns2/ip6.arpa.db ZONE 2001,2002,2004,2007
--./bin/tests/system/v6synth/ns2/ip6.int.db ZONE 2001,2004,2007
--./bin/tests/system/v6synth/ns2/named.conf CONF-C 2001,2004,2007
--./bin/tests/system/v6synth/ns3/.cvsignore X 2001
--./bin/tests/system/v6synth/ns3/named.conf CONF-C 2001,2004,2007
--./bin/tests/system/v6synth/tests.sh SH 2001,2004,2007
--./bin/tests/system/views/.cvsignore X 2000,2001
--./bin/tests/system/views/clean.sh SH 2000,2001,2004,2005,2007
--./bin/tests/system/views/ns1/.cvsignore X 2000,2001
--./bin/tests/system/views/ns1/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/views/ns1/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/views/ns2/.cvsignore X 2000,2001
--./bin/tests/system/views/ns2/example1.db ZONE 2000,2001,2004,2007
--./bin/tests/system/views/ns2/example2.db ZONE 2000,2001,2004,2007
--./bin/tests/system/views/ns2/internal.db ZONE 2000,2001,2004,2007
--./bin/tests/system/views/ns2/named1.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/views/ns2/named2.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/views/ns3/.cvsignore X 2000,2001
--./bin/tests/system/views/ns3/internal.db ZONE 2000,2001,2004,2007
--./bin/tests/system/views/ns3/named1.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/views/ns3/named2.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/views/setup.sh SH 2000,2001,2004,2007
--./bin/tests/system/views/tests.sh SH 2000,2001,2004,2007
--./bin/tests/system/xfer/clean.sh SH 2000,2001,2004,2007
--./bin/tests/system/xfer/dig1.good X 2000,2001,2003,2004,2009
--./bin/tests/system/xfer/dig2.good X 2000,2001,2003,2004,2009
--./bin/tests/system/xfer/ns1/.cvsignore X 2000,2001
--./bin/tests/system/xfer/ns1/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/xfer/ns1/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/xfer/ns2/.cvsignore X 2000,2001
--./bin/tests/system/xfer/ns2/named.conf CONF-C 2000,2001,2004,2005,2007
--./bin/tests/system/xfer/ns3/.cvsignore X 2000,2001
--./bin/tests/system/xfer/ns3/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/xfer/setup.sh SH 2001,2002,2004,2007
--./bin/tests/system/xfer/tests.sh SH 2000,2001,2004,2005,2007
--./bin/tests/system/xferquota/clean.sh SH 2000,2001,2004,2007
--./bin/tests/system/xferquota/ns1/.cvsignore X 2000,2001
--./bin/tests/system/xferquota/ns1/changing1.db ZONE 2000,2001,2004,2007
--./bin/tests/system/xferquota/ns1/changing2.db ZONE 2000,2001,2004,2007
--./bin/tests/system/xferquota/ns1/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/xferquota/ns1/root.db ZONE 2000,2001,2004,2007
--./bin/tests/system/xferquota/ns2/.cvsignore X 2000,2001
--./bin/tests/system/xferquota/ns2/example.db ZONE 2000,2001,2002,2003,2004,2007,2009
--./bin/tests/system/xferquota/ns2/named.conf CONF-C 2000,2001,2004,2007
--./bin/tests/system/xferquota/setup.pl PERL 2000,2001,2004,2007
--./bin/tests/system/xferquota/setup.sh SH 2000,2001,2004,2007
--./bin/tests/system/xferquota/tests.sh SH 2000,2001,2004,2007
--./bin/tests/system/zonechecks/a.db ZONE 2004,2007
--./bin/tests/system/zonechecks/aaaa.db ZONE 2004,2007
--./bin/tests/system/zonechecks/clean.sh SH 2004,2007
--./bin/tests/system/zonechecks/cname.db ZONE 2004,2007
--./bin/tests/system/zonechecks/dname.db ZONE 2004,2007
--./bin/tests/system/zonechecks/noaddress.db ZONE 2004,2007
--./bin/tests/system/zonechecks/nxdomain.db ZONE 2004,2007
--./bin/tests/system/zonechecks/tests.sh SH 2004,2007
--./bin/tests/t_api.pl PERL 1999,2000,2001,2004,2007
--./bin/tests/task_test.c C 1998,1999,2000,2001,2004,2007
--./bin/tests/tasks/.cvsignore X 1999,2000,2001
--./bin/tests/tasks/Makefile.in MAKE 1998,1999,2000,2001,2002,2004,2007,2009
--./bin/tests/tasks/t_tasks.c C 1998,1999,2000,2001,2004,2005,2007,2009
--./bin/tests/timer_test.c C 1998,1999,2000,2001,2004,2007
--./bin/tests/timers/.cvsignore X 1999,2000,2001
--./bin/tests/timers/Makefile.in MAKE 1999,2000,2001,2002,2004,2007,2009
--./bin/tests/timers/t_timers.c C 1999,2000,2001,2004,2007,2008,2009
--./bin/tests/wire_test.c C 1999,2000,2001,2004,2005,2007
--./bin/tests/wire_test.data X 1999,2000,2001
--./bin/tests/wire_test.data2 X 1999,2000,2001
--./bin/tests/wire_test.data3 X 1999,2000,2001
--./bin/tests/wire_test.data4 X 1999,2000,2001
--./bin/tests/zone_test.c C 1999,2000,2001,2002,2004,2005,2007,2009
--./bin/tools/.cvsignore X 2009
--./bin/tools/Makefile.in MAKE 2009
--./bin/tools/arpaname.1 MAN 2009
--./bin/tools/arpaname.c C 2009
--./bin/tools/arpaname.docbook SGML 2009
--./bin/tools/arpaname.html HTML 2009
--./bin/tools/genrandom.8 MAN 2009
--./bin/tools/genrandom.c C 2000,2001,2002,2003,2004,2005,2007,2009
--./bin/tools/genrandom.docbook SGML 2009
--./bin/tools/genrandom.html HTML 2009
--./bin/tools/journalprint.8 MAN 2009
--./bin/tools/journalprint.c C 2000,2001,2004,2005,2006,2007,2008,2009
--./bin/tools/journalprint.docbook SGML 2009
--./bin/tools/journalprint.html HTML 2009
--./bin/tools/nsec3hash.8 MAN 2009
--./bin/tools/nsec3hash.c C 2006,2008,2009
--./bin/tools/nsec3hash.docbook SGML 2009
--./bin/tools/nsec3hash.html HTML 2009
--./bin/win32/BINDInstall/AccountInfo.cpp C.PORTION 2001,2002,2004,2007
--./bin/win32/BINDInstall/AccountInfo.h C 2001,2004,2007
--./bin/win32/BINDInstall/BINDInstall.cpp C.PORTION 2001,2004,2007
--./bin/win32/BINDInstall/BINDInstall.dsp X 2001,2007,2009
--./bin/win32/BINDInstall/BINDInstall.dsw X 2001
--./bin/win32/BINDInstall/BINDInstall.h C.PORTION 2001,2004,2007
--./bin/win32/BINDInstall/BINDInstall.mak X 2001,2006,2007,2009
--./bin/win32/BINDInstall/BINDInstall.rc X 2001,2005,2009
--./bin/win32/BINDInstall/BINDInstallDlg.cpp C.PORTION 2001,2003,2004,2005,2006,2007,2008,2009
--./bin/win32/BINDInstall/BINDInstallDlg.h C.PORTION 2001,2004,2007,2009
--./bin/win32/BINDInstall/DirBrowse.cpp C.PORTION 2001,2004,2007
--./bin/win32/BINDInstall/DirBrowse.h C.PORTION 2001,2004,2007
--./bin/win32/BINDInstall/StdAfx.cpp X 2001
--./bin/win32/BINDInstall/StdAfx.h X 2001,2006
--./bin/win32/BINDInstall/VersionInfo.cpp X 2001,2008
--./bin/win32/BINDInstall/VersionInfo.h X 2001
--./bin/win32/BINDInstall/res/BINDInstall.ico X 2001
--./bin/win32/BINDInstall/res/BINDInstall.rc2 X 2001
--./bin/win32/BINDInstall/resource.h X 2001,2005,2009
--./bind.keys X 2009
--./config.guess X 1998,1999,2000,2001,2004,2009
--./config.h.in X 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./config.h.win32 C 1999,2000,2001,2004,2006,2007,2008,2009
--./config.sub X 1998,1999,2000,2001,2004
--./config.threads.in X 2005,2006
--./configure X 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./configure.in SH 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./conftools/perllib/dnsconf/DNSConf-macros.h C 2000,2001,2004,2007
--./conftools/perllib/dnsconf/DNSConf.i C 2000,2001,2004,2007
--./conftools/perllib/dnsconf/Makefile.PL PERL 2000,2001,2004,2007
--./conftools/perllib/dnsconf/named1.conf CONF-C 2000,2001,2004,2007
--./conftools/perllib/dnsconf/test.pl PERL 2000,2001,2004,2007
--./contrib/.cvsignore X 2000,2001
--./contrib/dbus/GetForwarders X 2006
--./contrib/dbus/INSTALL X 2006
--./contrib/dbus/Makefile.9.3.2b1 X 2006
--./contrib/dbus/Makefile.9.3.3rc2 X 2006
--./contrib/dbus/README.DBUS X 2006
--./contrib/dbus/SetForwarders X 2006
--./contrib/dbus/bind-9.3.2b1-dbus.patch X 2006
--./contrib/dbus/bind-9.3.3rc2-dbus.patch X 2006
--./contrib/dbus/dbus_mgr.c X 2006,2007,2009
--./contrib/dbus/dbus_mgr.h X 2006
--./contrib/dbus/dbus_service.c X 2006,2007
--./contrib/dbus/dbus_service.h X 2006,2007
--./contrib/dbus/named-dbus-system.conf X 2006
--./contrib/dbus/named-dbus.service X 2006
--./contrib/dlz/bin/dlzbdb/.cvsignore X 2005
--./contrib/dlz/bin/dlzbdb/Makefile.in X 2005,2007,2009
--./contrib/dlz/bin/dlzbdb/dlzbdb.c X 2005
--./contrib/dlz/config.dlz.in X 2005,2006,2008
--./contrib/dlz/drivers/.cvsignore X 2005
--./contrib/dlz/drivers/dlz_bdb_driver.c X 2005,2008
--./contrib/dlz/drivers/dlz_bdbhpt_driver.c X 2005
--./contrib/dlz/drivers/dlz_drivers.c X 2005
--./contrib/dlz/drivers/dlz_filesystem_driver.c X 2005
--./contrib/dlz/drivers/dlz_ldap_driver.c X 2005
--./contrib/dlz/drivers/dlz_mysql_driver.c X 2005,2007,2009
--./contrib/dlz/drivers/dlz_odbc_driver.c X 2005
--./contrib/dlz/drivers/dlz_postgres_driver.c X 2005,2007
--./contrib/dlz/drivers/dlz_stub_driver.c X 2005
--./contrib/dlz/drivers/include/dlz/dlz_bdb_driver.h X 2005
--./contrib/dlz/drivers/include/dlz/dlz_bdbhpt_driver.h X 2005
--./contrib/dlz/drivers/include/dlz/dlz_drivers.h X 2005
--./contrib/dlz/drivers/include/dlz/dlz_filesystem_driver.h X 2005
--./contrib/dlz/drivers/include/dlz/dlz_ldap_driver.h X 2005
--./contrib/dlz/drivers/include/dlz/dlz_mysql_driver.h X 2005
--./contrib/dlz/drivers/include/dlz/dlz_odbc_driver.h X 2005
--./contrib/dlz/drivers/include/dlz/dlz_postgres_driver.h X 2005
--./contrib/dlz/drivers/include/dlz/dlz_stub_driver.h X 2005
--./contrib/dlz/drivers/include/dlz/sdlz_helper.h X 2005
--./contrib/dlz/drivers/rules.in X 2005
--./contrib/dlz/drivers/sdlz_helper.c X 2005
--./contrib/idn/idnkit-1.0-src/ChangeLog X 2003
--./contrib/idn/idnkit-1.0-src/DISTFILES X 2003
--./contrib/idn/idnkit-1.0-src/INSTALL X 2003
--./contrib/idn/idnkit-1.0-src/INSTALL.ja X 2003
--./contrib/idn/idnkit-1.0-src/LICENSE.txt X 2003
--./contrib/idn/idnkit-1.0-src/Makefile.in X 2003,2004
--./contrib/idn/idnkit-1.0-src/NEWS X 2003
--./contrib/idn/idnkit-1.0-src/README X 2003
--./contrib/idn/idnkit-1.0-src/README.ja X 2003
--./contrib/idn/idnkit-1.0-src/acconfig.h X 2003
--./contrib/idn/idnkit-1.0-src/aclocal.m4 X 2003
--./contrib/idn/idnkit-1.0-src/config.guess X 2003
--./contrib/idn/idnkit-1.0-src/config.sub X 2003
--./contrib/idn/idnkit-1.0-src/configure X 2003
--./contrib/idn/idnkit-1.0-src/configure.in X 2003
--./contrib/idn/idnkit-1.0-src/include/Makefile.in X 2003
--./contrib/idn/idnkit-1.0-src/include/config.h.in X 2003
--./contrib/idn/idnkit-1.0-src/include/config.h.win X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/Makefile.in X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/aliaslist.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/api.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/assert.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/checker.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/converter.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/debug.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/delimitermap.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/export.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/filechecker.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/filemapper.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/localencoding.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/log.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/logmacro.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/mapper.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/mapselector.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/nameprep.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/normalizer.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/punycode.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/race.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/res.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/resconf.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/result.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/strhash.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/ucs4.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/ucsmap.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/ucsset.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/unicode.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/unormalize.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/utf8.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/util.h X 2003
--./contrib/idn/idnkit-1.0-src/include/idn/version.h X 2003
--./contrib/idn/idnkit-1.0-src/include/mdn/Makefile.in X 2003
--./contrib/idn/idnkit-1.0-src/include/mdn/api.h X 2003
--./contrib/idn/idnkit-1.0-src/include/mdn/localencoding.h X 2003
--./contrib/idn/idnkit-1.0-src/include/mdn/log.h X 2003
--./contrib/idn/idnkit-1.0-src/include/mdn/res.h X 2003
--./contrib/idn/idnkit-1.0-src/include/mdn/resconf.h X 2003
--./contrib/idn/idnkit-1.0-src/include/mdn/result.h X 2003
--./contrib/idn/idnkit-1.0-src/include/mdn/utf8.h X 2003
--./contrib/idn/idnkit-1.0-src/include/mdn/version.h X 2003
--./contrib/idn/idnkit-1.0-src/install-sh X 2003
--./contrib/idn/idnkit-1.0-src/lib/Makefile.in X 2003,2004
--./contrib/idn/idnkit-1.0-src/lib/aliaslist.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/aliaslist.sh X 2003
--./contrib/idn/idnkit-1.0-src/lib/api.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/checker.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/converter.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/debug.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/delimitermap.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/filechecker.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/filemapper.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/idn.conf.sample.in X 2003
--./contrib/idn/idnkit-1.0-src/lib/localencoding.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/log.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/make.wnt X 2003
--./contrib/idn/idnkit-1.0-src/lib/mapper.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/mapselector.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/nameprep.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/nameprep_template.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/nameprepdata.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/normalizer.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/punycode.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/race.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/res.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/resconf.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/result.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/strhash.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/Makefile.in X 2003,2004
--./contrib/idn/idnkit-1.0-src/lib/tests/api-init1.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/api-init2.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/api-init3.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/api-init4-1.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/api-init4-2.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/api-init4-3.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/api-init5-1.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/api-init5-2.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/api-init5-3.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/api.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/checker.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/codeset.h X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/converter.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/delimitermap.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/iconvchk.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/mapper.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/mapselector.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/nameprep.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/normalizer.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/res.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/resconf.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/setenv.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/setenv.h X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/testsuite.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/testsuite.h X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/testutil.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/testutil.h X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/testygen X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/ucs4.tsy X 2003
--./contrib/idn/idnkit-1.0-src/lib/tests/utffilter X 2003
--./contrib/idn/idnkit-1.0-src/lib/ucs4.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/ucsmap.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/ucsset.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/unicode.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/unicode_template.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/unicodedata_320.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/unormalize.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/utf8.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/util.c X 2003
--./contrib/idn/idnkit-1.0-src/lib/version.c X 2003
--./contrib/idn/idnkit-1.0-src/ltconfig X 2003
--./contrib/idn/idnkit-1.0-src/ltmain.sh X 2003
--./contrib/idn/idnkit-1.0-src/make.wnt X 2003
--./contrib/idn/idnkit-1.0-src/man/Makefile.in X 2003
--./contrib/idn/idnkit-1.0-src/man/idn.conf.5.in X 2003
--./contrib/idn/idnkit-1.0-src/man/libidnkit.3.in X 2003
--./contrib/idn/idnkit-1.0-src/map/Makefile.in X 2003
--./contrib/idn/idnkit-1.0-src/map/jp.map X 2003
--./contrib/idn/idnkit-1.0-src/mkinstalldirs X 2003
--./contrib/idn/idnkit-1.0-src/patch/bind9/bind-9.2.1-patch X 2003
--./contrib/idn/idnkit-1.0-src/patch/bind9/bind-9.2.2-patch X 2003
--./contrib/idn/idnkit-1.0-src/tools/Makefile.in X 2003
--./contrib/idn/idnkit-1.0-src/tools/idnconv/Makefile.in X 2003
--./contrib/idn/idnkit-1.0-src/tools/idnconv/idnconv.1 X 2003
--./contrib/idn/idnkit-1.0-src/tools/idnconv/idnconv.c X 2003
--./contrib/idn/idnkit-1.0-src/tools/idnconv/idnslookup.in X 2003
--./contrib/idn/idnkit-1.0-src/tools/idnconv/make.wnt X 2003
--./contrib/idn/idnkit-1.0-src/tools/idnconv/selectiveencode.c X 2003
--./contrib/idn/idnkit-1.0-src/tools/idnconv/selectiveencode.h X 2003,2009
--./contrib/idn/idnkit-1.0-src/tools/idnconv/util.c X 2003
--./contrib/idn/idnkit-1.0-src/tools/idnconv/util.h X 2003
--./contrib/idn/idnkit-1.0-src/tools/make.wnt X 2003
--./contrib/idn/idnkit-1.0-src/tools/rpm/idnkit.spec X 2003
--./contrib/idn/idnkit-1.0-src/tools/runidn/Makefile.in X 2003
--./contrib/idn/idnkit-1.0-src/tools/runidn/resolver.c X 2003
--./contrib/idn/idnkit-1.0-src/tools/runidn/resolver.h X 2003
--./contrib/idn/idnkit-1.0-src/tools/runidn/runidn.1 X 2003
--./contrib/idn/idnkit-1.0-src/tools/runidn/runidn.in X 2003
--./contrib/idn/idnkit-1.0-src/tools/runidn/stub.c X 2003
--./contrib/idn/idnkit-1.0-src/tools/runidn/stub.h X 2003
--./contrib/idn/idnkit-1.0-src/util/Makefile X 2003
--./contrib/idn/idnkit-1.0-src/util/SparseMap.pm X 2003
--./contrib/idn/idnkit-1.0-src/util/UCD.pm X 2003
--./contrib/idn/idnkit-1.0-src/util/generate_nameprep_data.pl X 2003
--./contrib/idn/idnkit-1.0-src/util/generate_normalize_data.pl X 2003
--./contrib/idn/idnkit-1.0-src/win/README.WIN X 2003
--./contrib/idn/idnkit-1.0-src/wsock/README.txt X 2003
--./contrib/idn/idnkit-1.0-src/wsock/README_j.txt X 2003
--./contrib/idn/idnkit-1.0-src/wsock/common/checkdll.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/common/convert.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/common/dump.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/common/encoding.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/common/hook.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/common/make.wnt X 2003
--./contrib/idn/idnkit-1.0-src/wsock/common/printf.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/common/wrapcommon.h X 2003
--./contrib/idn/idnkit-1.0-src/wsock/config/idnconf.tcl X 2003
--./contrib/idn/idnkit-1.0-src/wsock/config/make.wnt X 2003
--./contrib/idn/idnkit-1.0-src/wsock/make.wnt X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock11/dlldef.h X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock11/dllfunc.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock11/dllload.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock11/dllmain.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock11/dllstub.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock11/make.wnt X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock11/wsock32.def X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock20/dlldef.h X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock20/dllfunc.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock20/dllload.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock20/dllmain.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock20/dllstub.c X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock20/make.wnt X 2003
--./contrib/idn/idnkit-1.0-src/wsock/wsock20/ws2_32.def X 2003
--./contrib/linux/coredump-patch X 2000,2001
--./contrib/named-bootconf/named-bootconf.sh SH.PORTION 1999,2000,2001,2004,2006,2007
--./contrib/nanny/nanny.pl PERL 2000,2001,2004,2007
--./contrib/nslint-2.1a3/CHANGES X 2001
--./contrib/nslint-2.1a3/FILES X 2001
--./contrib/nslint-2.1a3/INSTALL X 2001
--./contrib/nslint-2.1a3/Makefile.in X 2001,2004
--./contrib/nslint-2.1a3/README X 2001
--./contrib/nslint-2.1a3/VERSION X 2001
--./contrib/nslint-2.1a3/aclocal.m4 X 2001
--./contrib/nslint-2.1a3/config.guess X 2001
--./contrib/nslint-2.1a3/config.sub X 2001
--./contrib/nslint-2.1a3/configure X 2001
--./contrib/nslint-2.1a3/configure.in X 2001
--./contrib/nslint-2.1a3/install-sh X 2001
--./contrib/nslint-2.1a3/lbl/gnuc.h X 2001
--./contrib/nslint-2.1a3/lbl/os-irix5.h X 2001
--./contrib/nslint-2.1a3/lbl/os-osf3.h X 2001
--./contrib/nslint-2.1a3/lbl/os-solaris2.h X 2001
--./contrib/nslint-2.1a3/lbl/os-sunos4.h X 2001
--./contrib/nslint-2.1a3/lbl/os-ultrix4.h X 2001
--./contrib/nslint-2.1a3/mkdep X 2001
--./contrib/nslint-2.1a3/nslint.8 X 2001
--./contrib/nslint-2.1a3/nslint.c X 2001
--./contrib/nslint-2.1a3/savestr.c X 2001
--./contrib/nslint-2.1a3/savestr.h X 2001
--./contrib/nslint-2.1a3/strerror.c X 2001
--./contrib/pkcs11-keygen/PEM_write_pubkey.c X 2008
--./contrib/pkcs11-keygen/PKCS11-NOTES X 2009
--./contrib/pkcs11-keygen/README X 2008,2009
--./contrib/pkcs11-keygen/destroyobj.c X 2008,2009
--./contrib/pkcs11-keygen/genkey.c X 2008,2009
--./contrib/pkcs11-keygen/genkey.sh X 2008
--./contrib/pkcs11-keygen/keyconv.pl X 2008
--./contrib/pkcs11-keygen/keydump.pl X 2008
--./contrib/pkcs11-keygen/listobjs.c X 2008,2009
--./contrib/pkcs11-keygen/opencryptoki/apiclient.h X 2009
--./contrib/pkcs11-keygen/opencryptoki/pkcs11.h X 2009
--./contrib/pkcs11-keygen/opencryptoki/pkcs11types.h X 2009
--./contrib/pkcs11-keygen/openssl-0.9.8g-patch X 2008
--./contrib/pkcs11-keygen/openssl-0.9.8i-patch X 2009
--./contrib/pkcs11-keygen/readkey.c X 2008,2009
--./contrib/pkcs11-keygen/set_key_id.c X 2008,2009
--./contrib/pkcs11-keygen/writekey.c X 2008,2009
--./contrib/pkcs11-keygen/writekey.sh X 2008
--./contrib/query-loc-0.4.0/ADDRESSES X 2008
--./contrib/query-loc-0.4.0/ALGO X 2008
--./contrib/query-loc-0.4.0/INSTALL X 2008
--./contrib/query-loc-0.4.0/Makefile.in X 2008
--./contrib/query-loc-0.4.0/README X 2008
--./contrib/query-loc-0.4.0/USAGE X 2008
--./contrib/query-loc-0.4.0/config.h.in X 2008
--./contrib/query-loc-0.4.0/configure X 2008
--./contrib/query-loc-0.4.0/configure.in X 2008
--./contrib/query-loc-0.4.0/install-sh X 2008
--./contrib/query-loc-0.4.0/loc.c X 2008
--./contrib/query-loc-0.4.0/loc.h X 2008
--./contrib/query-loc-0.4.0/loc_ntoa.c X 2008
--./contrib/query-loc-0.4.0/query-loc.1 X 2008
--./contrib/query-loc-0.4.0/query-loc.c X 2008
--./contrib/query-loc-0.4.0/reconf X 2008
--./contrib/queryperf/.cvsignore X 2001
--./contrib/queryperf/Makefile.in X 2001,2004
--./contrib/queryperf/README X 2001
--./contrib/queryperf/config.h.in X 2007
--./contrib/queryperf/configure X 2001,2002,2004,2007
--./contrib/queryperf/configure.in X 2001,2004,2007
--./contrib/queryperf/input/sample.0 X 2001
--./contrib/queryperf/input/sample.1 X 2001
--./contrib/queryperf/missing/addrinfo.h X 2004
--./contrib/queryperf/missing/getaddrinfo.c X 2004
--./contrib/queryperf/missing/getnameinfo.c X 2004
--./contrib/queryperf/queryperf.c X 2001,2002,2003,2004,2005,2007
--./contrib/queryperf/utils/gen-data-queryperf.py X 2003,2008
--./contrib/sdb/bdb/README X 2002
--./contrib/sdb/bdb/bdb.c X 2002
--./contrib/sdb/bdb/bdb.h X 2002
--./contrib/sdb/bdb/zone2bdb.c X 2002,2008,2009
--./contrib/sdb/dir/dirdb.c C 2000,2001,2004,2007
--./contrib/sdb/dir/dirdb.h C 2000,2001,2004,2007
--./contrib/sdb/ldap/INSTALL.ldap X 2001,2002,2004
--./contrib/sdb/ldap/README.ldap X 2001,2002,2004
--./contrib/sdb/ldap/README.zone2ldap X 2001
--./contrib/sdb/ldap/ldapdb.c X 2001,2002,2003,2004
--./contrib/sdb/ldap/ldapdb.h X 2001
--./contrib/sdb/ldap/zone2ldap.1 X 2001
--./contrib/sdb/ldap/zone2ldap.c X 2001,2005,2008,2009
--./contrib/sdb/pgsql/pgsqldb.c C 2000,2001,2004,2007
--./contrib/sdb/pgsql/pgsqldb.h C 2000,2001,2004,2007
--./contrib/sdb/pgsql/zonetodb.c C 2000,2001,2002,2004,2005,2007,2008,2009
--./contrib/sdb/sqlite/README.sdb_sqlite X 2007
--./contrib/sdb/sqlite/sqlitedb.c X 2007
--./contrib/sdb/sqlite/sqlitedb.h X 2007
--./contrib/sdb/sqlite/zone2sqlite.c X 2007,2008,2009
--./contrib/sdb/tcl/lookup.tcl TCL 2000,2001,2004,2007
--./contrib/sdb/tcl/tcldb.c C 2000,2001,2004,2007
--./contrib/sdb/tcl/tcldb.h C 2000,2001,2004,2007
--./contrib/sdb/time/timedb.c C 2000,2001,2004,2007
--./contrib/sdb/time/timedb.h C 2000,2001,2004,2007
--./contrib/zkt/CHANGELOG X 2008,2009
--./contrib/zkt/LICENSE X 2008
--./contrib/zkt/Makefile.in X 2008,2009
--./contrib/zkt/README X 2008,2009
--./contrib/zkt/README.logging X 2008,2009
--./contrib/zkt/TODO X 2008
--./contrib/zkt/config.h.in X 2008
--./contrib/zkt/config_zkt.h X 2008,2009
--./contrib/zkt/configure X 2008,2009
--./contrib/zkt/debug.h X 2008
--./contrib/zkt/dki.c X 2008,2009
--./contrib/zkt/dki.h X 2008,2009
--./contrib/zkt/dnssec-signer.c X 2008,2009
--./contrib/zkt/dnssec-zkt.c X 2008,2009
--./contrib/zkt/domaincmp.c X 2008
--./contrib/zkt/domaincmp.h X 2008
--./contrib/zkt/examples/dnssec-signer.sh X 2008
--./contrib/zkt/examples/dnssec-zkt.sh X 2008
--./contrib/zkt/examples/flat/dist.sh X 2008
--./contrib/zkt/examples/flat/dnssec.conf X 2008,2009
--./contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.key X 2009
--./contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+003+42138.private X 2009
--./contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.depreciated X 2009
--./contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+01355.key X 2009
--./contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.key X 2009
--./contrib/zkt/examples/flat/dyn.example.net/Kdyn.example.net.+005+10643.private X 2009
--./contrib/zkt/examples/flat/dyn.example.net/dnskey.db X 2009
--./contrib/zkt/examples/flat/dyn.example.net/dnssec.conf X 2009
--./contrib/zkt/examples/flat/dyn.example.net/dsset-dyn.example.net. X 2009
--./contrib/zkt/examples/flat/dyn.example.net/keyset-dyn.example.net. X 2009
--./contrib/zkt/examples/flat/dyn.example.net/zone.db X 2009
--./contrib/zkt/examples/flat/dyn.example.net/zone.db.dsigned X 2009
--./contrib/zkt/examples/flat/dyn.example.net/zone.org X 2009
--./contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.key X 2009
--./contrib/zkt/examples/flat/example.net/Kexample.net.+005+01764.private X 2009
--./contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.key X 2009
--./contrib/zkt/examples/flat/example.net/Kexample.net.+005+04157.private X 2009
--./contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.key X 2009
--./contrib/zkt/examples/flat/example.net/Kexample.net.+005+07308.published X 2009
--./contrib/zkt/examples/flat/example.net/dnskey.db X 2009
--./contrib/zkt/examples/flat/example.net/dsset-example.net. X 2009
--./contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.key X 2009
--./contrib/zkt/examples/flat/example.net/kexample.net.+005+14829.private X 2009
--./contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.key X 2009
--./contrib/zkt/examples/flat/example.net/kexample.net.+005+41151.private X 2009
--./contrib/zkt/examples/flat/example.net/keyset-example.net. X 2009
--./contrib/zkt/examples/flat/example.net/zone.db X 2009
--./contrib/zkt/examples/flat/example.net/zone.db.signed X 2009
--./contrib/zkt/examples/flat/keysets/dlvset-sub.example.net. X 2008,2009
--./contrib/zkt/examples/flat/keysets/dsset-dyn.example.net. X 2008
--./contrib/zkt/examples/flat/keysets/dsset-example.net. X 2008,2009
--./contrib/zkt/examples/flat/keysets/dsset-sub.example.net. X 2008,2009
--./contrib/zkt/examples/flat/keysets/keyset-dyn.example.net. X 2008
--./contrib/zkt/examples/flat/keysets/keyset-example.net. X 2008,2009
--./contrib/zkt/examples/flat/keysets/keyset-sub.example.net. X 2008,2009
--./contrib/zkt/examples/flat/named.conf X 2008
--./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.key X 2009
--./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+04710.published X 2009
--./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.key X 2009
--./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+05823.private X 2009
--./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.depreciated X 2009
--./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+006+22440.key X 2009
--./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.key X 2009
--./contrib/zkt/examples/flat/sub.example.net/Ksub.example.net.+007+18846.private X 2009
--./contrib/zkt/examples/flat/sub.example.net/dlvset-sub.example.net. X 2009
--./contrib/zkt/examples/flat/sub.example.net/dnskey.db X 2009
--./contrib/zkt/examples/flat/sub.example.net/dnssec.conf X 2009
--./contrib/zkt/examples/flat/sub.example.net/dsset-sub.example.net. X 2009
--./contrib/zkt/examples/flat/sub.example.net/keyset-sub.example.net. X 2009
--./contrib/zkt/examples/flat/sub.example.net/maxhexsalt X 2009
--./contrib/zkt/examples/flat/sub.example.net/maxhexsalt+1 X 2009
--./contrib/zkt/examples/flat/sub.example.net/zone.db X 2009
--./contrib/zkt/examples/flat/sub.example.net/zone.db.signed X 2009
--./contrib/zkt/examples/flat/zkt.log X 2008,2009
--./contrib/zkt/examples/flat/zone.conf X 2008,2009
--./contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+11327.private X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+37983.published X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/Kexample.de.+005+47280.private X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/dnskey.db X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/dsset-example.de. X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+17439.private X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+41145.private X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/kexample.de.+005+59244.private X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/keyset-example.de. X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/keyset-sub.example.de. X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+04031.published X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+39146.private X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.depreciated X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+001+59924.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+31785.private X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+40956.private X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/Ksub.example.de.+005+56595.private X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dlvset-sub.example.de. X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnskey.db X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dnssec.conf X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/dsset-sub.example.de. X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/keyset-sub.example.de. X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+06903.private X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.key X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/ksub.example.de.+005+40998.private X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/parent-sub.example.de. X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/sub.example.de/zone.db.signed X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/zone.db X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/zone.db.signed X 2009
--./contrib/zkt/examples/hierarchical/de/example.de/zone.soa X 2009
--./contrib/zkt/examples/hierarchical/de/keyset-example.de. X 2009
--./contrib/zkt/examples/hierarchical/dnssec.conf X 2008
--./contrib/zkt/examples/hierarchical/named.conf X 2008
--./contrib/zkt/examples/hierarchical/zone.conf X 2008,2009
--./contrib/zkt/examples/views/dnssec-extern.conf X 2008
--./contrib/zkt/examples/views/dnssec-intern.conf X 2008
--./contrib/zkt/examples/views/dnssec-signer-extern X 2008
--./contrib/zkt/examples/views/dnssec-signer-intern X 2008
--./contrib/zkt/examples/views/dnssec-zkt-extern X 2008
--./contrib/zkt/examples/views/dnssec-zkt-intern X 2008
--./contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.key X 2009
--./contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+10367.private X 2009
--./contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.key X 2009
--./contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+14714.published X 2009
--./contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.key X 2009
--./contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+23553.private X 2009
--./contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.depreciated X 2009
--./contrib/zkt/examples/views/extern/example.net/Kexample.net.+005+35744.key X 2009
--./contrib/zkt/examples/views/extern/example.net/dnskey.db X 2009
--./contrib/zkt/examples/views/extern/example.net/dsset-example.net. X 2009
--./contrib/zkt/examples/views/extern/example.net/keyset-example.net. X 2009
--./contrib/zkt/examples/views/extern/example.net/zone.db X 2009
--./contrib/zkt/examples/views/extern/example.net/zone.db.signed X 2009
--./contrib/zkt/examples/views/extern/zkt-ext.log X 2008,2009
--./contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.key X 2009
--./contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+00126.private X 2009
--./contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.depreciated X 2009
--./contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+05972.key X 2009
--./contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.key X 2009
--./contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+23375.private X 2009
--./contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.key X 2009
--./contrib/zkt/examples/views/intern/example.net/Kexample.net.+005+55745.published X 2009
--./contrib/zkt/examples/views/intern/example.net/dnskey.db X 2009
--./contrib/zkt/examples/views/intern/example.net/dsset-example.net. X 2009
--./contrib/zkt/examples/views/intern/example.net/keyset-example.net. X 2009
--./contrib/zkt/examples/views/intern/example.net/zone.db X 2009
--./contrib/zkt/examples/views/intern/example.net/zone.db.signed X 2009
--./contrib/zkt/examples/views/intern/zkt-int.log X 2008,2009
--./contrib/zkt/examples/views/named.conf X 2008,2009
--./contrib/zkt/examples/views/named.log X 2008
--./contrib/zkt/examples/views/root.hint X 2008
--./contrib/zkt/examples/views/viewtest.sh X 2008
--./contrib/zkt/log.c X 2008
--./contrib/zkt/log.h X 2008
--./contrib/zkt/man/dnssec-signer.8 X 2009
--./contrib/zkt/man/dnssec-signer.8.html X 2009
--./contrib/zkt/man/dnssec-zkt.8 X 2009
--./contrib/zkt/man/dnssec-zkt.8.html X 2009
--./contrib/zkt/misc.c X 2008,2009
--./contrib/zkt/misc.h X 2008,2009
--./contrib/zkt/ncparse.c X 2008
--./contrib/zkt/ncparse.h X 2008
--./contrib/zkt/rollover.c X 2008,2009
--./contrib/zkt/rollover.h X 2008,2009
--./contrib/zkt/strlist.c X 2008,2009
--./contrib/zkt/strlist.h X 2008
--./contrib/zkt/tags X 2008,2009
--./contrib/zkt/zconf.c X 2008,2009
--./contrib/zkt/zconf.h X 2008,2009
--./contrib/zkt/zkt-soaserial.c X 2008
--./contrib/zkt/zkt.c X 2008,2009
--./contrib/zkt/zkt.h X 2008
--./contrib/zkt/zone.c X 2008,2009
--./contrib/zkt/zone.h X 2008
--./doc/.cvsignore X 2000,2001
--./doc/Makefile.in MAKE 2000,2001,2004,2005,2006,2007
--./doc/arm/.cvsignore X 2000,2001,2005
--./doc/arm/Bv9ARM-book.xml SGML 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./doc/arm/Bv9ARM.ch01.html X 2000,2001,2003,2004,2005,2006,2007,2008,2009
--./doc/arm/Bv9ARM.ch02.html X 2000,2001,2003,2004,2005,2006,2007,2008,2009
--./doc/arm/Bv9ARM.ch03.html X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./doc/arm/Bv9ARM.ch04.html X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./doc/arm/Bv9ARM.ch05.html X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./doc/arm/Bv9ARM.ch06.html X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./doc/arm/Bv9ARM.ch07.html X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./doc/arm/Bv9ARM.ch08.html X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./doc/arm/Bv9ARM.ch09.html X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./doc/arm/Bv9ARM.ch10.html X 2005,2006,2007,2008,2009
--./doc/arm/Bv9ARM.html X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./doc/arm/Bv9ARM.pdf X 2007,2008,2009
--./doc/arm/Makefile.in MAKE 2001,2002,2004,2005,2006,2007,2009
--./doc/arm/README-SGML TXT.BRIEF 2000,2001,2004
--./doc/arm/isc-logo.eps X 2005
--./doc/arm/isc-logo.pdf X 2005
--./doc/arm/latex-fixup.pl PERL 2005,2007
--./doc/arm/man.ddns-confgen.html X 2009
--./doc/arm/man.dig.html X 2005,2006,2007,2008,2009
--./doc/arm/man.dnssec-dsfromkey.html X 2008,2009
--./doc/arm/man.dnssec-keyfromlabel.html X 2008,2009
--./doc/arm/man.dnssec-keygen.html X 2005,2006,2007,2008,2009
--./doc/arm/man.dnssec-revoke.html X 2009
--./doc/arm/man.dnssec-settime.html X 2009
--./doc/arm/man.dnssec-signzone.html X 2005,2006,2007,2008,2009
--./doc/arm/man.host.html X 2005,2006,2007,2008,2009
--./doc/arm/man.named-checkconf.html X 2005,2006,2007,2008,2009
--./doc/arm/man.named-checkzone.html X 2005,2006,2007,2008,2009
--./doc/arm/man.named.html X 2005,2006,2007,2008,2009
--./doc/arm/man.nsupdate.html X 2008,2009
--./doc/arm/man.rndc-confgen.html X 2005,2006,2007,2008,2009
--./doc/arm/man.rndc.conf.html X 2005,2006,2007,2008,2009
--./doc/arm/man.rndc.html X 2005,2006,2007,2008,2009
--./doc/design/addressdb TXT.BRIEF 2000,2001,2004
--./doc/design/compression TXT.BRIEF 1999,2000,2001,2004
--./doc/design/database TXT.BRIEF 1999,2000,2001,2004
--./doc/design/db_rules TXT.BRIEF 1999,2000,2001,2004
--./doc/design/decompression TXT.BRIEF 1999,2000,2001,2004
--./doc/design/dispatch TXT.BRIEF 2000,2001,2004
--./doc/design/logging TXT.BRIEF 1999,2000,2001,2004
--./doc/design/lwres TXT.BRIEF 2000,2001,2004
--./doc/design/ncache TXT.BRIEF 1999,2000,2001,2004
--./doc/design/rdataset TXT.BRIEF 1999,2000,2001,2004
--./doc/design/red-black TXT.BRIEF 1999,2000,2001,2004
--./doc/design/resolver TXT.BRIEF 1999,2000,2001,2004
--./doc/design/search TXT.BRIEF 1999,2000,2001,2004
--./doc/design/tasks TXT.BRIEF 1999,2000,2001,2004
--./doc/design/windows-nt TXT.BRIEF 1999,2000,2001,2004
--./doc/design/zone TXT.BRIEF 1999,2000,2001,2004
--./doc/dev/DBC TXT.BRIEF 1999,2000,2001,2004
--./doc/dev/HOW-ADB-WORKS.txt TXT.BRIEF 2003,2004
--./doc/dev/autoconf TXT.BRIEF 2001,2002,2004
--./doc/dev/coding.html HTML 1999,2000,2001,2002,2004,2007
--./doc/dev/cvs-usage TXT.BRIEF 2000,2001,2004
--./doc/dev/magic_numbers TXT.BRIEF 1999,2000,2001,2002,2004
--./doc/dev/rdata.html HTML 1999,2000,2001,2004,2007
--./doc/dev/release TXT.BRIEF 2000,2001,2002,2003,2004,2005,2006,2007,2009
--./doc/dev/results TXT.BRIEF 1999,2000,2001,2004
--./doc/dev/tests TXT.BRIEF 2000,2001,2004
--./doc/dev/unexpected TXT.BRIEF 1999,2000,2001,2004
--./doc/doxygen/.cvsignore X 2006
--./doc/doxygen/Doxyfile.in X 2006
--./doc/doxygen/Makefile.in MAKE 2006,2007
--./doc/doxygen/doxygen-input-filter.in PERL 2006,2007
--./doc/doxygen/isc-footer.html HTML 2006,2007
--./doc/doxygen/isc-header.html HTML 2006,2007
--./doc/doxygen/mainpage X 2006
--./doc/misc/.cvsignore X 2001
--./doc/misc/Makefile.in MAKE 2001,2004,2007,2009
--./doc/misc/dnssec TXT.BRIEF 2000,2001,2002,2004
--./doc/misc/format-options.pl PERL 2001,2004,2007
--./doc/misc/ipv6 TXT.BRIEF 2000,2001,2004
--./doc/misc/migration TXT.BRIEF 2000,2001,2003,2004,2007,2008
--./doc/misc/migration-4to9 TXT.BRIEF 2001,2004
--./doc/misc/options X 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./doc/misc/rfc-compliance TXT.BRIEF 2001,2004
--./doc/misc/roadmap TXT.BRIEF 2000,2001,2004
--./doc/misc/sdb TXT.BRIEF 2000,2001,2004
--./doc/misc/sort-options.pl PERL 2007
--./doc/private/CHANGES X 2000,2001
--./doc/private/branches X 2002,2003,2004,2005,2006,2007,2008,2009
--./doc/private/bugfix-by-assertion X 2001
--./doc/private/delete-list X 2005,2006,2007,2008,2009
--./doc/private/options TXT.BRIEF 2000,2001,2004
--./doc/todo/brister/todo X 2000,2001
--./doc/todo/bwelling/todo X 2000,2001
--./doc/todo/drc/todo X 2000,2001
--./doc/todo/gson/todo X 2000,2001
--./doc/todo/jim/todo X 2000,2001
--./doc/todo/marka/todo X 2000,2001
--./doc/todo/mws/todo X 2000,2001
--./doc/todo/tale/todo X 2000,2001
--./doc/todo/unassigned X 2000,2001
--./doc/xsl/.cvsignore X 2005
--./doc/xsl/Makefile.in MAKE 2005,2007
--./doc/xsl/copyright.xsl SGML 2005,2007,2009
--./doc/xsl/isc-docbook-chunk.xsl.in SGML 2005,2007
--./doc/xsl/isc-docbook-html.xsl.in SGML 2005,2007
--./doc/xsl/isc-docbook-latex-mappings.xml SGML 2005,2007
--./doc/xsl/isc-docbook-latex.xsl.in SGML 2005,2007
--./doc/xsl/isc-docbook-text.xsl SGML 2005,2007
--./doc/xsl/isc-manpage.xsl.in SGML 2005,2007
--./doc/xsl/pre-latex.xsl SGML 2005,2007
--./docutil/.cvsignore X 2001
--./docutil/HTML_COPYRIGHT X 2001,2004
--./docutil/MAN_COPYRIGHT X 2001,2004
--./docutil/patch-db2latex-duplicate-template-bug X 2007
--./docutil/patch-db2latex-nested-param-bug X 2007
--./docutil/patch-db2latex-xsltproc-title-bug X 2007
--./install-sh X 1998,1999,2000,2001
--./isc-config.sh.1 MAN 2009
--./isc-config.sh.docbook SGML 2009
--./isc-config.sh.html HTML 2009
--./isc-config.sh.in SH 2000,2001,2003,2004,2007
--./lib/.cvsignore X 1998,1999,2000,2001
--./lib/Makefile.in MAKE 1998,1999,2000,2001,2003,2004,2007
--./lib/bind9/.cvsignore X 2001
--./lib/bind9/Makefile.in MAKE 2001,2004,2007,2009
--./lib/bind9/api X 2001,2006,2008
--./lib/bind9/check.c C 2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/bind9/getaddresses.c C 2001,2002,2004,2005,2007
--./lib/bind9/include/.cvsignore X 2001
--./lib/bind9/include/Makefile.in MAKE 2001,2004,2007
--./lib/bind9/include/bind9/.cvsignore X 2001
--./lib/bind9/include/bind9/Makefile.in MAKE 2001,2004,2007
--./lib/bind9/include/bind9/check.h C 2001,2004,2005,2006,2007
--./lib/bind9/include/bind9/getaddresses.h C 2001,2004,2005,2006,2007,2009
--./lib/bind9/include/bind9/version.h C 2001,2004,2005,2006,2007
--./lib/bind9/version.c C 2001,2004,2005,2007
--./lib/bind9/win32/DLLMain.c C 2001,2004,2007
--./lib/bind9/win32/libbind9.def X 2001
--./lib/bind9/win32/libbind9.dsp X 2001,2004,2005,2009
--./lib/bind9/win32/libbind9.dsw X 2001
--./lib/bind9/win32/libbind9.mak X 2001,2002,2004,2005,2006,2009
--./lib/bind9/win32/version.c C 1998,1999,2000,2001,2004,2007
--./lib/dns/.cvsignore X 1998,1999,2000,2001
--./lib/dns/Makefile.in MAKE 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/acache.c C 2004,2005,2006,2007,2008
--./lib/dns/acl.c C 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/dns/adb.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/api X 1999,2000,2001,2006,2008,2009
--./lib/dns/byaddr.c C 2000,2001,2002,2003,2004,2005,2007,2009
--./lib/dns/cache.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/callbacks.c C 1999,2000,2001,2004,2005,2007
--./lib/dns/client.c C 2009
--./lib/dns/compress.c C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/db.c C 1999,2000,2001,2003,2004,2005,2007,2008,2009
--./lib/dns/dbiterator.c C 1999,2000,2001,2004,2005,2007
--./lib/dns/dbtable.c C 1999,2000,2001,2004,2005,2007
--./lib/dns/diff.c C 2000,2001,2002,2003,2004,2005,2007,2008,2009
--./lib/dns/dispatch.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/dlz.c C.PORTION 1999,2000,2001,2005,2007,2009
--./lib/dns/dnssec.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/ds.c C 2002,2003,2004,2005,2006,2007
--./lib/dns/dst_api.c C.NAI 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/dst_internal.h C.NAI 2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/dns/dst_lib.c C 1999,2000,2001,2004,2005,2007
--./lib/dns/dst_openssl.h C 2002,2004,2005,2007,2008
--./lib/dns/dst_parse.c C.NAI 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/dns/dst_parse.h C.NAI 2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/dns/dst_result.c C 1999,2000,2001,2004,2005,2007,2008
--./lib/dns/ecdb.c C 2009
--./lib/dns/forward.c C 2000,2001,2004,2005,2007,2009
--./lib/dns/gen-unix.h C 1999,2000,2001,2004,2005,2007,2009
--./lib/dns/gen-win32.h C 1999,2000,2001,2004,2005,2006,2007,2009
--./lib/dns/gen.c C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008
--./lib/dns/gssapi_link.c C 2000,2001,2002,2004,2005,2006,2007,2008
--./lib/dns/gssapictx.c C 2000,2001,2004,2005,2006,2007,2008,2009
--./lib/dns/hmac_link.c C.NAI 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/dns/include/.cvsignore X 1998,1999,2000,2001
--./lib/dns/include/Makefile.in MAKE 1998,1999,2000,2001,2004,2007
--./lib/dns/include/dns/.cvsignore X 1998,1999,2000,2001
--./lib/dns/include/dns/Makefile.in MAKE 1998,1999,2000,2001,2002,2003,2004,2007,2008
--./lib/dns/include/dns/acache.h C 2004,2006,2007
--./lib/dns/include/dns/acl.h C 1999,2000,2001,2002,2004,2005,2006,2007,2009
--./lib/dns/include/dns/adb.h C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008
--./lib/dns/include/dns/bit.h C 2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/byaddr.h C 2000,2001,2002,2003,2004,2005,2006,2007
--./lib/dns/include/dns/cache.h C 1999,2000,2001,2004,2005,2006,2007,2009
--./lib/dns/include/dns/callbacks.h C 1999,2000,2001,2002,2004,2005,2006,2007
--./lib/dns/include/dns/cert.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/client.h C 2009
--./lib/dns/include/dns/compress.h C 1999,2000,2001,2002,2004,2005,2006,2007,2009
--./lib/dns/include/dns/db.h C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/dbiterator.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/dbtable.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/diff.h C 2000,2001,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/dispatch.h C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/dlz.h C.PORTION 1999,2000,2001,2005,2006,2007,2009
--./lib/dns/include/dns/dnssec.h C 1999,2000,2001,2002,2004,2005,2006,2007,2009
--./lib/dns/include/dns/ds.h C 2002,2004,2005,2006,2007
--./lib/dns/include/dns/ecdb.h C 2009
--./lib/dns/include/dns/events.h C 1999,2000,2001,2002,2004,2005,2006,2007,2009
--./lib/dns/include/dns/fixedname.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/forward.h C 2000,2001,2004,2005,2006,2007,2009
--./lib/dns/include/dns/iptable.h C 2007
--./lib/dns/include/dns/journal.h C 1999,2000,2001,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/keydata.h C 2009
--./lib/dns/include/dns/keyflags.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/keytable.h C 2000,2001,2004,2005,2007,2009
--./lib/dns/include/dns/keyvalues.h C 1999,2000,2001,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/lib.h C 1999,2000,2001,2004,2005,2006,2007,2009
--./lib/dns/include/dns/log.h C 1999,2000,2001,2003,2004,2005,2006,2007,2009
--./lib/dns/include/dns/lookup.h C 2000,2001,2004,2005,2006,2007,2009
--./lib/dns/include/dns/master.h C 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/masterdump.h C 1999,2000,2001,2002,2004,2005,2006,2007,2008
--./lib/dns/include/dns/message.h C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/name.h C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2009
--./lib/dns/include/dns/ncache.h C 1999,2000,2001,2002,2004,2005,2006,2007,2008
--./lib/dns/include/dns/nsec.h C 1999,2000,2001,2003,2004,2005,2006,2007,2008
--./lib/dns/include/dns/nsec3.h C 2008,2009
--./lib/dns/include/dns/opcode.h C 2002,2004,2005,2006,2007
--./lib/dns/include/dns/order.h C 2002,2004,2005,2006,2007
--./lib/dns/include/dns/peer.h C 2000,2001,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/portlist.h C 2003,2004,2005,2006,2007
--./lib/dns/include/dns/rbt.h C 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/rcode.h C 1999,2000,2001,2004,2005,2006,2007,2008
--./lib/dns/include/dns/rdata.h C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/rdataclass.h C 1998,1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/rdatalist.h C 1999,2000,2001,2004,2005,2006,2007,2008
--./lib/dns/include/dns/rdataset.h C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/rdatasetiter.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/rdataslab.h C 1999,2000,2001,2002,2004,2005,2006,2007,2008
--./lib/dns/include/dns/rdatatype.h C 1998,1999,2000,2001,2004,2005,2006,2007,2008
--./lib/dns/include/dns/request.h C 2000,2001,2002,2004,2005,2006,2007,2009
--./lib/dns/include/dns/resolver.h C 1999,2000,2001,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/result.h C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008
--./lib/dns/include/dns/rootns.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/rriterator.h C 2009
--./lib/dns/include/dns/sdb.h C 2000,2001,2004,2005,2006,2007,2009
--./lib/dns/include/dns/sdlz.h C.PORTION 1999,2000,2001,2005,2006,2007,2009
--./lib/dns/include/dns/secalg.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/secproto.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/soa.h C 2000,2001,2004,2005,2006,2007,2009
--./lib/dns/include/dns/ssu.h C 2000,2001,2003,2004,2005,2006,2007,2008
--./lib/dns/include/dns/stats.h C 2000,2001,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/tcpmsg.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/time.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/timer.h C 2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/tkey.h C 1999,2000,2001,2004,2005,2006,2007,2009
--./lib/dns/include/dns/tsec.h C 2009
--./lib/dns/include/dns/tsig.h C 1999,2000,2001,2002,2004,2005,2006,2007,2009
--./lib/dns/include/dns/ttl.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dns/types.h C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/validator.h C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/version.h C 2001,2004,2005,2006,2007
--./lib/dns/include/dns/view.h C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/xfrin.h C 1999,2000,2001,2003,2004,2005,2006,2007,2009
--./lib/dns/include/dns/zone.h C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dns/zonekey.h C 2001,2004,2005,2006,2007
--./lib/dns/include/dns/zt.h C 1999,2000,2001,2002,2004,2005,2006,2007
--./lib/dns/include/dst/.cvsignore X 2000,2001,2004
--./lib/dns/include/dst/Makefile.in MAKE 1998,1999,2000,2001,2004,2007
--./lib/dns/include/dst/dst.h C 2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/dns/include/dst/gssapi.h C 2000,2001,2004,2005,2006,2007,2009
--./lib/dns/include/dst/lib.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/include/dst/result.h C 1999,2000,2001,2004,2005,2006,2007,2008
--./lib/dns/iptable.c C 2007,2008,2009
--./lib/dns/journal.c C 1999,2000,2001,2002,2004,2005,2007,2008,2009
--./lib/dns/key.c C 2001,2004,2005,2006,2007
--./lib/dns/keydata.c C 2009
--./lib/dns/keytable.c C 2000,2001,2004,2005,2007,2009
--./lib/dns/lib.c C 1999,2000,2001,2004,2005,2007,2009
--./lib/dns/log.c C 1999,2000,2001,2003,2004,2005,2006,2007
--./lib/dns/lookup.c C 2000,2001,2003,2004,2005,2007
--./lib/dns/master.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/masterdump.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/message.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/name.c C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/ncache.c C 1999,2000,2001,2002,2003,2004,2005,2007,2008
--./lib/dns/nsec.c C 1999,2000,2001,2003,2004,2005,2007,2008,2009
--./lib/dns/nsec3.c C 2006,2008,2009
--./lib/dns/openssl_link.c C.NAI 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/openssldh_link.c C.NAI 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/dns/openssldsa_link.c C.NAI 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/dns/opensslrsa_link.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/order.c C 2002,2004,2005,2007
--./lib/dns/peer.c C 2000,2001,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/portlist.c C 2003,2004,2005,2006,2007
--./lib/dns/rbt.c C 1999,2000,2001,2002,2003,2004,2005,2007,2008,2009
--./lib/dns/rbtdb.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/rbtdb.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rbtdb64.c C 1999,2000,2001,2004,2005,2007
--./lib/dns/rbtdb64.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rcode.c C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008
--./lib/dns/rdata.c C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/rdata/any_255/tsig_250.c C 1999,2000,2001,2002,2003,2004,2005,2007
--./lib/dns/rdata/any_255/tsig_250.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/ch_3/a_1.c C 2005,2007
--./lib/dns/rdata/ch_3/a_1.h C 2005,2007
--./lib/dns/rdata/generic/afsdb_18.c C 1999,2000,2001,2003,2004,2005,2007
--./lib/dns/rdata/generic/afsdb_18.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/cert_37.c C 1999,2000,2001,2002,2003,2004,2005,2007
--./lib/dns/rdata/generic/cert_37.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/cname_5.c C 1998,1999,2000,2001,2004,2007
--./lib/dns/rdata/generic/cname_5.h C 1998,1999,2000,2001,2004,2007
--./lib/dns/rdata/generic/dlv_32769.c C 2004,2006,2007
--./lib/dns/rdata/generic/dlv_32769.h C 2004,2006,2007
--./lib/dns/rdata/generic/dname_39.c C 1999,2000,2001,2004,2007
--./lib/dns/rdata/generic/dname_39.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/dnskey_48.c C 2003,2004,2005,2007
--./lib/dns/rdata/generic/dnskey_48.h C 2003,2004,2005,2007
--./lib/dns/rdata/generic/ds_43.c C 2002,2004,2005,2007
--./lib/dns/rdata/generic/ds_43.h C 2002,2004,2005,2007
--./lib/dns/rdata/generic/gpos_27.c C 1999,2000,2001,2002,2004,2005,2007
--./lib/dns/rdata/generic/gpos_27.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/hinfo_13.c C 1998,1999,2000,2001,2002,2004,2007
--./lib/dns/rdata/generic/hinfo_13.h C 1998,1999,2000,2001,2004,2007
--./lib/dns/rdata/generic/hip_55.c C 2009
--./lib/dns/rdata/generic/hip_55.h C 2009
--./lib/dns/rdata/generic/ipseckey_45.c C 2005,2007,2009
--./lib/dns/rdata/generic/ipseckey_45.h C 2005,2007
--./lib/dns/rdata/generic/isdn_20.c C 1999,2000,2001,2002,2004,2005,2007
--./lib/dns/rdata/generic/isdn_20.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/key_25.c C 1999,2000,2001,2002,2003,2004,2005,2007
--./lib/dns/rdata/generic/key_25.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/keydata_65533.c C 2009
--./lib/dns/rdata/generic/keydata_65533.h C 2009
--./lib/dns/rdata/generic/loc_29.c C 1999,2000,2001,2002,2003,2004,2005,2007,2009
--./lib/dns/rdata/generic/loc_29.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/mb_7.c C 1998,1999,2000,2001,2004,2007
--./lib/dns/rdata/generic/mb_7.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/md_3.c C 1998,1999,2000,2001,2004,2007
--./lib/dns/rdata/generic/md_3.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/mf_4.c C 1998,1999,2000,2001,2004,2007
--./lib/dns/rdata/generic/mf_4.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/mg_8.c C 1998,1999,2000,2001,2004,2007
--./lib/dns/rdata/generic/mg_8.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/minfo_14.c C 1998,1999,2000,2001,2004,2007
--./lib/dns/rdata/generic/minfo_14.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/mr_9.c C 1998,1999,2000,2001,2004,2007
--./lib/dns/rdata/generic/mr_9.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/mx_15.c C 1998,1999,2000,2001,2003,2004,2005,2007
--./lib/dns/rdata/generic/mx_15.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/ns_2.c C 1998,1999,2000,2001,2004,2007
--./lib/dns/rdata/generic/ns_2.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/nsec3_50.c C 2008,2009
--./lib/dns/rdata/generic/nsec3_50.h C 2008
--./lib/dns/rdata/generic/nsec3param_51.c C 2008,2009
--./lib/dns/rdata/generic/nsec3param_51.h C 2008
--./lib/dns/rdata/generic/nsec_47.c C 2003,2004,2007,2008
--./lib/dns/rdata/generic/nsec_47.h C 2003,2004,2005,2007,2008
--./lib/dns/rdata/generic/null_10.c C 1998,1999,2000,2001,2002,2004,2007
--./lib/dns/rdata/generic/null_10.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/nxt_30.c C 1999,2000,2001,2002,2003,2004,2005,2007
--./lib/dns/rdata/generic/nxt_30.h C 1999,2000,2001,2002,2004,2005,2007
--./lib/dns/rdata/generic/opt_41.c C 1998,1999,2000,2001,2002,2004,2005,2007
--./lib/dns/rdata/generic/opt_41.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/proforma.c C 1998,1999,2000,2001,2002,2004,2007
--./lib/dns/rdata/generic/proforma.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/ptr_12.c C 1998,1999,2000,2001,2004,2007
--./lib/dns/rdata/generic/ptr_12.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/rp_17.c C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/rp_17.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/rrsig_46.c C 2003,2004,2005,2007
--./lib/dns/rdata/generic/rrsig_46.h C 2003,2004,2005,2007
--./lib/dns/rdata/generic/rt_21.c C 1999,2000,2001,2003,2004,2005,2007
--./lib/dns/rdata/generic/rt_21.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/sig_24.c C 1999,2000,2001,2002,2003,2004,2005,2007
--./lib/dns/rdata/generic/sig_24.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/soa_6.c C 1998,1999,2000,2001,2002,2004,2007,2009
--./lib/dns/rdata/generic/soa_6.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/spf_99.c C 1998,1999,2000,2001,2002,2004,2005,2007
--./lib/dns/rdata/generic/spf_99.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/sshfp_44.c C 2003,2004,2006,2007
--./lib/dns/rdata/generic/sshfp_44.h C 2003,2004,2005,2006,2007
--./lib/dns/rdata/generic/tkey_249.c C 1999,2000,2001,2002,2003,2004,2007
--./lib/dns/rdata/generic/tkey_249.h C 1999,2000,2001,2003,2004,2005,2007
--./lib/dns/rdata/generic/txt_16.c C 1998,1999,2000,2001,2002,2004,2007,2008
--./lib/dns/rdata/generic/txt_16.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/unspec_103.c C 1999,2000,2001,2002,2004,2007
--./lib/dns/rdata/generic/unspec_103.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/generic/x25_19.c C 1999,2000,2001,2002,2004,2005,2007
--./lib/dns/rdata/generic/x25_19.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/hs_4/a_1.c C 1999,2000,2001,2002,2004,2007
--./lib/dns/rdata/hs_4/a_1.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/in_1/a6_38.c C 1999,2000,2001,2002,2003,2004,2007
--./lib/dns/rdata/in_1/a6_38.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/in_1/a_1.c C 1998,1999,2000,2001,2002,2004,2007
--./lib/dns/rdata/in_1/a_1.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/in_1/aaaa_28.c C 1999,2000,2001,2002,2004,2005,2007
--./lib/dns/rdata/in_1/aaaa_28.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/in_1/apl_42.c C 2002,2004,2005,2007,2008
--./lib/dns/rdata/in_1/apl_42.h C 2002,2004,2005,2007
--./lib/dns/rdata/in_1/dhcid_49.c C 2006,2007
--./lib/dns/rdata/in_1/dhcid_49.h C 2006,2007
--./lib/dns/rdata/in_1/kx_36.c C 1999,2000,2001,2003,2004,2005,2007
--./lib/dns/rdata/in_1/kx_36.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/in_1/naptr_35.c C 1999,2000,2001,2003,2004,2005,2007,2008,2009
--./lib/dns/rdata/in_1/naptr_35.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/in_1/nsap-ptr_23.c C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/in_1/nsap-ptr_23.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/in_1/nsap_22.c C 1999,2000,2001,2002,2004,2005,2007
--./lib/dns/rdata/in_1/nsap_22.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/in_1/px_26.c C 1999,2000,2001,2003,2004,2005,2007
--./lib/dns/rdata/in_1/px_26.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/in_1/srv_33.c C 1999,2000,2001,2003,2004,2005,2007
--./lib/dns/rdata/in_1/srv_33.h C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdata/in_1/wks_11.c C 1999,2000,2001,2002,2004,2007,2009
--./lib/dns/rdata/in_1/wks_11.h C 1999,2000,2001,2004,2007
--./lib/dns/rdata/rdatastructpre.h C 1999,2000,2001,2004,2007
--./lib/dns/rdata/rdatastructsuf.h C 1999,2000,2001,2004,2007
--./lib/dns/rdatalist.c C 1999,2000,2001,2003,2004,2005,2007,2008
--./lib/dns/rdatalist_p.h C 2000,2001,2004,2005,2007,2008
--./lib/dns/rdataset.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/rdatasetiter.c C 1999,2000,2001,2004,2005,2007
--./lib/dns/rdataslab.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/request.c C 2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/dns/resolver.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/result.c C 1998,1999,2000,2001,2002,2003,2004,2005,2007,2008,2009
--./lib/dns/rootns.c C 1999,2000,2001,2002,2004,2005,2007,2008
--./lib/dns/rriterator.c C 2009
--./lib/dns/sdb.c C 2000,2001,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/sdlz.c C.PORTION 1999,2000,2001,2005,2006,2007,2008,2009
--./lib/dns/soa.c C 2000,2001,2004,2005,2007,2009
--./lib/dns/spnego.asn1 X 2006
--./lib/dns/spnego.c C 2006,2007,2008,2009
--./lib/dns/spnego.h C 2006,2007
--./lib/dns/spnego_asn1.c C 2006,2007
--./lib/dns/spnego_asn1.pl PERL 2006,2007
--./lib/dns/ssu.c C 2000,2001,2003,2004,2005,2006,2007,2008
--./lib/dns/stats.c C 2000,2001,2004,2005,2007,2008,2009
--./lib/dns/tcpmsg.c C 1999,2000,2001,2004,2005,2006,2007
--./lib/dns/time.c C 1998,1999,2000,2001,2002,2003,2004,2005,2007,2009
--./lib/dns/timer.c C 2000,2001,2004,2005,2007
--./lib/dns/tkey.c C 1999,2000,2001,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/tsec.c C 2009
--./lib/dns/tsig.c C 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/dns/ttl.c C 1999,2000,2001,2004,2005,2007
--./lib/dns/validator.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/version.c C 1998,1999,2000,2001,2004,2005,2007
--./lib/dns/view.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/win32/DLLMain.c C 2001,2004,2007
--./lib/dns/win32/gen.dsp X 2001
--./lib/dns/win32/gen.dsw X 2001
--./lib/dns/win32/gen.mak X 2001,2006
--./lib/dns/win32/libdns.def X 2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/win32/libdns.dsp X 2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/win32/libdns.dsw X 2001
--./lib/dns/win32/libdns.mak X 2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/win32/version.c C 1998,1999,2000,2001,2004,2007
--./lib/dns/xfrin.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008
--./lib/dns/zone.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/dns/zonekey.c C 2001,2003,2004,2005,2007
--./lib/dns/zt.c C 1999,2000,2001,2002,2004,2005,2006,2007
--./lib/export/.cvsignore X 2009
--./lib/export/Makefile.in MAKE 2009
--./lib/export/dns/.cvsignore X 2009
--./lib/export/dns/Makefile.in MAKE 2009
--./lib/export/dns/include/.cvsignore X 2009
--./lib/export/dns/include/Makefile.in MAKE 2009
--./lib/export/dns/include/dns/.cvsignore X 2009
--./lib/export/dns/include/dns/Makefile.in MAKE 2009
--./lib/export/dns/include/dst/.cvsignore X 2009
--./lib/export/dns/include/dst/Makefile.in MAKE 2009
--./lib/export/irs/.cvsignore X 2009
--./lib/export/irs/Makefile.in MAKE 2009
--./lib/export/irs/include/.cvsignore X 2009
--./lib/export/irs/include/Makefile.in MAKE 2009
--./lib/export/irs/include/irs/.cvsignore X 2009
--./lib/export/irs/include/irs/Makefile.in MAKE 2009
--./lib/export/isc/.cvsignore X 2009
--./lib/export/isc/Makefile.in MAKE 2009
--./lib/export/isc/include/.cvsignore X 2009
--./lib/export/isc/include/Makefile.in MAKE 2009
--./lib/export/isc/include/isc/.cvsignore X 2009
--./lib/export/isc/include/isc/Makefile.in MAKE 2009
--./lib/export/isc/nls/.cvsignore X 2009
--./lib/export/isc/nls/Makefile.in MAKE 2009
--./lib/export/isc/nothreads/Makefile.in MAKE 2009
--./lib/export/isc/nothreads/include/Makefile.in MAKE 2009
--./lib/export/isc/nothreads/include/isc/Makefile.in MAKE 2009
--./lib/export/isc/pthreads/.cvsignore X 2009
--./lib/export/isc/pthreads/Makefile.in MAKE 2009
--./lib/export/isc/pthreads/include/.cvsignore X 2009
--./lib/export/isc/pthreads/include/Makefile.in MAKE 2009
--./lib/export/isc/pthreads/include/isc/.cvsignore X 2009
--./lib/export/isc/pthreads/include/isc/Makefile.in MAKE 2009
--./lib/export/isc/unix/.cvsignore X 2009
--./lib/export/isc/unix/Makefile.in MAKE 2009
--./lib/export/isc/unix/include/.cvsignore X 2009
--./lib/export/isc/unix/include/Makefile.in MAKE 2009
--./lib/export/isc/unix/include/isc/.cvsignore X 2009
--./lib/export/isc/unix/include/isc/Makefile.in MAKE 2009
--./lib/export/isccfg/.cvsignore X 2009
--./lib/export/isccfg/Makefile.in MAKE 2009
--./lib/export/isccfg/include/.cvsignore X 2009
--./lib/export/isccfg/include/Makefile.in MAKE 2009
--./lib/export/isccfg/include/isccfg/.cvsignore X 2009
--./lib/export/isccfg/include/isccfg/Makefile.in MAKE 2009
--./lib/export/samples/.cvsignore X 2009
--./lib/export/samples/Makefile-postinstall.in MAKE 2009
--./lib/export/samples/Makefile.in MAKE 2009
--./lib/export/samples/nsprobe.c C 2009
--./lib/export/samples/sample-async.c C 2009
--./lib/export/samples/sample-gai.c C 2009
--./lib/export/samples/sample-request.c C 2009
--./lib/export/samples/sample-update.c C 2009
--./lib/export/samples/sample.c C 2009
--./lib/irs/.cvsignore X 2009
--./lib/irs/Makefile.in MAKE 2009
--./lib/irs/api X 2009
--./lib/irs/context.c C 2009
--./lib/irs/dnsconf.c C 2009
--./lib/irs/gai_strerror.c C 2009
--./lib/irs/getaddrinfo.c C 2009
--./lib/irs/getnameinfo.c C 2009
--./lib/irs/include/.cvsignore X 2009
--./lib/irs/include/Makefile.in MAKE 2009
--./lib/irs/include/irs/.cvsignore X 2009
--./lib/irs/include/irs/Makefile.in MAKE 2009
--./lib/irs/include/irs/context.h C 2009
--./lib/irs/include/irs/dnsconf.h C 2009
--./lib/irs/include/irs/netdb.h.in C 2009
--./lib/irs/include/irs/platform.h.in C 2009
--./lib/irs/include/irs/resconf.h C 2009
--./lib/irs/include/irs/types.h C 2009
--./lib/irs/include/irs/version.h C 2009
--./lib/irs/resconf.c C 2009
--./lib/irs/version.c C 2009
--./lib/isc/.cvsignore X 1998,1999,2000,2001
--./lib/isc/Makefile.in MAKE 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isc/alpha/.cvsignore X 2007
--./lib/isc/alpha/Makefile.in MAKE 2007
--./lib/isc/alpha/include/.cvsignore X 2007
--./lib/isc/alpha/include/Makefile.in MAKE 2007
--./lib/isc/alpha/include/isc/.cvsignore X 2007
--./lib/isc/alpha/include/isc/Makefile.in MAKE 2007
--./lib/isc/alpha/include/isc/atomic.h C 2005,2007,2009
--./lib/isc/api X 1999,2000,2001,2006,2008
--./lib/isc/app_api.c C 2009
--./lib/isc/assertions.c C 1997,1998,1999,2000,2001,2004,2005,2007,2008,2009
--./lib/isc/backtrace-emptytbl.c C 2009
--./lib/isc/backtrace.c C 2009
--./lib/isc/base32.c C 2008,2009
--./lib/isc/base64.c C 1998,1999,2000,2001,2003,2004,2005,2007
--./lib/isc/bitstring.c C 1999,2000,2001,2004,2005,2007
--./lib/isc/buffer.c C 1998,1999,2000,2001,2002,2004,2005,2006,2007,2008
--./lib/isc/bufferlist.c C 1999,2000,2001,2004,2005,2007
--./lib/isc/commandline.c C.PORTION 1999,2000,2001,2004,2005,2007,2008
--./lib/isc/entropy.c C 2000,2001,2002,2003,2004,2005,2006,2007,2009
--./lib/isc/error.c C 1998,1999,2000,2001,2004,2005,2007
--./lib/isc/event.c C 1998,1999,2000,2001,2004,2005,2007
--./lib/isc/fsaccess.c C 2000,2001,2004,2005,2007
--./lib/isc/hash.c C 2003,2004,2005,2006,2007,2009
--./lib/isc/heap.c C 1997,1998,1999,2000,2001,2004,2005,2006,2007
--./lib/isc/hex.c C 2000,2001,2002,2003,2004,2005,2007,2008
--./lib/isc/hmacmd5.c C 2000,2001,2004,2005,2006,2007,2009
--./lib/isc/hmacsha.c C 2005,2006,2007,2009
--./lib/isc/httpd.c C 2006,2007,2008
--./lib/isc/ia64/.cvsignore X 2007
--./lib/isc/ia64/Makefile.in MAKE 2007
--./lib/isc/ia64/include/.cvsignore X 2007
--./lib/isc/ia64/include/Makefile.in MAKE 2007
--./lib/isc/ia64/include/isc/.cvsignore X 2007
--./lib/isc/ia64/include/isc/Makefile.in MAKE 2007
--./lib/isc/ia64/include/isc/atomic.h C 2006,2007,2009
--./lib/isc/include/.cvsignore X 1998,1999,2000,2001
--./lib/isc/include/Makefile.in MAKE 1998,1999,2000,2001,2004,2007
--./lib/isc/include/isc/.cvsignore X 1998,1999,2000,2001
--./lib/isc/include/isc/Makefile.in MAKE 1998,1999,2000,2001,2003,2004,2005,2006,2007,2008,2009
--./lib/isc/include/isc/app.h C 1999,2000,2001,2004,2005,2006,2007,2009
--./lib/isc/include/isc/assertions.h C 1997,1998,1999,2000,2001,2004,2005,2006,2007,2008
--./lib/isc/include/isc/backtrace.h C 2009
--./lib/isc/include/isc/base32.h C 2008
--./lib/isc/include/isc/base64.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/bitstring.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/boolean.h C 1998,1999,2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/buffer.h C 1998,1999,2000,2001,2002,2004,2005,2006,2007,2008
--./lib/isc/include/isc/bufferlist.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/commandline.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/entropy.h C 2000,2001,2004,2005,2006,2007,2009
--./lib/isc/include/isc/error.h C 1998,1999,2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/event.h C 1998,1999,2000,2001,2002,2004,2005,2006,2007
--./lib/isc/include/isc/eventclass.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/isc/include/isc/file.h C 2000,2001,2004,2005,2006,2007,2009
--./lib/isc/include/isc/formatcheck.h C 2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/fsaccess.h C 2000,2001,2004,2005,2006,2007,2009
--./lib/isc/include/isc/hash.h C 2003,2004,2005,2006,2007,2009
--./lib/isc/include/isc/heap.h C 1997,1998,1999,2000,2001,2004,2005,2006,2007,2009
--./lib/isc/include/isc/hex.h C 2000,2001,2004,2005,2006,2007,2008
--./lib/isc/include/isc/hmacmd5.h C 2000,2001,2004,2005,2006,2007,2009
--./lib/isc/include/isc/hmacsha.h C 2005,2006,2007,2009
--./lib/isc/include/isc/httpd.h C 2006,2007,2008
--./lib/isc/include/isc/interfaceiter.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/ipv6.h C 1999,2000,2001,2002,2004,2005,2007
--./lib/isc/include/isc/iterated_hash.h C 2008
--./lib/isc/include/isc/lang.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/lex.h C 1998,1999,2000,2001,2002,2004,2005,2007,2008
--./lib/isc/include/isc/lfsr.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/lib.h C 1999,2000,2001,2004,2005,2006,2007,2009
--./lib/isc/include/isc/list.h C 1997,1998,1999,2000,2001,2002,2004,2006,2007
--./lib/isc/include/isc/log.h C 1999,2000,2001,2002,2004,2005,2006,2007,2009
--./lib/isc/include/isc/magic.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/md5.h C 2000,2001,2004,2005,2006,2007,2009
--./lib/isc/include/isc/mem.h C 1997,1998,1999,2000,2001,2004,2005,2006,2007,2008,2009
--./lib/isc/include/isc/msgcat.h C 1999,2000,2001,2004,2005,2007
--./lib/isc/include/isc/msgs.h C 2000,2001,2002,2003,2004,2005,2006,2007,2008
--./lib/isc/include/isc/mutexblock.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/namespace.h C 2009
--./lib/isc/include/isc/netaddr.h C 1998,1999,2000,2001,2002,2004,2005,2006,2007,2009
--./lib/isc/include/isc/netscope.h C 2002,2004,2005,2006,2007,2009
--./lib/isc/include/isc/ondestroy.h C 2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/os.h C 2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/parseint.h C 2001,2002,2004,2005,2006,2007
--./lib/isc/include/isc/platform.h.in C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isc/include/isc/portset.h C 2008,2009
--./lib/isc/include/isc/print.h C 1999,2000,2001,2003,2004,2005,2006,2007
--./lib/isc/include/isc/quota.h C 2000,2001,2004,2005,2007
--./lib/isc/include/isc/radix.h C 2007,2008
--./lib/isc/include/isc/random.h C 1999,2000,2001,2004,2005,2006,2007,2009
--./lib/isc/include/isc/ratelimiter.h C 1999,2000,2001,2002,2004,2005,2006,2007,2009
--./lib/isc/include/isc/refcount.h C 2001,2003,2004,2005,2006,2007
--./lib/isc/include/isc/region.h C 1998,1999,2000,2001,2002,2004,2005,2006,2007
--./lib/isc/include/isc/resource.h C 2000,2001,2004,2005,2006,2007,2008
--./lib/isc/include/isc/result.h C 1998,1999,2000,2001,2003,2004,2005,2006,2007,2008,2009
--./lib/isc/include/isc/resultclass.h C 1999,2000,2001,2004,2005,2006,2007,2009
--./lib/isc/include/isc/rwlock.h C 1998,1999,2000,2001,2003,2004,2005,2006,2007
--./lib/isc/include/isc/serial.h C 1999,2000,2001,2004,2005,2006,2007,2009
--./lib/isc/include/isc/sha1.h C 2000,2001,2004,2005,2006,2007,2009
--./lib/isc/include/isc/sha2.h C 2005,2006,2007,2009
--./lib/isc/include/isc/sockaddr.h C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2009
--./lib/isc/include/isc/socket.h C 1998,1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/isc/include/isc/stats.h C 2009
--./lib/isc/include/isc/stdio.h C 2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/stdlib.h C 2003,2004,2005,2006,2007
--./lib/isc/include/isc/string.h C 2000,2001,2003,2004,2005,2006,2007
--./lib/isc/include/isc/symtab.h C 1996,1997,1998,1999,2000,2001,2004,2005,2006,2007,2009
--./lib/isc/include/isc/task.h C 1998,1999,2000,2001,2003,2004,2005,2006,2007,2009
--./lib/isc/include/isc/taskpool.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/timer.h C 1998,1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/isc/include/isc/types.h C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isc/include/isc/util.h C 1998,1999,2000,2001,2004,2005,2006,2007
--./lib/isc/include/isc/version.h C 2001,2004,2005,2006,2007
--./lib/isc/include/isc/xml.h C 2006,2007
--./lib/isc/inet_aton.c C.PORTION 1996,1997,1998,1999,2000,2001,2004,2005,2007,2008
--./lib/isc/inet_ntop.c C 1996,1997,1998,1999,2000,2001,2004,2005,2007,2009
--./lib/isc/inet_pton.c C 1996,1997,1998,1999,2000,2001,2002,2003,2004,2005,2007
--./lib/isc/iterated_hash.c C 2006,2008,2009
--./lib/isc/lex.c C 1998,1999,2000,2001,2002,2003,2004,2005,2007
--./lib/isc/lfsr.c C 1999,2000,2001,2002,2004,2005,2007
--./lib/isc/lib.c C 1999,2000,2001,2004,2005,2007,2009
--./lib/isc/log.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2009
--./lib/isc/md5.c C 2000,2001,2004,2005,2007,2009
--./lib/isc/mem.c C 1997,1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isc/mem_api.c C 2009
--./lib/isc/mips/.cvsignore X 2007
--./lib/isc/mips/Makefile.in MAKE 2007
--./lib/isc/mips/include/.cvsignore X 2007
--./lib/isc/mips/include/Makefile.in MAKE 2007
--./lib/isc/mips/include/isc/.cvsignore X 2007
--./lib/isc/mips/include/isc/Makefile.in MAKE 2007
--./lib/isc/mips/include/isc/atomic.h C 2005,2007
--./lib/isc/mutexblock.c C 1999,2000,2001,2004,2005,2007
--./lib/isc/netaddr.c C 1999,2000,2001,2002,2004,2005,2007
--./lib/isc/netscope.c C 2002,2004,2005,2006,2007
--./lib/isc/nls/.cvsignore X 1999,2000,2001
--./lib/isc/nls/Makefile.in MAKE 1999,2000,2001,2004,2007,2009
--./lib/isc/nls/msgcat.c C 1999,2000,2001,2004,2005,2007
--./lib/isc/noatomic/.cvsignore X 2007
--./lib/isc/noatomic/Makefile.in MAKE 2007
--./lib/isc/noatomic/include/.cvsignore X 2007
--./lib/isc/noatomic/include/Makefile.in MAKE 2007
--./lib/isc/noatomic/include/isc/.cvsignore X 2007
--./lib/isc/noatomic/include/isc/Makefile.in MAKE 2007
--./lib/isc/noatomic/include/isc/atomic.h C 2005,2007
--./lib/isc/nothreads/.cvsignore X 2000,2001
--./lib/isc/nothreads/Makefile.in MAKE 2000,2001,2004,2007,2009
--./lib/isc/nothreads/condition.c C 2000,2001,2004,2006,2007
--./lib/isc/nothreads/include/.cvsignore X 2000,2001
--./lib/isc/nothreads/include/Makefile.in MAKE 2000,2001,2004,2007
--./lib/isc/nothreads/include/isc/.cvsignore X 2000,2001
--./lib/isc/nothreads/include/isc/Makefile.in MAKE 2000,2001,2004,2007
--./lib/isc/nothreads/include/isc/condition.h C 2000,2001,2004,2007
--./lib/isc/nothreads/include/isc/mutex.h C 2000,2001,2004,2007
--./lib/isc/nothreads/include/isc/once.h C 2000,2001,2004,2007
--./lib/isc/nothreads/include/isc/thread.h C 2000,2001,2004,2007
--./lib/isc/nothreads/mutex.c C 2000,2001,2004,2006,2007
--./lib/isc/nothreads/thread.c C 2000,2001,2004,2007
--./lib/isc/ondestroy.c C 2000,2001,2004,2005,2007
--./lib/isc/parseint.c C 2001,2002,2003,2004,2005,2007
--./lib/isc/portset.c C 2008
--./lib/isc/powerpc/.cvsignore X 2007
--./lib/isc/powerpc/Makefile.in MAKE 2007
--./lib/isc/powerpc/include/.cvsignore X 2007
--./lib/isc/powerpc/include/Makefile.in MAKE 2007
--./lib/isc/powerpc/include/isc/.cvsignore X 2007
--./lib/isc/powerpc/include/isc/Makefile.in MAKE 2007
--./lib/isc/powerpc/include/isc/atomic.h C 2005,2007
--./lib/isc/print.c C 1999,2000,2001,2003,2004,2005,2006,2007,2008
--./lib/isc/pthreads/.cvsignore X 1998,1999,2000,2001
--./lib/isc/pthreads/Makefile.in MAKE 1998,1999,2000,2001,2004,2007,2009
--./lib/isc/pthreads/condition.c C 1998,1999,2000,2001,2004,2005,2007
--./lib/isc/pthreads/include/.cvsignore X 1998,1999,2000,2001
--./lib/isc/pthreads/include/Makefile.in MAKE 1998,1999,2000,2001,2004,2007
--./lib/isc/pthreads/include/isc/.cvsignore X 1998,1999,2000,2001
--./lib/isc/pthreads/include/isc/Makefile.in MAKE 1998,1999,2000,2001,2004,2007
--./lib/isc/pthreads/include/isc/condition.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/isc/pthreads/include/isc/mutex.h C 1998,1999,2000,2001,2002,2004,2005,2007
--./lib/isc/pthreads/include/isc/once.h C 1999,2000,2001,2004,2005,2007
--./lib/isc/pthreads/include/isc/thread.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/isc/pthreads/mutex.c C 2000,2001,2002,2004,2005,2007,2008
--./lib/isc/pthreads/thread.c C 2000,2001,2003,2004,2005,2007
--./lib/isc/quota.c C 2000,2001,2004,2005,2007
--./lib/isc/radix.c C 2007,2008,2009
--./lib/isc/random.c C 1999,2000,2001,2002,2003,2004,2005,2007,2009
--./lib/isc/ratelimiter.c C 1999,2000,2001,2002,2004,2005,2007
--./lib/isc/refcount.c C 2005,2007
--./lib/isc/region.c C 2002,2004,2005,2007
--./lib/isc/result.c C 1998,1999,2000,2001,2003,2004,2005,2007,2008
--./lib/isc/rwlock.c C 1998,1999,2000,2001,2003,2004,2005,2007,2009
--./lib/isc/serial.c C 1999,2000,2001,2004,2005,2007
--./lib/isc/sha1.c C 2000,2001,2003,2004,2005,2007,2009
--./lib/isc/sha2.c C 2005,2006,2007,2009
--./lib/isc/sockaddr.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007
--./lib/isc/socket_api.c C 2009
--./lib/isc/sparc64/.cvsignore X 2007
--./lib/isc/sparc64/Makefile.in MAKE 2007
--./lib/isc/sparc64/include/.cvsignore X 2007
--./lib/isc/sparc64/include/Makefile.in MAKE 2007
--./lib/isc/sparc64/include/isc/.cvsignore X 2007
--./lib/isc/sparc64/include/isc/Makefile.in MAKE 2007
--./lib/isc/sparc64/include/isc/atomic.h C 2005,2007
--./lib/isc/stats.c C 2009
--./lib/isc/string.c C 1999,2000,2001,2003,2004,2005,2006,2007
--./lib/isc/strtoul.c C 2003,2004,2005,2007
--./lib/isc/symtab.c C 1996,1997,1998,1999,2000,2001,2004,2005,2007
--./lib/isc/task.c C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isc/task_api.c C 2009
--./lib/isc/task_p.h C 2000,2001,2004,2005,2007,2009
--./lib/isc/taskpool.c C 1999,2000,2001,2004,2005,2007
--./lib/isc/timer.c C 1998,1999,2000,2001,2002,2004,2005,2007,2008,2009
--./lib/isc/timer_api.c C 2009
--./lib/isc/timer_p.h C 2000,2001,2004,2005,2007,2009
--./lib/isc/unix/.cvsignore X 1998,1999,2000,2001
--./lib/isc/unix/Makefile.in MAKE 1998,1999,2000,2001,2004,2007,2009
--./lib/isc/unix/app.c C 1999,2000,2001,2002,2003,2004,2005,2007,2008,2009
--./lib/isc/unix/dir.c C 1999,2000,2001,2004,2005,2007,2008,2009
--./lib/isc/unix/entropy.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008
--./lib/isc/unix/errno2result.c C 2000,2001,2002,2004,2005,2007
--./lib/isc/unix/errno2result.h C 2000,2001,2004,2005,2007
--./lib/isc/unix/file.c C 2000,2001,2002,2004,2005,2007,2009
--./lib/isc/unix/fsaccess.c C 2000,2001,2004,2005,2006,2007
--./lib/isc/unix/ifiter_getifaddrs.c C 2003,2004,2005,2007,2008
--./lib/isc/unix/ifiter_ioctl.c C 1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isc/unix/ifiter_sysctl.c C 1999,2000,2001,2002,2003,2004,2005,2007
--./lib/isc/unix/include/.cvsignore X 1998,1999,2000,2001
--./lib/isc/unix/include/Makefile.in MAKE 1998,1999,2000,2001,2004,2007
--./lib/isc/unix/include/isc/.cvsignore X 1998,1999,2000,2001
--./lib/isc/unix/include/isc/Makefile.in MAKE 1998,1999,2000,2001,2004,2007
--./lib/isc/unix/include/isc/dir.h C 1999,2000,2001,2004,2005,2007
--./lib/isc/unix/include/isc/int.h C 1999,2000,2001,2004,2005,2007
--./lib/isc/unix/include/isc/keyboard.h C 2000,2001,2004,2005,2007
--./lib/isc/unix/include/isc/net.h C 1999,2000,2001,2002,2003,2004,2005,2007,2008
--./lib/isc/unix/include/isc/netdb.h C 1999,2000,2001,2004,2005,2007
--./lib/isc/unix/include/isc/offset.h C 2000,2001,2004,2005,2007,2008
--./lib/isc/unix/include/isc/stat.h C 2004,2007
--./lib/isc/unix/include/isc/stdtime.h C 1999,2000,2001,2004,2005,2007
--./lib/isc/unix/include/isc/strerror.h C 2001,2004,2005,2007,2008
--./lib/isc/unix/include/isc/syslog.h C 1999,2000,2001,2004,2005,2007
--./lib/isc/unix/include/isc/time.h C 1998,1999,2000,2001,2004,2005,2006,2007,2008,2009
--./lib/isc/unix/interfaceiter.c C 1999,2000,2001,2002,2003,2004,2005,2007,2008
--./lib/isc/unix/ipv6.c C 1999,2000,2001,2004,2005,2006,2007
--./lib/isc/unix/keyboard.c C 2000,2001,2004,2007
--./lib/isc/unix/net.c C 1999,2000,2001,2002,2003,2004,2005,2007,2008
--./lib/isc/unix/os.c C 2000,2001,2004,2005,2007
--./lib/isc/unix/resource.c C 2000,2001,2004,2007,2008,2009
--./lib/isc/unix/socket.c C 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isc/unix/socket_p.h C 2000,2001,2004,2005,2007,2008,2009
--./lib/isc/unix/stdio.c C 2000,2001,2004,2007
--./lib/isc/unix/stdtime.c C 1999,2000,2001,2004,2005,2007
--./lib/isc/unix/strerror.c C 2001,2004,2005,2007,2009
--./lib/isc/unix/syslog.c C 2001,2004,2005,2007
--./lib/isc/unix/time.c C 1998,1999,2000,2001,2003,2004,2005,2006,2007,2008
--./lib/isc/version.c C 1998,1999,2000,2001,2004,2005,2007
--./lib/isc/win32/.cvsignore X 1999,2000,2001
--./lib/isc/win32/DLLMain.c C 2001,2004,2007
--./lib/isc/win32/Makefile.in MAKE 1999,2000,2001,2004,2007,2009
--./lib/isc/win32/app.c C 1999,2000,2001,2004,2007,2009
--./lib/isc/win32/condition.c C 1998,1999,2000,2001,2004,2006,2007
--./lib/isc/win32/dir.c C 1999,2000,2001,2004,2007,2008,2009
--./lib/isc/win32/entropy.c C 2000,2001,2002,2004,2007,2009
--./lib/isc/win32/errno2result.c C 2000,2001,2002,2004,2005,2007,2008
--./lib/isc/win32/errno2result.h C 2000,2001,2004,2005,2007
--./lib/isc/win32/file.c C 2000,2001,2002,2004,2007,2009
--./lib/isc/win32/fsaccess.c C 2000,2001,2002,2004,2007
--./lib/isc/win32/include/.cvsignore X 1999,2000,2001
--./lib/isc/win32/include/Makefile.in MAKE 1999,2000,2001,2004,2007
--./lib/isc/win32/include/isc/.cvsignore X 1999,2000,2001
--./lib/isc/win32/include/isc/Makefile.in MAKE 1999,2000,2001,2004,2007
--./lib/isc/win32/include/isc/bind_registry.h C 2001,2004,2007
--./lib/isc/win32/include/isc/bindevt.h C 2001,2004,2007
--./lib/isc/win32/include/isc/condition.h C 1998,1999,2000,2001,2004,2007
--./lib/isc/win32/include/isc/dir.h C 1999,2000,2001,2004,2007
--./lib/isc/win32/include/isc/int.h C 1999,2000,2001,2004,2007
--./lib/isc/win32/include/isc/ipv6.h C 1999,2000,2001,2002,2004,2005,2007
--./lib/isc/win32/include/isc/keyboard.h C 2000,2001,2004,2007
--./lib/isc/win32/include/isc/mutex.h C 1998,1999,2000,2001,2004,2007,2008,2009
--./lib/isc/win32/include/isc/net.h C 1999,2000,2001,2002,2003,2004,2005,2007,2008
--./lib/isc/win32/include/isc/netdb.h C 1999,2000,2001,2004,2007
--./lib/isc/win32/include/isc/ntgroups.h C 2001,2004,2007
--./lib/isc/win32/include/isc/ntpaths.h C 2000,2001,2004,2007,2009
--./lib/isc/win32/include/isc/offset.h C 2000,2001,2004,2007
--./lib/isc/win32/include/isc/once.h C 1999,2000,2001,2004,2007
--./lib/isc/win32/include/isc/platform.h C 2001,2004,2005,2007,2008
--./lib/isc/win32/include/isc/stat.h C 2000,2001,2003,2004,2007
--./lib/isc/win32/include/isc/stdtime.h C 1999,2000,2001,2004,2005,2007
--./lib/isc/win32/include/isc/strerror.h C 2001,2004,2007
--./lib/isc/win32/include/isc/syslog.h C 1999,2000,2001,2004,2007
--./lib/isc/win32/include/isc/thread.h C 1998,1999,2000,2001,2004,2005,2007
--./lib/isc/win32/include/isc/time.h C 1998,1999,2000,2001,2004,2006,2007,2008,2009
--./lib/isc/win32/include/isc/win32os.h C 2002,2004,2007,2009
--./lib/isc/win32/interfaceiter.c C 1999,2000,2001,2004,2007,2008,2009
--./lib/isc/win32/ipv6.c C 1999,2000,2001,2004,2007
--./lib/isc/win32/keyboard.c C 2000,2001,2004,2007
--./lib/isc/win32/libgen.h C 2009
--./lib/isc/win32/libisc.def X 2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isc/win32/libisc.dsp X 2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isc/win32/libisc.dsw X 2001
--./lib/isc/win32/libisc.mak X 2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isc/win32/net.c C 1999,2000,2001,2002,2003,2004,2005,2007,2008,2009
--./lib/isc/win32/netdb.h C 2000,2001,2004,2006,2007,2009
--./lib/isc/win32/ntgroups.c C 2001,2004,2006,2007
--./lib/isc/win32/ntpaths.c C 2001,2004,2007,2009
--./lib/isc/win32/once.c C 1999,2000,2001,2004,2007
--./lib/isc/win32/os.c C 2000,2001,2002,2004,2007
--./lib/isc/win32/resource.c C 2000,2001,2004,2007,2008
--./lib/isc/win32/socket.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isc/win32/stdio.c C 2000,2001,2004,2007
--./lib/isc/win32/stdtime.c C 1999,2000,2001,2004,2007
--./lib/isc/win32/strerror.c C 2001,2002,2004,2007
--./lib/isc/win32/syslog.c C 2001,2002,2003,2004,2007
--./lib/isc/win32/syslog.h C 2001,2002,2004,2007
--./lib/isc/win32/thread.c C 1998,1999,2000,2001,2004,2005,2007
--./lib/isc/win32/time.c C 1998,1999,2000,2001,2003,2004,2006,2007,2008,2009
--./lib/isc/win32/unistd.h C 2000,2001,2004,2007,2008,2009
--./lib/isc/win32/version.c C 1998,1999,2000,2001,2004,2007
--./lib/isc/win32/win32os.c C 2002,2004,2007
--./lib/isc/x86_32/.cvsignore X 2007
--./lib/isc/x86_32/Makefile.in MAKE 2007
--./lib/isc/x86_32/include/.cvsignore X 2007
--./lib/isc/x86_32/include/Makefile.in MAKE 2007
--./lib/isc/x86_32/include/isc/.cvsignore X 2007
--./lib/isc/x86_32/include/isc/Makefile.in MAKE 2007
--./lib/isc/x86_32/include/isc/atomic.h C 2005,2007,2008
--./lib/isc/x86_64/.cvsignore X 2007
--./lib/isc/x86_64/Makefile.in MAKE 2007
--./lib/isc/x86_64/include/.cvsignore X 2007
--./lib/isc/x86_64/include/Makefile.in MAKE 2007
--./lib/isc/x86_64/include/isc/.cvsignore X 2007
--./lib/isc/x86_64/include/isc/Makefile.in MAKE 2007
--./lib/isc/x86_64/include/isc/atomic.h C 2005,2007,2008
--./lib/isccc/.cvsignore X 2001
--./lib/isccc/Makefile.in MAKE 2001,2003,2004,2007,2009
--./lib/isccc/alist.c C.NOM 2001,2004,2005,2007
--./lib/isccc/api X 2001,2006,2008
--./lib/isccc/base64.c C.NOM 2001,2004,2005,2007
--./lib/isccc/cc.c C.NOM 2001,2002,2003,2004,2005,2006,2007
--./lib/isccc/ccmsg.c C.NOM 2001,2004,2005,2007
--./lib/isccc/include/.cvsignore X 2001
--./lib/isccc/include/Makefile.in MAKE 2001,2004,2007
--./lib/isccc/include/isccc/.cvsignore X 2001
--./lib/isccc/include/isccc/Makefile.in MAKE 2001,2004,2007
--./lib/isccc/include/isccc/alist.h C.NOM 2001,2004,2005,2006,2007
--./lib/isccc/include/isccc/base64.h C.NOM 2001,2004,2005,2006,2007
--./lib/isccc/include/isccc/cc.h C.NOM 2001,2004,2005,2006,2007
--./lib/isccc/include/isccc/ccmsg.h C.NOM 2001,2004,2005,2006,2007
--./lib/isccc/include/isccc/events.h C.NOM 2001,2004,2005,2006,2007
--./lib/isccc/include/isccc/lib.h C.NOM 2001,2004,2005,2006,2007
--./lib/isccc/include/isccc/result.h C.NOM 2001,2003,2004,2005,2006,2007
--./lib/isccc/include/isccc/sexpr.h C.NOM 2001,2004,2005,2006,2007
--./lib/isccc/include/isccc/symtab.h C.NOM 2001,2004,2005,2006,2007
--./lib/isccc/include/isccc/symtype.h C.NOM 2001,2004,2005,2006,2007
--./lib/isccc/include/isccc/types.h C.NOM 2001,2004,2005,2006,2007
--./lib/isccc/include/isccc/util.h C.NOM 2001,2004,2005,2006,2007
--./lib/isccc/include/isccc/version.h C 2001,2004,2005,2006,2007
--./lib/isccc/lib.c C.NOM 2001,2004,2005,2007
--./lib/isccc/result.c C.NOM 2001,2003,2004,2005,2007
--./lib/isccc/sexpr.c C.NOM 2001,2004,2005,2007
--./lib/isccc/symtab.c C.NOM 2001,2004,2005,2007
--./lib/isccc/version.c C 1998,1999,2000,2001,2004,2005,2007
--./lib/isccc/win32/DLLMain.c C 2001,2004,2007
--./lib/isccc/win32/libisccc.def X 2001
--./lib/isccc/win32/libisccc.dsp X 2001,2004,2005,2009
--./lib/isccc/win32/libisccc.dsw X 2001
--./lib/isccc/win32/libisccc.mak X 2001,2002,2004,2005,2006,2009
--./lib/isccc/win32/version.c C 2001,2004,2007
--./lib/isccfg/.cvsignore X 2001
--./lib/isccfg/Makefile.in MAKE 2001,2002,2003,2004,2005,2007,2009
--./lib/isccfg/aclconf.c C 1999,2000,2001,2002,2004,2005,2006,2007,2008,2009
--./lib/isccfg/api X 2001,2006,2008
--./lib/isccfg/dnsconf.c C 2009
--./lib/isccfg/include/.cvsignore X 2001
--./lib/isccfg/include/Makefile.in MAKE 2001,2004,2007
--./lib/isccfg/include/isccfg/.cvsignore X 2001
--./lib/isccfg/include/isccfg/Makefile.in MAKE 2001,2002,2004,2005,2007
--./lib/isccfg/include/isccfg/aclconf.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/isccfg/include/isccfg/cfg.h C 2000,2001,2002,2004,2005,2006,2007
--./lib/isccfg/include/isccfg/dnsconf.h C 2009
--./lib/isccfg/include/isccfg/grammar.h C 2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isccfg/include/isccfg/log.h C 2001,2004,2005,2006,2007,2009
--./lib/isccfg/include/isccfg/namedconf.h C 2002,2004,2005,2006,2007,2009
--./lib/isccfg/include/isccfg/version.h C 2001,2004,2005,2006,2007
--./lib/isccfg/log.c C 2001,2004,2005,2006,2007
--./lib/isccfg/namedconf.c C 2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isccfg/parser.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./lib/isccfg/version.c C 1998,1999,2000,2001,2004,2005,2007
--./lib/isccfg/win32/DLLMain.c C 2001,2004,2007
--./lib/isccfg/win32/libisccfg.def X 2001,2002,2005,2009
--./lib/isccfg/win32/libisccfg.dsp X 2001,2002,2004,2005,2009
--./lib/isccfg/win32/libisccfg.dsw X 2001
--./lib/isccfg/win32/libisccfg.mak X 2001,2002,2004,2005,2006,2009
--./lib/isccfg/win32/version.c C 1998,1999,2000,2001,2004,2007
--./lib/lwres/.cvsignore X 2000,2001
--./lib/lwres/Makefile.in MAKE 2000,2001,2004,2005,2007
--./lib/lwres/api X 2000,2001,2006,2008
--./lib/lwres/assert_p.h C 2000,2001,2004,2005,2007
--./lib/lwres/context.c C 2000,2001,2003,2004,2005,2007,2008,2009
--./lib/lwres/context_p.h C 2000,2001,2004,2005,2007,2008
--./lib/lwres/gai_strerror.c C 2000,2001,2004,2005,2006,2007
--./lib/lwres/getaddrinfo.c C.BSDI 1999,2000,2001,2004,2005,2006,2007,2008
--./lib/lwres/gethost.c C 2000,2001,2004,2005,2007
--./lib/lwres/getipnode.c C 1999,2000,2001,2002,2003,2004,2005,2007,2009
--./lib/lwres/getnameinfo.c C.PORTION 1999,2000,2001,2003,2004,2005,2007
--./lib/lwres/getrrset.c C 2000,2001,2002,2003,2004,2005,2007
--./lib/lwres/herror.c C.PORTION 2000,2001,2003,2004,2005,2007
--./lib/lwres/include/.cvsignore X 2000,2001
--./lib/lwres/include/Makefile.in MAKE 2000,2001,2004,2007
--./lib/lwres/include/lwres/.cvsignore X 2000,2001
--./lib/lwres/include/lwres/Makefile.in MAKE 2000,2001,2004,2007
--./lib/lwres/include/lwres/context.h C 2000,2001,2004,2005,2006,2007,2008
--./lib/lwres/include/lwres/int.h C 2000,2001,2004,2005,2006,2007
--./lib/lwres/include/lwres/ipv6.h C 2000,2001,2004,2005,2006,2007
--./lib/lwres/include/lwres/lang.h C 2000,2001,2004,2005,2006,2007
--./lib/lwres/include/lwres/list.h C 1997,1998,1999,2000,2001,2004,2005,2006,2007
--./lib/lwres/include/lwres/lwbuffer.h C 2000,2001,2004,2005,2006,2007
--./lib/lwres/include/lwres/lwpacket.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/lwres/include/lwres/lwres.h C 2000,2001,2004,2005,2006,2007
--./lib/lwres/include/lwres/netdb.h.in C 2000,2001,2004,2005,2007,2009
--./lib/lwres/include/lwres/platform.h.in C 2000,2001,2004,2005,2007
--./lib/lwres/include/lwres/result.h C 2000,2001,2004,2005,2006,2007
--./lib/lwres/include/lwres/stdlib.h C 2003,2004,2005,2006,2007
--./lib/lwres/include/lwres/version.h C 2001,2004,2005,2006,2007
--./lib/lwres/lwbuffer.c C 2000,2001,2004,2005,2007
--./lib/lwres/lwconfig.c C 2000,2001,2002,2003,2004,2005,2006,2007,2008
--./lib/lwres/lwinetaton.c C.PORTION 1996,1997,1998,1999,2000,2001,2003,2004,2005,2007
--./lib/lwres/lwinetntop.c C 1996,1997,1998,1999,2000,2001,2003,2004,2005,2007
--./lib/lwres/lwinetpton.c C 1996,1997,1998,1999,2000,2001,2004,2005,2007
--./lib/lwres/lwpacket.c C 2000,2001,2004,2005,2007
--./lib/lwres/lwres_gabn.c C 2000,2001,2004,2005,2007
--./lib/lwres/lwres_gnba.c C 2000,2001,2002,2004,2005,2007
--./lib/lwres/lwres_grbn.c C 2000,2001,2004,2005,2007
--./lib/lwres/lwres_noop.c C 2000,2001,2004,2005,2007
--./lib/lwres/lwresutil.c C 2000,2001,2004,2005,2007
--./lib/lwres/man/.cvsignore X 2001
--./lib/lwres/man/Makefile.in MAKE 2001,2004,2007
--./lib/lwres/man/lwres.3 MAN DOCBOOK
--./lib/lwres/man/lwres.docbook SGML 2000,2001,2004,2005,2007
--./lib/lwres/man/lwres.html HTML DOCBOOK
--./lib/lwres/man/lwres_buffer.3 MAN DOCBOOK
--./lib/lwres/man/lwres_buffer.docbook SGML 2000,2001,2004,2005,2007
--./lib/lwres/man/lwres_buffer.html HTML DOCBOOK
--./lib/lwres/man/lwres_config.3 MAN DOCBOOK
--./lib/lwres/man/lwres_config.docbook SGML 2000,2001,2004,2005,2007
--./lib/lwres/man/lwres_config.html HTML DOCBOOK
--./lib/lwres/man/lwres_context.3 MAN DOCBOOK
--./lib/lwres/man/lwres_context.docbook SGML 2000,2001,2003,2004,2005,2007
--./lib/lwres/man/lwres_context.html HTML DOCBOOK
--./lib/lwres/man/lwres_gabn.3 MAN DOCBOOK
--./lib/lwres/man/lwres_gabn.docbook SGML 2000,2001,2004,2005,2007
--./lib/lwres/man/lwres_gabn.html HTML DOCBOOK
--./lib/lwres/man/lwres_gai_strerror.3 MAN DOCBOOK
--./lib/lwres/man/lwres_gai_strerror.docbook SGML 2000,2001,2004,2005,2007
--./lib/lwres/man/lwres_gai_strerror.html HTML DOCBOOK
--./lib/lwres/man/lwres_getaddrinfo.3 MAN DOCBOOK
--./lib/lwres/man/lwres_getaddrinfo.docbook SGML 2000,2001,2003,2004,2005,2007
--./lib/lwres/man/lwres_getaddrinfo.html HTML DOCBOOK
--./lib/lwres/man/lwres_gethostent.3 MAN DOCBOOK
--./lib/lwres/man/lwres_gethostent.docbook SGML 2001,2004,2005,2007
--./lib/lwres/man/lwres_gethostent.html HTML DOCBOOK
--./lib/lwres/man/lwres_getipnode.3 MAN DOCBOOK
--./lib/lwres/man/lwres_getipnode.docbook SGML 2000,2001,2003,2004,2005,2007
--./lib/lwres/man/lwres_getipnode.html HTML DOCBOOK
--./lib/lwres/man/lwres_getnameinfo.3 MAN DOCBOOK
--./lib/lwres/man/lwres_getnameinfo.docbook SGML 2000,2001,2004,2005,2007
--./lib/lwres/man/lwres_getnameinfo.html HTML DOCBOOK
--./lib/lwres/man/lwres_getrrsetbyname.3 MAN DOCBOOK
--./lib/lwres/man/lwres_getrrsetbyname.docbook SGML 2000,2001,2004,2005,2007
--./lib/lwres/man/lwres_getrrsetbyname.html HTML DOCBOOK
--./lib/lwres/man/lwres_gnba.3 MAN DOCBOOK
--./lib/lwres/man/lwres_gnba.docbook SGML 2000,2001,2004,2005,2007
--./lib/lwres/man/lwres_gnba.html HTML DOCBOOK
--./lib/lwres/man/lwres_hstrerror.3 MAN DOCBOOK
--./lib/lwres/man/lwres_hstrerror.docbook SGML 2000,2001,2004,2005,2007
--./lib/lwres/man/lwres_hstrerror.html HTML DOCBOOK
--./lib/lwres/man/lwres_inetntop.3 MAN DOCBOOK
--./lib/lwres/man/lwres_inetntop.docbook SGML 2000,2001,2004,2005,2007
--./lib/lwres/man/lwres_inetntop.html HTML DOCBOOK
--./lib/lwres/man/lwres_noop.3 MAN DOCBOOK
--./lib/lwres/man/lwres_noop.docbook SGML 2000,2001,2004,2005,2007
--./lib/lwres/man/lwres_noop.html HTML DOCBOOK
--./lib/lwres/man/lwres_packet.3 MAN DOCBOOK
--./lib/lwres/man/lwres_packet.docbook SGML 2000,2001,2004,2005,2007
--./lib/lwres/man/lwres_packet.html HTML DOCBOOK
--./lib/lwres/man/lwres_resutil.3 MAN DOCBOOK
--./lib/lwres/man/lwres_resutil.docbook SGML 2000,2001,2004,2005,2007
--./lib/lwres/man/lwres_resutil.html HTML DOCBOOK
--./lib/lwres/man/resolver.5 MAN 2000,2001,2004,2007
--./lib/lwres/print.c C 1999,2000,2001,2003,2004,2005,2007
--./lib/lwres/print_p.h C 1999,2000,2001,2003,2004,2007
--./lib/lwres/strtoul.c C 2003,2004,2005,2007
--./lib/lwres/unix/.cvsignore X 2001
--./lib/lwres/unix/Makefile.in MAKE 2001,2004,2007
--./lib/lwres/unix/include/.cvsignore X 2001
--./lib/lwres/unix/include/Makefile.in MAKE 2001,2004,2007
--./lib/lwres/unix/include/lwres/.cvsignore X 2001
--./lib/lwres/unix/include/lwres/Makefile.in MAKE 2001,2004,2007
--./lib/lwres/unix/include/lwres/net.h C 2000,2001,2002,2004,2005,2007
--./lib/lwres/version.c C 2000,2001,2004,2005,2007
--./lib/lwres/win32/.cvsignore X 2001
--./lib/lwres/win32/DLLMain.c C 2001,2004,2007
--./lib/lwres/win32/Makefile.in MAKE 2001,2004,2007
--./lib/lwres/win32/include/.cvsignore X 2001
--./lib/lwres/win32/include/Makefile.in MAKE 2001,2004,2007
--./lib/lwres/win32/include/lwres/.cvsignore X 2001
--./lib/lwres/win32/include/lwres/Makefile.in MAKE 2001,2004,2007
--./lib/lwres/win32/include/lwres/int.h C 2000,2001,2004,2007
--./lib/lwres/win32/include/lwres/net.h C 2000,2001,2004,2007
--./lib/lwres/win32/include/lwres/netdb.h C 2000,2001,2004,2006,2007
--./lib/lwres/win32/include/lwres/platform.h C 2000,2001,2004,2007
--./lib/lwres/win32/liblwres.def X 2001
--./lib/lwres/win32/liblwres.dsp X 2001,2002,2004,2005,2007
--./lib/lwres/win32/liblwres.dsw X 2001
--./lib/lwres/win32/liblwres.mak X 2001,2002,2004,2005,2006,2007
--./lib/lwres/win32/lwconfig.c C 2002,2004,2006,2007
--./lib/lwres/win32/socket.c C 2007
--./lib/lwres/win32/version.c C 1998,1999,2000,2001,2004,2007
--./lib/tests/.cvsignore X 1999,2000,2001
--./lib/tests/Makefile.in MAKE 1998,1999,2000,2001,2003,2004,2007,2009
--./lib/tests/T_testlist.imp X 2004
--./lib/tests/include/.cvsignore X 1999,2000,2001
--./lib/tests/include/Makefile.in MAKE 1998,1999,2000,2001,2004,2007
--./lib/tests/include/tests/.cvsignore X 1999,2000,2001
--./lib/tests/include/tests/Makefile.in MAKE 1999,2000,2001,2004,2007
--./lib/tests/include/tests/t_api.h C 1999,2000,2001,2004,2005,2006,2007
--./lib/tests/t_api.c C 1999,2000,2001,2002,2003,2004,2005,2007,2008,2009
--./lib/win32/bindevt/bindevt.c C 2000,2001,2004,2007
--./lib/win32/bindevt/bindevt.dsp X 2001
--./lib/win32/bindevt/bindevt.dsw X 2001
--./lib/win32/bindevt/bindevt.mak X 2001,2006
--./lib/win32/bindevt/bindevt.mc MC 2001,2004,2007
--./libtool.m4 X 2000,2001,2003,2004,2006,2009
--./ltmain.sh X 1999,2000,2001,2003,2004,2006,2009
--./make/.cvsignore X 1998,1999,2000,2001
--./make/Makefile.in MAKE 1998,1999,2000,2001,2004,2007
--./make/includes.in MAKE 1999,2000,2001,2004,2005,2007
--./make/mkdep.in X 1999,2000,2001,2006
--./make/rules.in MAKE 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./mkinstalldirs X 1996
--./util/.cvsignore X 2000,2001
--./util/COPYRIGHT X 1996,1997,1998,1999,2000,2001,2004,2007
--./util/COPYRIGHT.BRIEF X 1996,1997,1998,1999,2000,2001,2004
--./util/COPYRIGHT.BSDI X 2000,2001,2004,2007
--./util/COPYRIGHT.NAI X 1996,1997,1998,1999,2000,2001,2004,2007
--./util/COPYRIGHT.NOM X 2001,2004,2007
--./util/COPYRIGHT.PORTION X 1996,1997,1998,1999,2000,2001,2004,2007
--./util/altbuild.sh SH 2000,2001,2002,2004,2007,2008
--./util/check-changes PERL 2002,2004,2007
--./util/check-includes.pl PERL 2000,2001,2004,2007
--./util/check-instincludes.sh SH 2000,2001,2004,2007
--./util/check-pullups.pl PERL 2001,2002,2003,2004,2007
--./util/check-sources.pl PERL 2000,2001,2004,2007
--./util/copyrights X 1998,1999,2000,2001,2002,2003,2004,2005,2006,2007,2008,2009
--./util/kit.sh SH 2000,2001,2002,2003,2004,2007,2008,2009
--./util/mandoc2docbook.pl PERL 2001,2004,2007
--./util/mdnbuildtest.sh SH 2000,2001,2004,2007
--./util/memleak.pl PERL 1999,2000,2001,2004,2007
--./util/merge_copyrights PERL 1998,1999,2000,2001,2003,2004,2005,2006,2007,2009
--./util/mkreslib.pl PERL 2000,2001,2004,2007
--./util/mksymtbl.pl PERL 2009
--./util/nanny.pl PERL 2000,2001,2004,2007
--./util/new-func PERL 2005,2007
--./util/nt-kit SH 1999,2000,2001,2004,2007
--./util/spacewhack.pl PERL 2000,2001,2004,2007
--./util/tabify-changes SH 2004,2007
--./util/update-drafts.pl PERL 2000,2001,2004,2007
--./util/update_branches PERL 2005,2007
--./util/update_copyrights PERL 1998,1999,2000,2001,2004,2005,2006,2007,2008,2009
--./version X 1998,1999,2000,2001,2003,2005,2006,2007,2008,2009
--./win32utils/BINDBuild.dsw X 2001,2005,2006,2008,2009
--./win32utils/BuildAll.bat BAT 2001,2002,2004,2005,2006,2007,2008,2009
--./win32utils/BuildPost.bat BAT 2005,2006
--./win32utils/BuildSetup.bat BAT 2001,2002,2004,2005,2006,2007,2008,2009
--./win32utils/SetupLibs.bat BAT 2007,2009
--./win32utils/dnsheadergen.bat BAT 2001,2004
--./win32utils/index.html HTML 2006,2007,2008
--./win32utils/makedefs.pl PERL 2001,2004,2007,2009
--./win32utils/makeversion.pl PERL 2001,2004,2007
--./win32utils/readme1st.txt TXT.BRIEF 2001,2003,2004,2005,2007,2008,2009
--./win32utils/updatelibxml2.pl PERL 2009
--./win32utils/updateopenssl.pl PERL 2006,2007,2009
--./win32utils/win32-build.txt TXT.BRIEF 2001,2002,2004,2005,2008,2009
+++ /dev/null
--Copyright (C) 2004, 2005, 2008, 2009 Internet Systems Consortium, Inc. ("ISC")
--Copyright (C) 2001, 2002 Internet Software Consortium.
--See COPYRIGHT in the source root or http://isc.org/copyright.html for terms.
--
--$Id: win32-build.txt,v 1.16 2009/09/02 08:41:06 fdupont Exp $
--
-- BIND 9.7 for Win32 Source Build Instructions. 02-Jul-2009
--
--Building BIND 9.7 on Windows XP/2003/2008 has the following prerequisites:
--
--1) You need to install Perl for Windows. ActivePerl
--(http://www.activestate.com/) and Strawberry Perl
--(http://www.strawberryperl.com) have both been tested and found
--to work.
--
--2) OpenSSL (http://www.openssl.org) needs to be downloaded and built
--on the system on which you are building BIND.
--
--3) If you wish to use the statistics channel, LibXML2
--(ftp://xmlsoft.org/libxml2) needs to be downloaded and built on
--the system on which you are building BIND. (If you do not wish
--to use the statistics channel, remove HAVE_LIBXML2 from config.h.win32.)
--
--4) If you want to build using Visual C++ 6.0, you'll need some extra
--files that are to be found in the Platform SDK (which you will need
--to install), namely:
--
--iphlpapi.h
--iptypes.h
--ipexport.h
--iphlpapi.lib
--
--You'll also need an updated Iprtrmib.h - using the VC++6.0 one will
--get you some compilation errors. You can just overwrite the old one if
--you're not using it for any purposes, and maybe keep a backup of it.
--
--You can copy the header files under VC98\INCLUDE and the library file
--under VC98\LIB. I think you can also put them in a separate directory
--and add it to the include search list, but I don't know if that can be
--made persistent.
--
--For building on VC++ 7.0 no extra files are required.
--
--The instructions assume a Visual C++ 6.0 compiler with Visual Studio and
--Visual Studio Service Pack 3 or later. It may build and work with earlier
--versions but it has not been tested. The binaries may be built and run on
--any of the following platforms: NT 4.0 Workstation (SP3 or later), NT 4.0
--Server (SP3 or later), Windows 2000 Professional (SP1 or later),
--Windows 2000 Server or any kind (SP1 or later), Windows XP, Windows 2003
--Server. It will NOT build or run on Windows 95, Windows 98, etc. platforms.
--
--Step 1: Download and build OpenSSL
--
--Download and untar the OpenSSL sources from http://www.openssl.org/.
--Extract them at in the same directory in which you extracted the BIND9
--source: If BIND9 is in \build\bind-9.7.0, for instance, OpenSSL should be
--in \build\openssl-0.9.8k (subject to version number changes).
--
--Note: Building OpenSSL requires that you install Perl as it uses
--it during its build process. The following commands work as of
--openssl-0.9.8k, but you should check the OpenSSL distribution
--to see if the build instructions have changed:
--
-- cd openssl-0.9.8k
-- perl Configure VC-WIN32 --prefix=c:/openssl
-- ms\do_masm
-- nmake /f ms\ntll.mak
--
--Step 2: Download and build libxml2
--
--Download and untar the libxml2 sources from ftp://xmlsoft.org/libxml2.
--Extract them at in the same directory in which you extracted the BIND9
--source: If BIND9 is in \build\bind-9.7.0, for instance, libxml2 should
--be in \build\libxml2-2.7.3 (subject to version number changes).
--
--Now build libxml2, and copy the resulting files into the include and lib
--directories:
--
-- cd libxml2-2.7.3\win32
-- cscript configure.js compiler=msvc vcmanifest=yes static=yes debug=no iconv=no
-- nmake /f Makefile.msvc libxml
--
--Step 3: Building BIND
--
--You must build openssl and libxml2 first.
--
--From the command prompt cd to the win32utils directory under
--the BIND9 root:
--
-- cd bind-9.7.0\win32utils
--
--If using VC++ 6.0, run the BuildAll.bat file:
--
-- BuildAll
--
--This will do the following:
--1) copy config.h.win32 to config.h in the root.
--2) create the versions.h file in the root.
--3) Build the gen application in the lib/dns directory.
--4) Run the gen application and build the required lib/dns header
-- files.
--5) Create the Build/Release subdirectory under the root of the BIND
-- source tree which will hold the binaries being built.
--6) Build the libraries, named, application tools like dig, rndc
-- dnssec tools, installer, checkconf and checkzones programs,
-- BIND 9 Installer.
--7) Copies the release notes and the OpenSSL DLL to the BUILD/Release
-- directory.
--8) Copies the BIND 9 ARM HTML files and the application HTML files
-- to the Build\Release area.
--
--If you wish to use the Visual Studio GUI for building, you can just
--run the BuildSetup.bat file:
--
-- BuildSetup
--
--This will create or find and copy into place several files which are
--necessary for the build to proceed. It also locates and copies into place
--the DLLs for OpenSSL and libxml2.
--
--Use BINDBuild.dsw (also located in the win32utils directory) to open the
--workspace for all of the BIND9 libraries and applications. Select
--"Build->Batch Build", click "Select All", then click "Build".
--
--After the build has completed, run the BuildPost.bat file:
--
-- BuildPost
--
--...which does post-build processing.
--
--Installation is accomplished by running the BINDInstall program. All DLL's
--are copied to the system32 area and all applications (including BINDInstall
--which may be necessary for uninstalling BIND 9) to the dns/bin directory.
--If BIND 8 has previously been installed on the system it must be uninstalled
--first by running it's own BINDInstall program. The BIND 9 installer does
--not yet do this.
--
--All bugs found, whether in the process of building the application or
--running BIND or the tools should be reported to the bind9 bugs email
--account at bind9-bugs@isc.org.
projects / thirdparty / bind9.git / commitdiff
