Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Jump into the 9.13 train since the 9.12 train is about to expire (March 2019). 

--- 9.13.5-W1 released ---

5113.	[port]		Fixed a Windows build error.

	--- 9.13.5 released ---

5108.	[bug]		Named could fail to determine bottom of zone when
			removing out of date keys leading to invalid NSEC
			and NSEC3 records being added to the zone. [GL #771]

5107.	[bug]		'host -U' did not work.	[GL #769]

5106.	[experimental]	A new "plugin" mechanism has been added to allow
			extension of query processing functionality through
			the use of dynamically loadable libraries. A
			"filter-aaaa.so" plugin has been implemented,
			replacing the filter-aaaa feature that was formerly
			implemented as a native part of BIND.

			The "filter-aaaa", "filter-aaaa-on-v4" and
			"filter-aaaa-on-v6" options can no longer be
			configured using native named.conf syntax. However,
			loading the filter-aaaa.so plugin and setting its
			parameters provides identical functionality.

			Note that the plugin API is a work in progress and
			is likely to evolve as further plugins are
			implemented. [GL #15]

5105.	[bug]		Fix a race between process_fd and socketclose in
			unix socket code. [GL #744]

5104.	[cleanup]	Log clearer informational message when a catz zone
			is overridden by a zone in named.conf.
			Thanks to Tony Finch. [GL !1157]

5103.	[bug]		Add missing design by contract tests to dns_catz*.
			[GL #748]

5102.	[bug]		dnssec-coverage failed to use the default TTL when
			checking KSK deletion times leading to a exception.
			[GL #585]

5101.	[bug]		Fix default installation path for Python modules and
			remove the dnspython dependency accidentally introduced
			by change 4970. [GL #730]

5100.	[func]		Pin resolver tasks to specific task queues. [GL !1117]

5099.	[func]		Failed mutex and conditional creations are always
			fatal. [GL #674]

	--- 9.13.4 released ---

5098.	[func]		Failed memory allocations are now fatal. [GL #674]

5097.	[cleanup]	Remove embedded ATF unit testing framework
			from BIND source distribution.  [GL !875]

5096.	[func]		Use multiple event loops in socket code, and
			make network threads CPU-affinitive.  This
			significantly improves performance on large
			systems. [GL #666]

5095.	[test]		Converted all unit tests from ATF to CMocka;
			removed the source code for the ATF libraries.
			Build with "configure --with-cmocka" to enable
			unit testing. [GL #620]

5094.	[func]		Add 'dig -r' to disable reading of .digrc. [GL !970]

5093.	[bug]		Log lame qname-minimization servers only if they're
			really lame. [GL #671]

5092.	[bug]		Address memory leak on SIGTERM in nsupdate when using
			GSS-TSIG. [GL #558]

5091.	[func]		Two new global and per-view options min-cache-ttl
			and min-ncache-ttl [GL #613]

5090.	[bug]		dig and mdig failed to properly preparse dash value
			pairs when value was a seperate argument and started
			with a dash. [GL #584]

5089.	[bug]		Restore localhost fallback in dig and host which is
			used when no nameserver addresses present in
			/etc/resolv.conf are usable due to the requested
			address family restrictions. [GL #433]

5088.	[bug]		dig/host/nslookup could crash when interrupted close to
			a query timeout. [GL #599]

5087.	[test]		Check that result tables are complete. [GL #676]

5086.	[func]		Log of RPZ now includes the QTYPE and QCLASS. [GL #623]

5085.	[bug]		win32: Restore looking up nameservers, search list,
			etc. [GL #186]

5084.	[placeholder]

5083.	[func]		Add autoconf macro AX_POSIX_SHELL, so we
			can use POSIX-compatible shell features
			in the scripts.

5082.	[bug]		Fixed a race that could cause a crash in
			dig/host/nslookup. [GL #650]

5081.	[func]		Use per-worker queues in task manager, make task
			runners CPU-affine. [GL #659]

5080.	[func]		Improvements to "rndc nta" user interface:
			- catch and report invalid command line options
			- when removing an NTA from all views, do not
			  abort with an error if the NTA was not found
			  in one of the views
			- include the view name in "rndc nta -dump"
			  output, for consistency with the add and remove
			  actions
			Thanks to Tony Finch. [GL !816]

5079.	[func]		Disable IDN processing in dig and nslookup
			when not on a tty. [GL #653]

5078.	[cleanup]	Require python components to be explicitly disabled if
			python is not available on unix platforms. [GL #601]

5077.	[cleanup]	Remove ip6.int support (-i) from dig and mdig.
			[GL !969]

5076.	[bug]		"require-server-cookie" was not effective if
			"rate-limit" was configured. [GL #617]

5075.	[bug]		Refresh nameservers from cache when sending final
			query in qname minimization. [GL #16]

5074.	[cleanup]	Remove vector socket functions - isc_socket_recvv(),
			isc_socket_sendtov(), isc_socket_sendtov2(),
			isc_socket_sendv() - in order to simplify socket code.
			[GL #645]

5073.	[bug]		Destroy a task first when destroying rpzs and catzs.
			[GL #84]

5072.	[bug]		Add unit tests for isc_buffer_copyregion() and fix its
			behavior for auto-reallocated buffers. [GL #644]

5071.	[bug]		Comparision of NXT records was broken. [GL #631]

5070.	[bug]		Record types which support a empty rdata field were
			not handling the empty rdata field case. [GL #638]

5069.	[bug]		Fix a hang on in RPZ when named is shutdown during RPZ
			zone update. [GL !907]

5068.	[bug]		Fix a race in RPZ with min-update-interval set to 0.
			[GL #643]

5067.	[bug]		Don't minimize qname when sending the query
			to a forwarder. [GL #361]

5066.	[cleanup]	Allow unquoted strings to be used as a zone names
			in response-policy statements. [GL #641]

5065.	[bug]		Only set IPV6_USE_MIN_MTU on IPv6. [GL #553]

5064.	[test]		Initalize TZ environment variable before calling
			dns_test_begin in dnstap_test. [GL #624]

5063.	[test]		In statschannel test try a few times before failing
			when checking if the compressed output is the same as
			uncompressed. [GL !909]

5062.	[func]		Use non-crypto-secure PRNG to generate nonces for
			cookies. [GL !887]

5061.	[protocol]	Add support for EID and NIMLOC. [GL #626]

5060.	[bug]		GID, UID and UINFO could not be loaded using unknown
			record format. [GL #627]

5059.	[bug]		Display a per-view list of zones in the web interface.
			[GL #427]

5058.	[func]		Replace old message digest and hmac APIs with more
			generic isc_md and isc_hmac APIs, and convert their
			respective tests to cmocka. [GL #305]

5057.	[protocol]	Add support for ATMA. [GL #619]

5056.	[placeholder]

5055.	[func]		A default list of primary servers for the root zone is
			now built into named, allowing the "masters" statement
			to be omitted when configuring an IANA root zone
			mirror. [GL #564]

5054.	[func]		Attempts to use mirror zones with recursion disabled
			are now considered a configuration error. [GL #564]

5053.	[func]		The only valid zone-level NOTIFY settings for mirror
			zones are now "notify no;" and "notify explicit;".
			[GL #564]

5052.	[func]		Mirror zones are now configured using "type mirror;"
			rather than "mirror yes;". [GL #564]

5051.	[doc]		Documentation incorrectly stated that the
			"server-addresses" static-stub zone option accepts
			custom port numbers. [GL #582]

5050.	[bug]		The libirs version of getaddrinfo() was unable to parse
			scoped IPv6 addresses present in /etc/resolv.conf.
			[GL #187]

5049.	[cleanup]	QNAME minimization has been deeply refactored. [GL #16]

5048.	[func]		Add configure option to enable and enforce FIPS mode
			in BIND 9. [GL #506]

5047.	[bug]		Messages logged for certain query processing failures
			now include a more specific error description if it is
			available. [GL #572]

5046.	[bug]		named could crash during shutdown if an RPZ
			reload was in progress. [RT #46210]

5045.	[func]		Remove support for DNSSEC algorithms 3 (DSA)
			and 6 (DSA-NSEC3-SHA1). [GL #22]

5044.	[cleanup]	If "dnssec-enable" is no, then "dnssec-validation"
			now also defaults to no.  [GL #388]

5043.	[bug]		Fix creating and validating EdDSA signatures. [GL #579]

5042.	[test]		Make the chained delegations in reclimit behave
			like they would in a regular name server. [GL #578]

5041.	[test]		The chain test contains a incomplete delegation.
			[GL #568]

5040.	[func]		Extended dnstap so that it can log UPDATE requests
			and responses as separate message types. Thanks
			to Greg Rabil. [GL #570]

5039.	[bug]		Named could fail to preserve owner name case of new
			RRset. [GL #420]

5038.	[bug]		Chaosnet addresses were compared incorrectly.
			[GL #562]

5037.	[func]		"allow-recursion-on" and "allow-query-cache-on"
			each now default to the other if only one of them
			is set, in order to be more consistent with the way
			"allow-recursion" and "allow-query-cache" work.
			Also we now ensure that both query-cache ACLs are
			checked when determining cache access. [GL #319]

5036.	[cleanup]	Fixed a spacing/formatting error in some RPZ-related
			error messages in the log. [GL !805]

5035.	[test]		Fixed errors that prevented the DNSRPS subtests
			from running in the rpz and rpzrecurse system
			tests. [GL #503]

5034.	[bug]		A race between threads could prevent zone maintenance
			scheduled immediately after zone load from being
			performed. [GL #542]

5033.	[bug]		When adding NTAs to multiple views using "rndc nta",
			the text returned via rndc was incorrectly terminated
			after the first line, making it look as if only one
			NTA had been added. Also, it was not possible to
			differentiate between views with the same name but
			different classes; this has been corrected with the
			addition of a "-class" option. [GL #105]

5032.	[func]		Add krb5-selfsub and ms-selfsub update policy rules.
			[GL #511]

5031.	[cleanup]	Various defines in platform.h has been either dropped
			if always or never triggered on supported platforms
			or replaced with config.h equivalents if the defines
			didn't have any impact on public headers.  Workarounds
			for LinuxThreads have been removed because NPTL is
			available since Linux kernel 2.6.0.  [GL #525]

5030.	[bug]		Align CMSG buffers to a 64-bit boundary, fixes crash
			on architectures with strict alignment. [GL #521]

	--- 9.13.3 released ---

5029.	[func]		Workarounds for servers that misbehave when queried
			with EDNS have been removed, because these broken
			servers and the workarounds for their noncompliance
			cause unnecessary delays, increase code complexity,
			and prevent deployment of new DNS features. See
			https://dnsflagday.net for further details. [GL #150]

5028.	[bug]		Spread the initial RRSIG expiration times over the
			entire working sig-validity-interval when signing a
			zone in named to even out re-signing and transfer
			loads. [GL #418]

5027.	[func]		Set SO_SNDBUF size on sockets. [GL #74]

5026.	[bug]		rndc reconfig should not touch already loaded zones.
			[GL #276]

5025.	[cleanup]	Remove isc_keyboard family of functions. [GL #178]

5024.	[func]		Replace custom assembly for atomic operations with
			atomic support from the compiler. The code will now use
			C11 stdatomic, or __atomic, or __sync builtins with GCC
			or Clang compilers, and Interlocked functions with MSVC.
			[GL #10]

5023.	[cleanup]	Remove wrappers that try to fix broken or incomplete
			implementations of IPv6, pthreads and other core
			functionality required and used by BIND. [GL #192]

5022.	[doc]		Update ms-self, ms-subdomain, krb5-self, and
			krb5-subdomain documentation. [GL !708]

5021.	[bug]		dig returned a non-zero exit code when it received a
			reply over TCP after a retry. [GL #487]

5020.	[func]		RNG uses thread-local storage instead of locks, if
			supported by platform. [GL #496]

5019.	[cleanup]	A message is now logged when ixfr-from-differences is
			set at zone level for an inline-signed zone. [GL #470]

5018.	[bug]		Fix incorrect sizeof arguments in lib/isc/pk11.c.
			[GL !588]

5017.	[bug]		lib/isc/pk11.c failed to unlink the session before
			releasing the lock which is unsafe. [GL !589]

5016.	[bug]		Named could assert with overlapping filter-aaaa and
			dns64 acls. [GL #445]

5015.	[bug]		Reloading all zones caused zone maintenance to cease
			for inline-signed zones. [GL #435]

5014.	[bug]		Signatures loaded from the journal for the signed
			version of an inline-signed zone were not scheduled for
			refresh. [GL #482]

5013.	[bug]		A referral response with a non-empty ANSWER section was
			inadvertently being treated as an error. [GL #390]

5012.	[bug]		Fix lock order reversal in pk11_initialize. [GL !590]

5011.	[func]		Remove support for unthreaded named. [GL #478]

5010.	[func]		New "validate-except" option specifies a list of
			domains beneath which DNSSEC validation should not
			be performed. [GL #237]

5009.	[bug]		Upon an OpenSSL failure, the first error in the OpenSSL
			error queue was not logged. [GL #476]

5008.	[bug]		"rndc signing -nsec3param ..." requests were silently
			ignored for zones which were not yet loaded or
			transferred. [GL #468]

5007.	[cleanup]	Replace custom ISC boolean and integer data types
			with C99 stdint.h and stdbool.h types. [GL #9]

5006.	[cleanup]	Code preparing a delegation response was extracted from
			query_delegation() and query_zone_delegation() into a
			separate function in order to decrease code
			duplication. [GL #431]

5005.	[bug]		dnssec-verify, and dnssec-signzone at the verification
			step, failed on some validly signed zones. [GL #442]

5004.	[bug]		'rndc reconfig' could cause inline zones to stop
			re-signing. [GL #439]

5003.	[bug]		dns_acl_isinsecure did not handle geoip elements.
			[GL #406]

5002.	[bug]		mdig: Handle malformed +ednsopt option, support 100
			+ednsopt options per query rather than 100 total and
			address memory leaks if +ednsopt was specified.
			[GL #410]

5001.	[bug]		Fix refcount errors on error paths. [GL !563]

5000.	[bug]		named_server_servestale() could leave the server in
			exclusive mode if an error occured. [GL #441]

4999.	[cleanup]	Remove custom printf implementation in lib/isc/print.c.
			[GL #261]

4998.	[test]		Make resolver and cacheclean tests more civilized.

4997.	[security]	named could crash during recursive processing
			of DNAME records when "deny-answer-aliases" was
			in use. (CVE-2018-5740) [GL #387]

4996.	[bug]		dig: Handle malformed +ednsopt option. [GL #403]

4995.	[test]		Add tests for "tcp-self" update policy. [GL !282]

4994.	[bug]		Trust anchor telemetry queries were not being sent
			upstream for locally served zones. [GL #392]

4993.	[cleanup]	Remove support for silently ignoring 'no-change' deltas
			from BIND 8 when processing an IXFR stream. 'no-change'
			deltas will now trigger a fallback to AXFR as the
			recovery mechanism. [GL #369]

4992.	[bug]		The wrong address was being logged for trust anchor
			telemetry queries. [GL #379]

4991.	[bug]		"rndc reconfig" was incorrectly handling zones whose
			"mirror" setting was changed. [GL #381]

4990.	[bug]		Prevent a possible NULL reference in pkcs11-keygen.
			[GL #401]

4989.	[cleanup]	IDN support in dig has been reworked.  IDNA2003
			fallbacks were removed in the process. [GL #384]

4988.	[bug]		Don't synthesize NXDOMAIN from NSEC for records under
			a DNAME.

	--- 9.13.2 released ---

4987.	[cleanup]	dns_rdataslab_tordataset() and its related
			dns_rdatasetmethods_t callbacks were removed as they
			were not being used by anything in BIND. [GL #371]

4986.	[func]		When built on Linux, BIND now requires the libcap
			library to set process privileges, unless capability
			support is explicitly overridden with "configure
			--disable-linux-caps". [GL #321]

4985.	[func]		Add a new slave zone option, "mirror", to enable
			serving a non-authoritative copy of a zone that
			is subject to DNSSEC validation before being
			used.  For now, this option is only meant to
			facilitate deployment of an RFC 7706-style local
			copy of the root zone. [GL #33]

4984.	[bug]		Improve handling of very large incremental
			zone transfers to prevent journal corruption. [GL #339]

4983.	[func]		Add the ability to not return a DNS COOKIE option
			when one is present in the request (answer-cookie no;).
			[GL #173]

4982.	[cleanup]	Return FORMERR if the question section is empty
			and no COOKIE option is present; this restores
			older behavior except in the newly specified
			COOKIE case. [GL #260]

4981.	[bug]		Fix race in cmsg buffer usage in socket code.
			[GL #180]

4980.	[bug]		Named-checkconf failed to detect bad in-view targets.
			[GL #288]

4979.	[placeholder]

4978.	[test]		Fix error handling and resolver configuration in the
			"rpz" system test. [GL #312]

4977.	[func]		When starting up, log the same details that
			would be reported by 'named -V'. [GL #247]

4976.	[bug]		Log the label with invalid prefix length correctly
			when loading RPZ zones. [GL #254]

4975.	[bug]		The server cookie computation for sha1 and sha256 did
			not match the method described in RFC 7873. [GL #356]

4974.	[bug]		Restore default rrset-order to random. [GL #336]

4973.	[func]		verifyzone() and the functions it uses were moved to
			libdns and refactored to prevent exit() from being
			called upon failure.  A side effect of that is that
			dnssec-signzone and dnssec-verify now check for memory
			leaks upon shutdown. [GL #266]

4972.	[func]		Declare the 'rdata' argument for dns_rdata_tostruct()
			to be const. [GL #341]

4971.	[bug]		dnssec-signzone and dnssec-verify did not treat records
			below a DNAME as out-of-zone data. [GL #298]

4970.	[func]		Add QNAME minimization option to resolver. [GL #16]

4969.	[cleanup]	Refactor zone logging functions. [GL #269]

	--- 9.13.1 released ---

4968.	[bug]		If glue records are signed, attempt to validate them.
			[GL #209]

4967.	[cleanup]	Add "answer-cookie" to the parser, marked obsolete.

4966.	[placeholder]

4965.	[func]		Add support for marking options as deprecated.
			[GL #322]

4964.	[bug]		Reduce the probabilty of double signature when deleting
			a DNSKEY by checking if the node is otherwise signed
			by the algorithm of the key to be deleted. [GL #240]

4963.	[test]		ifconfig.sh now uses "ip" instead of "ifconfig",
			if available, to configure the test interfaces on
			linux.  [GL #302]

4962.	[cleanup]	Move 'named -T' processing to its own function.
			[GL #316]

4961.	[protocol]	Remove support for ECC-GOST (GOST R 34.11-94).
			[GL #295]

4960.	[security]	When recursion is enabled, but the "allow-recursion"
			and "allow-query-cache" ACLs are not specified,
			they should be limited to local networks,
			but were inadvertently set to match the default
			"allow-query", thus allowing remote queries.
			(CVE-2018-5738) [GL #309]

4959.	[func]		NSID logging (enabled by the "request-nsid" option)
			now has its own "nsid" category, instead of using the
			"resolver" category. [GL !332]

4958.	[bug]		Remove redundant space from NSEC3 record. [GL #281]

4957.	[func]		The default setting for "dnssec-validation" is now
			"auto", which activates DNSSEC validation using the
			IANA root key. (The default can be changed back to
			"yes", which activates DNSSEC validation only when keys
			are explicitly configured in named.conf, by building
			BIND with "configure --disable-auto-validation".)
			[GL #30]

4956.	[func]		Change isc_random() to be just PRNG using xoshiro128**,
			and add isc_nonce_buf() that uses CSPRNG. [GL #289]

4955.	[cleanup]	Silence cppcheck warnings in lib/dns/master.c.
			[GL #286]

4954.	[func]		Messages about serving of stale answers are now
			directed to the "serve-stale" logging category.
			Also clarified serve-stale documentation. [GL !323]

4953.	[bug]		Removed the option to build the red black tree
			database without a hash table; the non-hashing
			version was buggy and is not needed. [GL #184]

4952.	[func]		Authoritative server support in named for the
			EDNS CLIENT-SUBNET option (which was experimental
			and not practical to deploy) has been removed.

			The ECS option is still supported in dig and mdig
			via the +subnet option, and can be parsed and logged
			when received by named, but it is no longer used
			for ACL processing. The "geoip-use-ecs" option
			is now obsolete; a warning will be logged if it is
			used in named.conf. "ecs" tags in an ACL definition
			are also obsolete and will cause the configuration
			to fail to load.  [GL #32]

4951.	[protocol]	Add "HOME.ARPA" to list of built in empty zones as
			per RFC 8375. [GL #273]

	--- 9.13.0 released ---

4950.	[bug]		ISC_SOCKEVENTATTR_TRUNC was not be set. [GL #238]

4949.	[placeholder]

4948.	[bug]		When request-nsid is turned on, EDNS NSID options
			should be logged at level info. Since change 3741
			they have been logged at debug(3) by mistake.
			[GL !290]

4947.	[func]		Replace all random functions with isc_random(),
			isc_random_buf() and isc_random_uniform() API.
			[GL #221]

4946.	[bug]		Additional glue was not being returned by resolver
			for unsigned zones since change 4596. [GL #209]

4945.	[func]		BIND can no longer be built without DNSSEC support.
			A cryptography provder (i.e., OpenSSL or a hardware
			service module with PKCS#11 support) must be
			available. [GL #244]

4944.	[cleanup]	Silence cppcheck portability warnings in
			lib/isc/tests/buffer_test.c. [GL #239]

4943.	[bug]		Change 4687 consumed too much memory when running
			system tests with --with-tuning=large.  Reduced the
			hash table size to 512 entries for 'named -m record'
			restoring the previous memory footprint. [GL #248]

4942.	[cleanup]	Consolidate multiple instances of splitting of
			batchline in dig into a single function. [GL #196]

4941.	[cleanup]	Silence clang static analyzer warnings. [GL #196]

4940.	[cleanup]	Extract the loop in dns__zone_updatesigs() into
			separate functions to improve code readability.
			[GL #135]

4939.	[test]		Add basic unit tests for update_sigs(). [GL #135]

4938.	[placeholder]

4937.	[func]		Remove support for OpenSSL < 1.0.0 [GL #191]

4936.	[func]		Always use OpenSSL or PKCS#11 random data providers,
			and remove the --{enable,disable}-crypto-rand configure
			options. [GL #165]

4935.	[func]		Add support for LibreSSL >= 2.7.0 (some OpenSSL 1.1.0
			call were added). [GL #191]

4934.	[security]	The serve-stale feature could cause an assertion failure
			in rbtdb.c even when stale-answer-enable was false.
			Simultaneous use of stale cache records and NSEC
			aggressive negative caching could trigger a recursion
			loop. (CVE-2018-5737) [GL #185]

4933.	[bug]		Not creating signing keys for an inline signed zone
			prevented changes applied to the raw zone from being
			reflected in the secure zone until signing keys were
			made available. [GL #159]

4932.	[bug]		Bumped signed serial of an inline signed zone was
			logged even when an error occurred while updating
			signatures. [GL #159]

4931.	[func]		Removed the "rbtdb64" database implementation.
			[GL #217]

4930.	[bug]		Remove a bogus check in nslookup command line
			argument processing. [GL #206]

4929.	[func]		Add the ability to set RA and TC in queries made by
			dig (+[no]raflag, +[no]tcflag). [GL #213]

4928.	[func]		The "dnskey-sig-validity" option allows
			"sig-validity-interval" to be overriden for signatures
			covering DNSKEY RRsets. [GL #145]

4927.	[placeholder]

4926.	[func]		Add root key sentinel support.  To disable, add
			'root-key-sentinel no;' to named.conf. [GL #37]

4925.	[func]		Several configuration options that define intervals
			can now take TTL value suffixes (for example, 2h or 1d)
			in addition to integer parameters. These include
			max-cache-ttl, max-ncache-ttl, max-policy-ttl,
			fstrm-set-reopen-interval, interface-interval, and
			min-update-interval. [GL #203]

4924.	[cleanup]	Clean up the isc_string_* namespace and leave
			only strlcpy and strlcat. [GL #178]

4923.	[cleanup]	Refactor socket and socket event options into
			enum types. [GL !135]

4922.	[bug]		dnstap: Log the destination address of client
			packets rather than the interface address.
			[GL #197]

4921.	[cleanup]	Add dns_fixedname_initname() and refactor the caller
			code to make usage of the new function, as a part of
			refactoring dns_fixedname_*() macros were turned into
			functions. [GL #183]

4920.	[cleanup]	Clean up libdns removing most of the backwards
			compatibility wrappers.

4919.	[cleanup]	Clean up the isc_hash_* namespace and leave only
			the FNV-1a hash implementation. [GL #178]

4918.	[bug]		Fix double free after keygen error in dnssec-keygen
			when OpenSSL >= 1.1.0 is used and RSA_generate_key_ex
			fails. [GL #109]

4917.	[func]		Support 64 RPZ policy zones by default. [GL #123]

4916.	[func]		Remove IDNA2003 support and the bundled idnkit-1.0
			library.

4915.	[func]		Implement IDNA2008 support in dig by adding support
			for libidn2.  New dig option +idnin has been added,
			which allows to process invalid domain names much
			like dig without IDN support.  libidn2 version 2.0
			or higher is needed for +idnout enabled by default.

4914.	[security]	A bug in zone database reference counting could lead to
			a crash when multiple versions of a slave zone were
			transferred from a master in close succession.
			(CVE-2018-5736) [GL #134]

4913.	[test]		Re-implemented older unit tests in bin/tests as ATF,
			removed the lib/tests unit testing library. [GL #115]

4912.	[test]		Improved the reliability of the 'cds' system test.
			[GL #136]

4911.	[test]		Improved the reliability of the 'mkeys' system test.
			[GL #128]

4910.	[func]		Update util/check-changes to work on release branches.
			[GL #113]

4909.	[bug]		named-checkconf did not detect in-view zone collisions.
			[GL #125]

4908.	[test]		Eliminated unnecessary waiting in the allow_query
			system test. Also changed its name to allow-query.
			[GL #81]

4907.	[test]		Improved the reliability of the 'notify' system
			test. [GL #59]

4906.	[func]		Replace getquad() with inet_pton(), completing
			change #4900. [GL #56]

4905.	[bug]		irs_resconf_load() ignored resolv.conf syntax errors
			when "domain" or "search" options were present in that
			file. [GL #110]

4904.	[bug]		Temporarily revert change #4859. [GL #124]

4903.	[bug]		"check-mx fail;" did not prevent MX records containing
			IP addresses from being added to a zone by a dynamic
			update. [GL #112]

4902.	[test]		Improved the reliability of the 'ixfr' system
			test. [GL #66]

4901.	[func]		"dig +nssearch" now lists the name servers
			for a domain that time out, as well as the servers
			that respond. [GL #64]

4900.	[func]		Remove all uses of inet_aton().  As a result of this
			change, IPv4 addresses are now only accepted in
			dotted-quad format. [GL #13]

4899.	[test]		Convert most of the remaining system tests to be able
			to run in parallel, continuing the work from change
			#4895. To take advantage of this, use "make -jN check",
			where N is the number of processors to use. [GL #91]

4898.	[func]		Remove libseccomp based system-call filtering. [GL #93]

4897.	[test]		Update to rpz system test so that it doesn't recurse.
			[GL #68]

4896.	[test]		cacheclean system test was not robust. [GL #82]

4895.	[test]		Allow some system tests to run in parallel.
			[RT #46602]

4894.	[bug]		named could crash while rolling a dnstap output file.
			[RT #46942]

4893.	[bug]		Address various issues reported by cppcheck. [GL #51]

4892.	[bug]		named could leak memory when "rndc reload" was invoked
			before all zone loading actions triggered by a previous
			"rndc reload" command were completed. [RT #47076]

4891.	[placeholder]

4890.	[func]		Remove unused ondestroy callback from libisc.
			[isc-projects/bind9!3]

4889.	[func]		Warn about the use of old root keys without the new
			root key being present.  Warn about dlv.isc.org's
			key being present. Warn about both managed and
			trusted root keys being present. [RT #43670]

4888.	[test]		Initialize sockets correctly in sample-update so
			that the nsupdate system test will run on Windows.
			[RT #47097]

4887.	[test]		Enable the rpzrecurse test to run on Windows.
			[RT #47093]

4886.	[doc]		Document dig -u in manpage. [RT #47150]

4885.	[security]	update-policy rules that otherwise ignore the name
			field now require that it be set to "." to ensure
			that any type list present is properly interpreted.
			[RT #47126]

4884.	[bug]		named could crash on shutdown due to a race between
			shutdown_server() and ns__client_request(). [RT #47120]

4883.	[cleanup]	Improved debugging output from dnssec-cds. [RT #47026]

4882.	[bug]		Address potential memory leak in
			dns_update_signaturesinc. [RT #47084]

4881.	[bug]		Only include dst_openssl.h when OpenSSL is required.
			[RT #47068]

4880.	[bug]		Named wasn't returning the target of a cross-zone
			CNAME between two served zones when recursion was
			desired and available (RD=1, RA=1). (When this is
			not the case, the CNAME target is deliberately
			withheld to prevent accidental cache poisoning.)
			[RT #47078]

4879.	[bug]		dns_rdata_caa:value_len field was too small.
			[RT #47086]

4878.	[bug]		List 'ply' as a requirement for the 'isc' python
			package. [RT #47065]

4877.	[bug]		Address integer overflow when exponentially
			backing off retry intervals. [RT #47041]

4876.	[bug]		Address deadlock with accessing a keytable. [RT #47000]

4875.	[bug]		Address compile failures on older systems. [RT #47015]

4874.	[bug]		Wrong time display when reporting new keywarntime.
			[RT #47042]

4873.	[doc]		Grammars for named.conf included in the ARM are now
			automatically generated by the configuration parser
			itself.  As a side effect of the work needed to
			separate zone type grammars from each other, this
			also makes checking of zone statements in
			named-checkconf more correct and consistent.
			[RT #36957]

4872.	[bug]		Don't permit loading meta RR types such as TKEY
			from master files. [RT #47009]

4871.	[bug]		Fix configure glitch in detecting stdatomic.h
			support on systems with multiple compilers.
			[RT #46959]

4870.	[test]		Update included ATF library to atf-0.21 preserving
			the ATF tool. [RT #46967]

4869.	[bug]		Address some cases where NULL with zero length could
			be passed to memmove which is undefined behavior and
			can lead to bad optimization. [RT #46888]

4868.	[func]		dnssec-keygen can no longer generate HMAC keys.
			Use tsig-keygen instead. [RT #46404]

4867.	[cleanup]	Normalize rndc on/off commands (validation,
			querylog, serve-stale) so they all accept the
			same synonyms for on/off (yes/no, true/false,
			enable/disable). Thanks to Tony Finch. [RT #47022]

4866.	[port]		DST library initialization verifies MD5 (when MD5
			was not disabled) and SHA-1 hash and HMAC support.
			[RT #46764]

4865.	[cleanup]	Simplify handling isc_socket_sendto2() return values.
			[RT #46986]

4864.	[bug]		named acting as a slave for a catalog zone crashed if
			the latter contained a master definition without an IP
			address. [RT #45999]

4863.	[bug]		Fix various other bugs reported by Valgrind's
			memcheck tool. [RT #46978]

4862.	[bug]		The rdata flags for RRSIG were not being properly set
			when constructing a rdataslab. [RT #46978]

4861.	[bug]		The isc_crc64 unit test was not endian independent.
			[RT #46973]

4860.	[bug]		isc_int8_t should be signed char.  [RT #46973]

4859.	[bug]		A loop was possible when attempting to validate
			unsigned CNAME responses from secure zones;
			this caused a delay in returning SERVFAIL and
			also increased the chances of encountering
			CVE-2017-3145. [RT #46839]

4858.	[security]	Addresses could be referenced after being freed
			in resolver.c, causing an assertion failure.
			(CVE-2017-3145) [RT #46839]

4857.	[bug]		Maintain attach/detach semantics for event->db,
			event->node, event->rdataset and event->sigrdataset
			in query.c. [RT #46891]

4856.	[bug]		'rndc zonestatus' reported the wrong underlying type
			for a inline slave zone. [RT #46875]

4855.	[bug]		isc_time_formatshorttimestamp produced incorrect
			output. [RT #46938]

4854.	[bug]		query_synthcnamewildcard should stop generating the
			response if query_synthwildcard fails. [RT #46939]

4853.	[bug]		Add REQUIRE's and INSIST's to isc_time_formatISO8601L
			and isc_time_formatISO8601Lms. [RT #46916]

4852.	[bug]		Handle strftime() failing in isc_time_formatISO8601ms.
			Add REQUIRE's and INSIST's to isc_time_formattimestamp,
			isc_time_formathttptimestamp, isc_time_formatISO8601,
			isc_time_formatISO8601ms. [RT #46892]

4851.	[port]		Support using kyua as well as atf-run to run the unit
			tests. [RT #46853]

4850.	[bug]		Named failed to restart with multiple added zones in
			lmdb database. [RT #46889]

4849.	[bug]		Duplicate zones could appear in the .nzf file if
			addzone failed. [RT #46435]

4848.	[func]		Zone types "primary" and "secondary" can now be used
			as synonyms for "master" and "slave" in named.conf.
			[RT #46713]

4847.	[bug]		dnssec-dnskey-kskonly was not being honored for
			CDS and CDNSKEY. [RT #46755]

4846.	[test]		Adjust timing values in runtime system test. Address
			named.pid removal races in runtime system test.
			[RT #46800]

4845.	[bug]		Dig (non iOS) should exit on malformed names.
			[RT #46806]

4844.	[test]		Address memory leaks in libatf-c. [RT #46798]

4843.	[bug]		dnssec-signzone free hashlist on exit. [RT #46791]

4842.	[bug]		Conditionally compile opensslecdsa_link.c to avoid
			warnings about unused function. [RT #46790]
This commit is contained in:
christos 2019-01-09 16:48:14 +00:00
parent 39225745fe
commit 66331fe003
935 changed files with 29392 additions and 7940 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

674
external/mpl/bind/dist/CHANGES vendored
View File

@ -1,18 +1,457 @@
--- 9.12.2-P1 released ---
--- 9.13.5-W1 released ---
5113. [port] Fixed a Windows build error.
--- 9.13.5 released ---
5108. [bug] Named could fail to determine bottom of zone when
removing out of date keys leading to invalid NSEC
and NSEC3 records being added to the zone. [GL #771]
5107. [bug] 'host -U' did not work. [GL #769]
5106. [experimental] A new "plugin" mechanism has been added to allow
extension of query processing functionality through
the use of dynamically loadable libraries. A
"filter-aaaa.so" plugin has been implemented,
replacing the filter-aaaa feature that was formerly
implemented as a native part of BIND.
The "filter-aaaa", "filter-aaaa-on-v4" and
"filter-aaaa-on-v6" options can no longer be
configured using native named.conf syntax. However,
loading the filter-aaaa.so plugin and setting its
parameters provides identical functionality.
Note that the plugin API is a work in progress and
is likely to evolve as further plugins are
implemented. [GL #15]
5105. [bug] Fix a race between process_fd and socketclose in
unix socket code. [GL #744]
5104. [cleanup] Log clearer informational message when a catz zone
is overridden by a zone in named.conf.
Thanks to Tony Finch. [GL !1157]
5103. [bug] Add missing design by contract tests to dns_catz*.
[GL #748]
5102. [bug] dnssec-coverage failed to use the default TTL when
checking KSK deletion times leading to a exception.
[GL #585]
5101. [bug] Fix default installation path for Python modules and
remove the dnspython dependency accidentally introduced
by change 4970. [GL #730]
5100. [func] Pin resolver tasks to specific task queues. [GL !1117]
5099. [func] Failed mutex and conditional creations are always
fatal. [GL #674]
--- 9.13.4 released ---
5098. [func] Failed memory allocations are now fatal. [GL #674]
5097. [cleanup] Remove embedded ATF unit testing framework
from BIND source distribution. [GL !875]
5096. [func] Use multiple event loops in socket code, and
make network threads CPU-affinitive. This
significantly improves performance on large
systems. [GL #666]
5095. [test] Converted all unit tests from ATF to CMocka;
removed the source code for the ATF libraries.
Build with "configure --with-cmocka" to enable
unit testing. [GL #620]
5094. [func] Add 'dig -r' to disable reading of .digrc. [GL !970]
5093. [bug] Log lame qname-minimization servers only if they're
really lame. [GL #671]
5092. [bug] Address memory leak on SIGTERM in nsupdate when using
GSS-TSIG. [GL #558]
5091. [func] Two new global and per-view options min-cache-ttl
and min-ncache-ttl [GL #613]
5090. [bug] dig and mdig failed to properly preparse dash value
pairs when value was a seperate argument and started
with a dash. [GL #584]
5089. [bug] Restore localhost fallback in dig and host which is
used when no nameserver addresses present in
/etc/resolv.conf are usable due to the requested
address family restrictions. [GL #433]
5088. [bug] dig/host/nslookup could crash when interrupted close to
a query timeout. [GL #599]
5087. [test] Check that result tables are complete. [GL #676]
5086. [func] Log of RPZ now includes the QTYPE and QCLASS. [GL #623]
5085. [bug] win32: Restore looking up nameservers, search list,
etc. [GL #186]
5084. [placeholder]
5083. [func] Add autoconf macro AX_POSIX_SHELL, so we
can use POSIX-compatible shell features
in the scripts.
5082. [bug] Fixed a race that could cause a crash in
dig/host/nslookup. [GL #650]
5081. [func] Use per-worker queues in task manager, make task
runners CPU-affine. [GL #659]
5080. [func] Improvements to "rndc nta" user interface:
- catch and report invalid command line options
- when removing an NTA from all views, do not
abort with an error if the NTA was not found
in one of the views
- include the view name in "rndc nta -dump"
output, for consistency with the add and remove
actions
Thanks to Tony Finch. [GL !816]
5079. [func] Disable IDN processing in dig and nslookup
when not on a tty. [GL #653]
5078. [cleanup] Require python components to be explicitly disabled if
python is not available on unix platforms. [GL #601]
5077. [cleanup] Remove ip6.int support (-i) from dig and mdig.
[GL !969]
5076. [bug] "require-server-cookie" was not effective if
"rate-limit" was configured. [GL #617]
5075. [bug] Refresh nameservers from cache when sending final
query in qname minimization. [GL #16]
5074. [cleanup] Remove vector socket functions - isc_socket_recvv(),
isc_socket_sendtov(), isc_socket_sendtov2(),
isc_socket_sendv() - in order to simplify socket code.
[GL #645]
5073. [bug] Destroy a task first when destroying rpzs and catzs.
[GL #84]
5072. [bug] Add unit tests for isc_buffer_copyregion() and fix its
behavior for auto-reallocated buffers. [GL #644]
5071. [bug] Comparision of NXT records was broken. [GL #631]
5070. [bug] Record types which support a empty rdata field were
not handling the empty rdata field case. [GL #638]
5069. [bug] Fix a hang on in RPZ when named is shutdown during RPZ
zone update. [GL !907]
5068. [bug] Fix a race in RPZ with min-update-interval set to 0.
[GL #643]
5067. [bug] Don't minimize qname when sending the query
to a forwarder. [GL #361]
5066. [cleanup] Allow unquoted strings to be used as a zone names
in response-policy statements. [GL #641]
5065. [bug] Only set IPV6_USE_MIN_MTU on IPv6. [GL #553]
5064. [test] Initalize TZ environment variable before calling
dns_test_begin in dnstap_test. [GL #624]
5063. [test] In statschannel test try a few times before failing
when checking if the compressed output is the same as
uncompressed. [GL !909]
5062. [func] Use non-crypto-secure PRNG to generate nonces for
cookies. [GL !887]
5061. [protocol] Add support for EID and NIMLOC. [GL #626]
5060. [bug] GID, UID and UINFO could not be loaded using unknown
record format. [GL #627]
5059. [bug] Display a per-view list of zones in the web interface.
[GL #427]
5058. [func] Replace old message digest and hmac APIs with more
generic isc_md and isc_hmac APIs, and convert their
respective tests to cmocka. [GL #305]
5057. [protocol] Add support for ATMA. [GL #619]
5056. [placeholder]
5055. [func] A default list of primary servers for the root zone is
now built into named, allowing the "masters" statement
to be omitted when configuring an IANA root zone
mirror. [GL #564]
5054. [func] Attempts to use mirror zones with recursion disabled
are now considered a configuration error. [GL #564]
5053. [func] The only valid zone-level NOTIFY settings for mirror
zones are now "notify no;" and "notify explicit;".
[GL #564]
5052. [func] Mirror zones are now configured using "type mirror;"
rather than "mirror yes;". [GL #564]
5051. [doc] Documentation incorrectly stated that the
"server-addresses" static-stub zone option accepts
custom port numbers. [GL #582]
5050. [bug] The libirs version of getaddrinfo() was unable to parse
scoped IPv6 addresses present in /etc/resolv.conf.
[GL #187]
5049. [cleanup] QNAME minimization has been deeply refactored. [GL #16]
5048. [func] Add configure option to enable and enforce FIPS mode
in BIND 9. [GL #506]
5047. [bug] Messages logged for certain query processing failures
now include a more specific error description if it is
available. [GL #572]
5046. [bug] named could crash during shutdown if an RPZ
reload was in progress. [RT #46210]
5045. [func] Remove support for DNSSEC algorithms 3 (DSA)
and 6 (DSA-NSEC3-SHA1). [GL #22]
5044. [cleanup] If "dnssec-enable" is no, then "dnssec-validation"
now also defaults to no. [GL #388]
5043. [bug] Fix creating and validating EdDSA signatures. [GL #579]
5042. [test] Make the chained delegations in reclimit behave
like they would in a regular name server. [GL #578]
5041. [test] The chain test contains a incomplete delegation.
[GL #568]
5040. [func] Extended dnstap so that it can log UPDATE requests
and responses as separate message types. Thanks
to Greg Rabil. [GL #570]
5039. [bug] Named could fail to preserve owner name case of new
RRset. [GL #420]
5038. [bug] Chaosnet addresses were compared incorrectly.
[GL #562]
5037. [func] "allow-recursion-on" and "allow-query-cache-on"
each now default to the other if only one of them
is set, in order to be more consistent with the way
"allow-recursion" and "allow-query-cache" work.
Also we now ensure that both query-cache ACLs are
checked when determining cache access. [GL #319]
5036. [cleanup] Fixed a spacing/formatting error in some RPZ-related
error messages in the log. [GL !805]
5035. [test] Fixed errors that prevented the DNSRPS subtests
from running in the rpz and rpzrecurse system
tests. [GL #503]
5034. [bug] A race between threads could prevent zone maintenance
scheduled immediately after zone load from being
performed. [GL #542]
5033. [bug] When adding NTAs to multiple views using "rndc nta",
the text returned via rndc was incorrectly terminated
after the first line, making it look as if only one
NTA had been added. Also, it was not possible to
differentiate between views with the same name but
different classes; this has been corrected with the
addition of a "-class" option. [GL #105]
5032. [func] Add krb5-selfsub and ms-selfsub update policy rules.
[GL #511]
5031. [cleanup] Various defines in platform.h has been either dropped
if always or never triggered on supported platforms
or replaced with config.h equivalents if the defines
didn't have any impact on public headers. Workarounds
for LinuxThreads have been removed because NPTL is
available since Linux kernel 2.6.0. [GL #525]
5030. [bug] Align CMSG buffers to a 64-bit boundary, fixes crash
on architectures with strict alignment. [GL #521]
--- 9.13.3 released ---
5029. [func] Workarounds for servers that misbehave when queried
with EDNS have been removed, because these broken
servers and the workarounds for their noncompliance
cause unnecessary delays, increase code complexity,
and prevent deployment of new DNS features. See
https://dnsflagday.net for further details. [GL #150]
5028. [bug] Spread the initial RRSIG expiration times over the
entire working sig-validity-interval when signing a
zone in named to even out re-signing and transfer
loads. [GL #418]
5027. [func] Set SO_SNDBUF size on sockets. [GL #74]
5026. [bug] rndc reconfig should not touch already loaded zones.
[GL #276]
5025. [cleanup] Remove isc_keyboard family of functions. [GL #178]
5024. [func] Replace custom assembly for atomic operations with
atomic support from the compiler. The code will now use
C11 stdatomic, or __atomic, or __sync builtins with GCC
or Clang compilers, and Interlocked functions with MSVC.
[GL #10]
5023. [cleanup] Remove wrappers that try to fix broken or incomplete
implementations of IPv6, pthreads and other core
functionality required and used by BIND. [GL #192]
5022. [doc] Update ms-self, ms-subdomain, krb5-self, and
krb5-subdomain documentation. [GL !708]
5021. [bug] dig returned a non-zero exit code when it received a
reply over TCP after a retry. [GL #487]
5020. [func] RNG uses thread-local storage instead of locks, if
supported by platform. [GL #496]
5019. [cleanup] A message is now logged when ixfr-from-differences is
set at zone level for an inline-signed zone. [GL #470]
5018. [bug] Fix incorrect sizeof arguments in lib/isc/pk11.c.
[GL !588]
5017. [bug] lib/isc/pk11.c failed to unlink the session before
releasing the lock which is unsafe. [GL !589]
5016. [bug] Named could assert with overlapping filter-aaaa and
dns64 acls. [GL #445]
5015. [bug] Reloading all zones caused zone maintenance to cease
for inline-signed zones. [GL #435]
5014. [bug] Signatures loaded from the journal for the signed
version of an inline-signed zone were not scheduled for
refresh. [GL #482]
5013. [bug] A referral response with a non-empty ANSWER section was
inadvertently being treated as an error. [GL #390]
5012. [bug] Fix lock order reversal in pk11_initialize. [GL !590]
5011. [func] Remove support for unthreaded named. [GL #478]
5010. [func] New "validate-except" option specifies a list of
domains beneath which DNSSEC validation should not
be performed. [GL #237]
5009. [bug] Upon an OpenSSL failure, the first error in the OpenSSL
error queue was not logged. [GL #476]
5008. [bug] "rndc signing -nsec3param ..." requests were silently
ignored for zones which were not yet loaded or
transferred. [GL #468]
5007. [cleanup] Replace custom ISC boolean and integer data types
with C99 stdint.h and stdbool.h types. [GL #9]
5006. [cleanup] Code preparing a delegation response was extracted from
query_delegation() and query_zone_delegation() into a
separate function in order to decrease code
duplication. [GL #431]
5005. [bug] dnssec-verify, and dnssec-signzone at the verification
step, failed on some validly signed zones. [GL #442]
5004. [bug] 'rndc reconfig' could cause inline zones to stop
re-signing. [GL #439]
5003. [bug] dns_acl_isinsecure did not handle geoip elements.
[GL #406]
5002. [bug] mdig: Handle malformed +ednsopt option, support 100
+ednsopt options per query rather than 100 total and
address memory leaks if +ednsopt was specified.
[GL #410]
5001. [bug] Fix refcount errors on error paths. [GL !563]
5000. [bug] named_server_servestale() could leave the server in
exclusive mode if an error occured. [GL #441]
4999. [cleanup] Remove custom printf implementation in lib/isc/print.c.
[GL #261]
4998. [test] Make resolver and cacheclean tests more civilized.
4997. [security] named could crash during recursive processing
of DNAME records when "deny-answer-aliases" was
in use. (CVE-2018-5740) [GL #387]
--- 9.12.2 released ---
4996. [bug] dig: Handle malformed +ednsopt option. [GL #403]
--- 9.12.2rc2 released ---
4995. [test] Add tests for "tcp-self" update policy. [GL !282]
4994. [bug] Trust anchor telemetry queries were not being sent
upstream for locally served zones. [GL #392]
4993. [cleanup] Remove support for silently ignoring 'no-change' deltas
from BIND 8 when processing an IXFR stream. 'no-change'
deltas will now trigger a fallback to AXFR as the
recovery mechanism. [GL #369]
4992. [bug] The wrong address was being logged for trust anchor
telemetry queries. [GL #379]
4991. [bug] "rndc reconfig" was incorrectly handling zones whose
"mirror" setting was changed. [GL #381]
4990. [bug] Prevent a possible NULL reference in pkcs11-keygen.
[GL #401]
4989. [cleanup] IDN support in dig has been reworked. IDNA2003
fallbacks were removed in the process. [GL #384]
4988. [bug] Don't synthesize NXDOMAIN from NSEC for records under
a DNAME.
--- 9.13.2 released ---
4987. [cleanup] dns_rdataslab_tordataset() and its related
dns_rdatasetmethods_t callbacks were removed as they
were not being used by anything in BIND. [GL #371]
4986. [func] When built on Linux, BIND now requires the libcap
library to set process privileges, unless capability
support is explicitly overridden with "configure
--disable-linux-caps". [GL #321]
4985. [func] Add a new slave zone option, "mirror", to enable
serving a non-authoritative copy of a zone that
is subject to DNSSEC validation before being
used. For now, this option is only meant to
facilitate deployment of an RFC 7706-style local
copy of the root zone. [GL #33]
4984. [bug] Improve handling of very large incremental
zone transfers to prevent journal corruption. [GL #339]
4983. [cleanup] Remove the deprecated flag from "answer-cookie";
it will be allowed to persist into 9.13. [GL #275].
4983. [func] Add the ability to not return a DNS COOKIE option
when one is present in the request (answer-cookie no;).
[GL #173]
4982. [cleanup] Return FORMERR if the question section is empty
and no COOKIE option is present; this restores
@ -25,9 +464,7 @@
4980. [bug] Named-checkconf failed to detect bad in-view targets.
[GL #288]
4979. [bug] Non-libcap builds were not checking whether all
requested capabilities are present in the permitted
capability set. [GL #321]
4979. [placeholder]
4978. [test] Fix error handling and resolver configuration in the
"rpz" system test. [GL #312]
@ -43,22 +480,30 @@
4974. [bug] Restore default rrset-order to random. [GL #336]
4973. [func] verifyzone() and the functions it uses were moved to
libdns and refactored to prevent exit() from being
called upon failure. A side effect of that is that
dnssec-signzone and dnssec-verify now check for memory
leaks upon shutdown. [GL #266]
4972. [func] Declare the 'rdata' argument for dns_rdata_tostruct()
to be const. [GL #341]
4971. [bug] dnssec-signzone and dnssec-verify did not treat records
below a DNAME as out-of-zone data. [GL #298]
4970. [func] Add QNAME minimization option to resolver. [GL #16]
4969. [cleanup] Refactor zone logging functions. [GL #269]
--- 9.12.2rc1 released ---
--- 9.13.1 released ---
4968. [bug] If glue records are signed, attempt to validate them.
[GL #209]
4966. [func] Add the ability to not return a DNS COOKIE option
when one is present in the request (answer-cookie no;).
[GL #173]
4967. [cleanup] Add "answer-cookie" to the parser, marked obsolete.
4966. [placeholder]
4965. [func] Add support for marking options as deprecated.
[GL #322]
@ -74,6 +519,9 @@
4962. [cleanup] Move 'named -T' processing to its own function.
[GL #316]
4961. [protocol] Remove support for ECC-GOST (GOST R 34.11-94).
[GL #295]
4960. [security] When recursion is enabled, but the "allow-recursion"
and "allow-query-cache" ACLs are not specified,
they should be limited to local networks,
@ -81,8 +529,23 @@
"allow-query", thus allowing remote queries.
(CVE-2018-5738) [GL #309]
4959. [func] NSID logging (enabled by the "request-nsid" option)
now has its own "nsid" category, instead of using the
"resolver" category. [GL !332]
4958. [bug] Remove redundant space from NSEC3 record. [GL #281]
4957. [func] The default setting for "dnssec-validation" is now
"auto", which activates DNSSEC validation using the
IANA root key. (The default can be changed back to
"yes", which activates DNSSEC validation only when keys
are explicitly configured in named.conf, by building
BIND with "configure --disable-auto-validation".)
[GL #30]
4956. [func] Change isc_random() to be just PRNG using xoshiro128**,
and add isc_nonce_buf() that uses CSPRNG. [GL #289]
4955. [cleanup] Silence cppcheck warnings in lib/dns/master.c.
[GL #286]
@ -90,17 +553,49 @@
directed to the "serve-stale" logging category.
Also clarified serve-stale documentation. [GL !323]
4953. [bug] Removed the option to build the red black tree
database without a hash table; the non-hashing
version was buggy and is not needed. [GL #184]
4952. [func] Authoritative server support in named for the
EDNS CLIENT-SUBNET option (which was experimental
and not practical to deploy) has been removed.
The ECS option is still supported in dig and mdig
via the +subnet option, and can be parsed and logged
when received by named, but it is no longer used
for ACL processing. The "geoip-use-ecs" option
is now obsolete; a warning will be logged if it is
used in named.conf. "ecs" tags in an ACL definition
are also obsolete and will cause the configuration
to fail to load. [GL #32]
4951. [protocol] Add "HOME.ARPA" to list of built in empty zones as
per RFC 8375. [GL #273]
--- 9.13.0 released ---
4950. [bug] ISC_SOCKEVENTATTR_TRUNC was not be set. [GL #238]
4949. [bug] lib/isc/print.c failed to handle floating point
output correctly. [GL #261]
4949. [placeholder]
4948. [bug] When request-nsid is turned on, EDNS NSID options
should be logged at level info. Since change 3741
they have been logged at debug(3) by mistake.
[GL !290]
4947. [func] Replace all random functions with isc_random(),
isc_random_buf() and isc_random_uniform() API.
[GL #221]
4946. [bug] Additional glue was not being returned by resolver
for unsigned zones since change 4596. [GL #209]
4945. [func] BIND can no longer be built without DNSSEC support.
A cryptography provder (i.e., OpenSSL or a hardware
service module with PKCS#11 support) must be
available. [GL #244]
4944. [cleanup] Silence cppcheck portability warnings in
lib/isc/tests/buffer_test.c. [GL #239]
@ -109,8 +604,25 @@
hash table size to 512 entries for 'named -m record'
restoring the previous memory footprint. [GL #248]
4942. [cleanup] Consolidate multiple instances of splitting of
batchline in dig into a single function. [GL #196]
4941. [cleanup] Silence clang static analyzer warnings. [GL #196]
4940. [cleanup] Extract the loop in dns__zone_updatesigs() into
separate functions to improve code readability.
[GL #135]
4939. [test] Add basic unit tests for update_sigs(). [GL #135]
4938. [placeholder]
4937. [func] Remove support for OpenSSL < 1.0.0 [GL #191]
4936. [func] Always use OpenSSL or PKCS#11 random data providers,
and remove the --{enable,disable}-crypto-rand configure
options. [GL #165]
4935. [func] Add support for LibreSSL >= 2.7.0 (some OpenSSL 1.1.0
call were added). [GL #191]
@ -129,12 +641,37 @@
logged even when an error occurred while updating
signatures. [GL #159]
4931. [func] Removed the "rbtdb64" database implementation.
[GL #217]
4930. [bug] Remove a bogus check in nslookup command line
argument processing. [GL #206]
4929. [func] Add the ability to set RA and TC in queries made by
dig (+[no]raflag, +[no]tcflag). [GL #213]
4928. [func] The "dnskey-sig-validity" option allows
"sig-validity-interval" to be overriden for signatures
covering DNSKEY RRsets. [GL #145]
4927. [placeholder]
4926. [func] Add root key sentinel support. To disable, add
'root-key-sentinel no;' to named.conf. [GL #37]
4925. [func] Several configuration options that define intervals
can now take TTL value suffixes (for example, 2h or 1d)
in addition to integer parameters. These include
max-cache-ttl, max-ncache-ttl, max-policy-ttl,
fstrm-set-reopen-interval, interface-interval, and
min-update-interval. [GL #203]
4924. [cleanup] Clean up the isc_string_* namespace and leave
only strlcpy and strlcat. [GL #178]
4923. [cleanup] Refactor socket and socket event options into
enum types. [GL !135]
4922. [bug] dnstap: Log the destination address of client
packets rather than the interface address.
[GL #197]
@ -144,8 +681,20 @@
refactoring dns_fixedname_*() macros were turned into
functions. [GL #183]
4920. [cleanup] Clean up libdns removing most of the backwards
compatibility wrappers.
4919. [cleanup] Clean up the isc_hash_* namespace and leave only
the FNV-1a hash implementation. [GL #178]
4918. [bug] Fix double free after keygen error in dnssec-keygen
when OpenSSL >= 1.1.0 is used and RSA_generate_key_ex
fails. [GL #109]
4917. [func] Support 64 RPZ policy zones by default. [GL #123]
4916. [func] Remove IDNA2003 support and the bundled idnkit-1.0
library.
4915. [func] Implement IDNA2008 support in dig by adding support
for libidn2. New dig option +idnin has been added,
@ -180,10 +729,15 @@
4907. [test] Improved the reliability of the 'notify' system
test. [GL #59]
4906. [func] Replace getquad() with inet_pton(), completing
change #4900. [GL #56]
4905. [bug] irs_resconf_load() ignored resolv.conf syntax errors
when "domain" or "search" options were present in that
file. [GL #110]
4904. [bug] Temporarily revert change #4859. [GL #124]
4903. [bug] "check-mx fail;" did not prevent MX records containing
IP addresses from being added to a zone by a dynamic
update. [GL #112]
@ -191,11 +745,21 @@
4902. [test] Improved the reliability of the 'ixfr' system
test. [GL #66]
4901. [func] "dig +nssearch" now lists the name servers
for a domain that time out, as well as the servers
that respond. [GL #64]
4900. [func] Remove all uses of inet_aton(). As a result of this
change, IPv4 addresses are now only accepted in
dotted-quad format. [GL #13]
4899. [test] Convert most of the remaining system tests to be able
to run in parallel, continuing the work from change
#4895. To take advantage of this, use "make -jN check",
where N is the number of processors to use. [GL #91]
4898. [func] Remove libseccomp based system-call filtering. [GL #93]
4897. [test] Update to rpz system test so that it doesn't recurse.
[GL #68]
@ -204,14 +768,6 @@
4895. [test] Allow some system tests to run in parallel.
[RT #46602]
--- 9.12.1 released ---
--- 9.12.1rc2 released ---
4904. [bug] Temporarily revert change #4859. [GL #124]
--- 9.12.1rc1 released ---
4894. [bug] named could crash while rolling a dnstap output file.
[RT #46942]
@ -221,13 +777,16 @@
before all zone loading actions triggered by a previous
"rndc reload" command were completed. [RT #47076]
4891. [placeholder]
4890. [func] Remove unused ondestroy callback from libisc.
[isc-projects/bind9!3]
4889. [func] Warn about the use of old root keys without the new
root key being present. Warn about dlv.isc.org's
key being present. Warn about both managed and
trusted root keys being present. [RT #43670]
--- 9.12.1b1 released ---
4888. [test] Initialize sockets correctly in sample-update so
that the nsupdate system test will run on Windows.
[RT #47097]
@ -298,6 +857,9 @@
be passed to memmove which is undefined behavior and
can lead to bad optimization. [RT #46888]
4868. [func] dnssec-keygen can no longer generate HMAC keys.
Use tsig-keygen instead. [RT #46404]
4867. [cleanup] Normalize rndc on/off commands (validation,
querylog, serve-stale) so they all accept the
same synonyms for on/off (yes/no, true/false,
@ -307,15 +869,33 @@
was not disabled) and SHA-1 hash and HMAC support.
[RT #46764]
4865. [cleanup] Simplify handling isc_socket_sendto2() return values.
[RT #46986]
4864. [bug] named acting as a slave for a catalog zone crashed if
the latter contained a master definition without an IP
address. [RT #45999]
4863. [bug] Fix various other bugs reported by Valgrind's
memcheck tool. [RT #46978]
4862. [bug] The rdata flags for RRSIG were not being properly set
when constructing a rdataslab. [RT #46978]
4861. [bug] The isc_crc64 unit test was not endian independent.
[RT #46973]
4860. [bug] isc_int8_t should be signed char. [RT #46973]
4859. [bug] A loop was possible when attempting to validate
unsigned CNAME responses from secure zones;
this caused a delay in returning SERVFAIL and
also increased the chances of encountering
CVE-2017-3145. [RT #46839]
4858. [security] Addresses could be referenced after being freed
in resolver.c, causing an assertion failure.
(CVE-2017-3145) [RT #46839]
4857. [bug] Maintain attach/detach semantics for event->db,
event->node, event->rdataset and event->sigrdataset
@ -341,6 +921,16 @@
4851. [port] Support using kyua as well as atf-run to run the unit
tests. [RT #46853]
4850. [bug] Named failed to restart with multiple added zones in
lmdb database. [RT #46889]
4849. [bug] Duplicate zones could appear in the .nzf file if
addzone failed. [RT #46435]
4848. [func] Zone types "primary" and "secondary" can now be used
as synonyms for "master" and "slave" in named.conf.
[RT #46713]
4847. [bug] dnssec-dnskey-kskonly was not being honored for
CDS and CDNSKEY. [RT #46755]
@ -358,34 +948,6 @@
4842. [bug] Conditionally compile opensslecdsa_link.c to avoid
warnings about unused function. [RT #46790]
--- 9.12.0 released ---
--- 9.12.0rc3 released ---
4863. [bug] Fix various other bugs reported by Valgrind's
memcheck tool. [RT #46978]
4862. [bug] The rdata flags for RRSIG were not being properly set
when constructing a rdataslab. [RT #46978]
--- 9.12.0rc2 released ---
4859. [bug] A loop was possible when attempting to validate
unsigned CNAME responses from secure zones;
this caused a delay in returning SERVFAIL and
also increased the chances of encountering
CVE-2017-3145. [RT #46839]
4858. [security] Addresses could be referenced after being freed
in resolver.c, causing an assertion failure.
(CVE-2017-3145) [RT #46839]
4850. [bug] Named failed to restart with multiple added zones in
lmdb database. [RT #46889]
4849. [bug] Duplicate zones could appear in the .nzf file if
addzone failed. [RT #46435]
--- 9.12.0rc1 released ---
4841. [bug] Address -fsanitize=undefined warnings. [RT #46786]
@ -674,8 +1236,8 @@
4760. [func] Add glue cache statistics counters. [RT #46028]
4759. [func] Add logging channel "trust-anchor-telementry" to
record trust-anchor-telementry in incoming requests.
4759. [func] Add logging channel "trust-anchor-telemetry" to
record trust-anchor-telemetry in incoming requests.
Both _ta-XXXX.<anchor>/NULL and EDNS KEY-TAG options
are logged. [RT #46124]
@ -744,10 +1306,10 @@
tests when running on terminals that support them.
[RT #45977]
4744. [bug] Suppress trust-anchor-telementry queries if
4744. [bug] Suppress trust-anchor-telemetry queries if
validation is disabled. [RT #46131]
4743. [func] Exclude trust-anchor-telementry queries from
4743. [func] Exclude trust-anchor-telemetry queries from
synth-from-dnssec processing. [RT #46123]
4742. [func] Synthesis of responses from DNSSEC-verified records.

3
external/mpl/bind/dist/OPTIONS vendored
View File

@ -19,9 +19,6 @@ Setting Description
named-checkzone
-DNS_RUN_PID_DIR=0 Create default PID files in ${localstatedir}/run
rather than ${localstatedir}/run/named/
Increase the maximum number of configurable
-DNS_RPZ_MAX_ZONES=64 response policy zones from 32 to 64; this is the
highest possible setting
Disable the use of inline functions to implement
-DISC_BUFFER_USEINLINE=0 the isc_buffer API: this reduces performance but
may be useful when debugging

1
external/mpl/bind/dist/OPTIONS.md vendored
View File

@ -23,6 +23,5 @@ Some of these settings are:
|`-DCHECK_SIBLING=0`|Don't check sibling glue in `named-checkzone`|
|`-DCHECK_LOCAL=0`|Don't check out-of-zone addresses in `named-checkzone`|
|`-DNS_RUN_PID_DIR=0`|Create default PID files in `${localstatedir}/run` rather than `${localstatedir}/run/named/`|
|`-DNS_RPZ_MAX_ZONES=64`|Increase the maximum number of configurable response policy zones from 32 to 64; this is the highest possible setting|
|`-DISC_BUFFER_USEINLINE=0`|Disable the use of inline functions to implement the `isc_buffer` API: this reduces performance but may be useful when debugging |
|`-DISC_HEAP_CHECK`|Test heap consistency after every heap operation; used when debugging|

89
external/mpl/bind/dist/PLATFORMS vendored Normal file
View File

@ -0,0 +1,89 @@
Supported platforms
In general, this version of BIND will build and run on any POSIX-compliant
system with a C99-compliant C compiler, BSD-style sockets with
RFC-compliant IPv6 support, POSIX-compliant threads, and the OpenSSL
cryptography library. Atomic operations support from the compiler is
needed, either in the form of builtin operations, C11 atomics or the
Interlocked family of functions on Windows.
ISC regularly tests BIND on many operating systems and architectures, but
lacks the resources to test all of them. Consequently, ISC is only able to
offer support on a "best effort" basis for some.
Regularly tested platforms
As of May 2018, BIND 9.13 is tested on the following systems:
* Debian 8, 9
* Ubuntu 16.04, 18.04
* Fedora 27, 28
* Red Hat/CentOS 6, 7
* FreeBSD 10.x, 11.x
* OpenBSD 6.3
The amd64, i386, armhf and arm64 CPU architectures are all fully
supported.
Best effort
The following are platforms on which BIND is known to build and run, but
on which it is not routinely tested. ISC makes every effort to fix bugs on
these platforms, but may be unable to do so quickly due to lack of
hardware, less familiarity on the part of engineering staff, and other
constraints.
* Windows 10 / x64
* Windows Server 2012 R2, 2016 / x64
* macOS 10.12+
* Solaris 10
* FreeBSD 12+
* OpenBSD 6.2
* NetBSD
* Older or less popular Linux distributions still supported by their
vendors, such as:
+ Ubuntu 14.04, 18.10+
+ Gentoo
+ ArchLinux
+ Alpine Linux
* OpenWRT/LEDE 17.0
* Other CPU architectures (mips, mipsel, sparc, ...)
Unsupported platforms
These are platforms on which BIND is known not to build or run:
* Platforms without at least OpenSSL 1.0.2
* Windows 10 / x86
* Windows Server 2012 and older
* Platforms that don't support IPv6 Advanced Socket API (RFC 3542)
* Platforms that don't support atomic operations (via compiler or
library)
* Linux without NPTL (Native POSIX Thread Library)
Platform quirks
ARM
If the compilation ends with following error:
Error: selected processor does not support `yield' in ARM mode
You will need to set -march compiler option to native, so the compiler
recognizes yield assembler instruction. The proper way to set -march=
native would be to put it into CFLAGS, e.g. run ./configure like this:
CFLAGS="-march=native -Os -g" ./configure plus your usual options.
If that doesn't work, you can enforce the minimum CPU and FPU (taken from
Debian armhf documentation):
* The lowest worthwhile CPU implementation is Armv7-A, therefore the
recommended build option is -march=armv7-a.
* FPU should be set at VFPv3-D16 as they represent the miminum
specification of the processors to support here, therefore the
recommended build option is -mfpu=vfpv3-d16.
The configure command should look like this:
CFLAGS="-march=armv7-a -mfpu=vfpv3-d16 -Os -g" ./configure

100
external/mpl/bind/dist/PLATFORMS.md vendored Normal file
View File

@ -0,0 +1,100 @@
<!--
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
- See the COPYRIGHT file distributed with this work for additional
- information regarding copyright ownership.
-->
## Supported platforms
In general, this version of BIND will build and run on any POSIX-compliant
system with a C99-compliant C compiler, BSD-style sockets with RFC-compliant
IPv6 support, POSIX-compliant threads, and the OpenSSL cryptography library.
Atomic operations support from the compiler is needed, either in the form of
builtin operations, C11 atomics or the Interlocked family of functions on
Windows.
ISC regularly tests BIND on many operating systems and architectures, but
lacks the resources to test all of them. Consequently, ISC is only able to
offer support on a "best effort" basis for some.
### Regularly tested platforms
As of May 2018, BIND 9.13 is tested on the following systems:
* Debian 8, 9
* Ubuntu 16.04, 18.04
* Fedora 27, 28
* Red Hat/CentOS 6, 7
* FreeBSD 10.x, 11.x
* OpenBSD 6.3
The amd64, i386, armhf and arm64 CPU architectures are all fully supported.
### Best effort
The following are platforms on which BIND is known to build and run,
but on which it is not routinely tested. ISC makes every effort to fix bugs
on these platforms, but may be unable to do so quickly due to lack of
hardware, less familiarity on the part of engineering staff, and other
constraints.
* Windows 10 / x64
* Windows Server 2012 R2, 2016 / x64
* macOS 10.12+
* Solaris 10
* FreeBSD 12+
* OpenBSD 6.2
* NetBSD
* Older or less popular Linux distributions still supported by their vendors, such as:
* Ubuntu 14.04, 18.10+
* Gentoo
* ArchLinux
* Alpine Linux
* OpenWRT/LEDE 17.0
* Other CPU architectures (mips, mipsel, sparc, ...)
## Unsupported platforms
These are platforms on which BIND is known *not* to build or run:
* Platforms without at least OpenSSL 1.0.2
* Windows 10 / x86
* Windows Server 2012 and older
* Platforms that don't support IPv6 Advanced Socket API (RFC 3542)
* Platforms that don't support atomic operations (via compiler or library)
* Linux without NPTL (Native POSIX Thread Library)
## Platform quirks
### ARM
If the compilation ends with following error:
```
Error: selected processor does not support `yield' in ARM mode
```
You will need to set `-march` compiler option to `native`, so the compiler
recognizes `yield` assembler instruction. The proper way to set `-march=native`
would be to put it into `CFLAGS`, e.g. run `./configure` like this:
`CFLAGS="-march=native -Os -g" ./configure` plus your usual options.
If that doesn't work, you can enforce the minimum CPU and FPU (taken from Debian
armhf documentation):
* The lowest worthwhile CPU implementation is Armv7-A, therefore the recommended
build option is `-march=armv7-a`.
* FPU should be set at VFPv3-D16 as they represent the miminum specification of
the processors to support here, therefore the recommended build option is
`-mfpu=vfpv3-d16`.
The configure command should look like this:
```
CFLAGS="-march=armv7-a -mfpu=vfpv3-d16 -Os -g" ./configure
```

131
external/mpl/bind/dist/README vendored
View File

@ -5,7 +5,7 @@ Contents
1. Introduction
2. Reporting bugs and getting help
3. Contributing to BIND
4. BIND 9.12 features
4. BIND 9.13 features
5. Building BIND
6. macOS
7. Compile-time options
@ -31,9 +31,9 @@ administrative tools, including the dig and delv DNS lookup tools,
nsupdate for dynamic DNS zone updates, rndc for remote name server
administration, and more.
BIND 9 is a complete re-write of the BIND architecture that was used in
versions 4 and 8. Internet Systems Consortium (https://www.isc.org), a 501
(c)(3) public benefit corporation dedicated to providing software and
BIND 9 began as a complete re-write of the BIND architecture that was used
in versions 4 and 8. Internet Systems Consortium (https://www.isc.org), a
501(c)(3) public benefit corporation dedicated to providing software and
services in support of the Internet infrastructure, developed BIND 9 and
is responsible for its ongoing maintenance and improvement. BIND is open
source software licenced under the terms of the Mozilla Public License,
@ -48,6 +48,8 @@ the file CHANGES. See below for details on the CHANGES file format.
For up-to-date release notes and errata, see http://www.isc.org/software/
bind9/releasenotes
For information about supported platforms, see PLATFORMS.
Reporting bugs and getting help
To report non-security-sensitive bugs or request new features, you may
@ -82,8 +84,8 @@ ISC maintains a public git repository for BIND; details can be found at
http://www.isc.org/git/.
Information for BIND contributors can be found in the following files: -
General information: doc/dev/contrib.md - BIND 9 code style: doc/dev/
style.md - BIND architecture and developer guide: doc/dev/dev.md
General information: CONTRIBUTING.md - BIND 9 code style: doc/dev/style.md
- BIND architecture and developer guide: doc/dev/dev.md
Patches for BIND may be submitted as Merge Requests in the ISC GitLab
server at at https://gitlab.isc.org/isc-projects/bind9/merge_requests.
@ -97,57 +99,58 @@ If you prefer, you may also submit code by opening a GitLab Issue and
including your patch as an attachment, preferably generated by git
format-patch.
BIND 9.12 features
BIND 9.13 features
BIND 9.12.0 is the newest development branch of BIND 9. It includes a
number of changes from BIND 9.11 and earlier releases. New features
include:
BIND 9.13 is the newest development branch of BIND 9. It includes a number
of changes from BIND 9.12 and earlier releases. New features include:
* named and related libraries have been substantially refactored for
improved query performance -- particularly on delegation heavy zones
-- and for improved readability, maintainability, and testability.
* Code implementing the name server query processing logic has been
moved into a new libns library, for easier testing and use in tools
other than named.
* Cached, validated NSEC and other records can now be used to synthesize
NXDOMAIN responses.
* The DNS Response Policy Service API (DNSRPS) is now supported.
* Setting 'max-journal-size default' now limits the size of journal
files to twice the size of the zone.
* dnstap-read -x prints a hex dump of the wire format of each logged DNS
message.
* dnstap output files can now be configured to roll automatically when
reaching a given size.
* Log file timestamps can now also be formatted in ISO 8601 (local) or
ISO 8601 (UTC) formats.
* Logging channels and dnstap output files can now be configured to use
a timestamp as the suffix when rolling to a new file.
* 'named-checkconf -l' lists zones found in named.conf.
* Added support for the EDNS Padding and Keepalive options.
* 'new-zones-directory' option sets the location where the configuration
data for zones added by rndc addzone is stored.
* The default key algorithm in rndc-confgen is now hmac-sha256.
* filter-aaaa-on-v4 and filter-aaaa-on-v6 options are now available by
default without a configure option.
* The obsolete isc-hmac-fixup command has been removed.
* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a
plugin.
* Socket and task code has been refactored to improve performance.
* QNAME minimization, as described in RFC 7816, is now supported.
* "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root
zone.
* Secondary zones can now be configured as "mirror" zones; their
contents are transferred in as with traditional slave zones, but are
subject to DNSSEC validation and are not treated as authoritative data
when answering. This makes it easier to configure a local copy of the
root zone as described in RFC 7706.
* The "validate-except" option allows configuration of domains below
which DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with libidn2.
BIND 9.12.1
In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries
have been removed. See https://dnsflagday.net for more details.
BIND 9.12.1 is a maintenance release.
Cryptographic support has been modernized. BIND now uses the best
available pseudo-random number generator for the platform on which it's
built. Very old versions of OpenSSL are no longer supported. Cryptography
is now mandatory: building BIND without DNSSEC is now longer supported.
BIND 9.12.2
BIND 9.12.2 is a maintenance release, and addresses security
vulnerabilities disclosed in CVE-2018-5736, CVE-2018-5737 and
CVE-2018-5738.
Special code to support certain legacy operating systems has also been
removed; see the file PLATFORMS.md for details of supported platforms. In
addition to OpenSSL, BIND now requires support for IPv6, threads, and
standard atomic operations provided by the C compiler.
Building BIND
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
support, and a 64-bit integer type. Successful builds have been observed
on many versions of Linux and UNIX, including RedHat, Fedora, Debian,
Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X, Solaris,
HP-UX, AIX, SCO OpenServer, and OpenWRT.
Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
basic POSIX support, and a 64-bit integer type. Successful builds have
been observed on many versions of Linux and UNIX, including RedHat,
Fedora, Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS
X, Solaris, HP-UX, and OpenWRT.
BIND requires a cryptography provider library such as OpenSSL or a
hardware service module supporting PKCS#11. On Linux, BIND requires the
libcap library to set process privileges, though this requirement can be
overridden by disabling capability support at compile time. See
Compile-time options below for details on other libraries that may be
required to support optional features.
BIND is also available for Windows 2008 and higher. See win32utils/
readme1st.txt for details on building for Windows systems.
@ -218,11 +221,10 @@ smaller systems.
For the server to support DNSSEC, you need to build it with crypto
support. To use OpenSSL, you should have OpenSSL 1.0.2e or newer
installed. If the OpenSSL library is installed in a nonstandard location,
specify the prefix using "--with-openssl=<PREFIX>" on the configure
command line. To use a PKCS#11 hardware service module for cryptographic
specify the prefix using --with-openssl=<PREFIX> on the configure command
line. To use a PKCS#11 hardware service module for cryptographic
operations, specify the path to the PKCS#11 provider library using
"--with-pkcs11=<PREFIX>", and configure BIND with
"--enable-native-pkcs11".
--with-pkcs11=<PREFIX>, and configure BIND with --enable-native-pkcs11.
To support the HTTP statistics channel, the server must be linked with at
least one of the following: libxml2 http://xmlsoft.org or json-c https://
@ -235,17 +237,22 @@ specify the prefix using --with-zlib=/prefix.
To support storing configuration data for runtime-added zones in an LMDB
database, the server must be linked with liblmdb. If this is installed in
a nonstandard location, specify the prefix using "with-lmdb=/prefix".
a nonstandard location, specify the prefix using with-lmdb=/prefix.
To support GeoIP location-based ACLs, the server must be linked with
libGeoIP. This is not turned on by default; BIND must be configured with
"--with-geoip". If the library is installed in a nonstandard location, use
specify the prefix using "--with-geoip=/prefix".
--with-geoip. If the library is installed in a nonstandard location,
specify the prefix using --with-geoip=/prefix.
For DNSTAP packet logging, you must have installed libfstrm https://
github.com/farsightsec/fstrm and libprotobuf-c https://
developers.google.com/protocol-buffers, and BIND must be configured with
"--enable-dnstap".
--enable-dnstap.
On Linux, process capabilities are managed in user space using the libcap
library, which can be installed on most Linux systems via the libcap-dev
or libcap-devel module. Process capability support can also be disabled by
configuring with --disable-linux-caps.
Portions of BIND that are written in Python, including dnssec-keymgr,
dnssec-coverage, dnssec-checkds, and some of the system tests, require the
@ -262,10 +269,6 @@ specifying --enable-fixed-rrset or --disable-fixed-rrset on the configure
command line. By default, fixed rrset-order is disabled to reduce memory
footprint.
If your operating system has integrated support for IPv6, it will be used
automatically. If you have installed KAME IPv6 separately, use --with-kame
[=PATH] to specify its location.
make install will install named and the various BIND 9 libraries. By
default, installation is into /usr/local, but this can be changed with the
--prefix option when running configure.
@ -291,8 +294,10 @@ and will be skipped if these are not available. Some tests require Python
and the 'dnspython' module and will be skipped if these are not available.
See bin/tests/system/README for further details.
Unit tests are implemented using Automated Testing Framework (ATF). To run
them, use configure --with-atf, then run make test or make unit.
Unit tests are implemented using the CMocka unit testing framework. To
build them, use configure --with-cmocka. Execution of tests is done by the
Kyua test execution engine; if the kyua command is available, then unit
tests can be run via make test or make unit.
Documentation

127
external/mpl/bind/dist/README.md vendored
View File

@ -15,7 +15,7 @@
1. [Introduction](#intro)
1. [Reporting bugs and getting help](#help)
1. [Contributing to BIND](#contrib)
1. [BIND 9.12 features](#features)
1. [BIND 9.13 features](#features)
1. [Building BIND](#build)
1. [macOS](#macos)
1. [Compile-time options](#opts)
@ -41,8 +41,8 @@ administrative tools, including the `dig` and `delv` DNS lookup tools,
`nsupdate` for dynamic DNS zone updates, `rndc` for remote name server
administration, and more.
BIND 9 is a complete re-write of the BIND architecture that was used in
versions 4 and 8. Internet Systems Consortium
BIND 9 began as a complete re-write of the BIND architecture that was
used in versions 4 and 8. Internet Systems Consortium
([https://www.isc.org](https://www.isc.org)), a 501(c)(3) public benefit
corporation dedicated to providing software and services in support of the
Internet infrastructure, developed BIND 9 and is responsible for its
@ -59,6 +59,8 @@ CHANGES file format.
For up-to-date release notes and errata, see
[http://www.isc.org/software/bind9/releasenotes](http://www.isc.org/software/bind9/releasenotes)
For information about supported platforms, see [PLATFORMS](PLATFORMS.md).
### <a name="help"/> Reporting bugs and getting help
To report non-security-sensitive bugs or request new features, you may
@ -95,7 +97,7 @@ ISC maintains a public git repository for BIND; details can be found
at [http://www.isc.org/git/](http://www.isc.org/git/).
Information for BIND contributors can be found in the following files:
- General information: [doc/dev/contrib.md](doc/dev/contrib.md)
- General information: [CONTRIBUTING.md](CONTRIBUTING)
- BIND 9 code style: [doc/dev/style.md](doc/dev/style.md)
- BIND architecture and developer guide: [doc/dev/dev.md](doc/dev/dev.md)
@ -114,57 +116,60 @@ If you prefer, you may also submit code by opening a
including your patch as an attachment, preferably generated by
`git format-patch`.
### <a name="features"/> BIND 9.12 features
### <a name="features"/> BIND 9.13 features
BIND 9.12.0 is the newest development branch of BIND 9. It includes a
number of changes from BIND 9.11 and earlier releases. New features
BIND 9.13 is the newest development branch of BIND 9. It includes a
number of changes from BIND 9.12 and earlier releases. New features
include:
* `named` and related libraries have been substantially refactored for
improved query performance -- particularly on delegation heavy zones --
and for improved readability, maintainability, and testability.
* Code implementing the name server query processing logic has been moved
into a new `libns` library, for easier testing and use in tools other
than `named`.
* Cached, validated NSEC and other records can now be used to synthesize
NXDOMAIN responses.
* The DNS Response Policy Service API (DNSRPS) is now supported.
* Setting `'max-journal-size default'` now limits the size of journal files
to twice the size of the zone.
* `dnstap-read -x` prints a hex dump of the wire format of each logged
DNS message.
* `dnstap` output files can now be configured to roll automatically when
reaching a given size.
* Log file timestamps can now also be formatted in ISO 8601 (local) or ISO
8601 (UTC) formats.
* Logging channels and `dnstap` output files can now be configured to use a
timestamp as the suffix when rolling to a new file.
* `'named-checkconf -l'` lists zones found in `named.conf`.
* Added support for the EDNS Padding and Keepalive options.
* 'new-zones-directory' option sets the location where the configuration
data for zones added by rndc addzone is stored.
* The default key algorithm in `rndc-confgen` is now hmac-sha256.
* `filter-aaaa-on-v4` and `filter-aaaa-on-v6` options are now available
by default without a configure option.
* The obsolete `isc-hmac-fixup` command has been removed.
* A new "plugin" mechanism has been added to allow query functionality
to be extended using dynamically loadable libraries. The "filter-aaaa"
feature has been removed from named and is now implemented as a plugin.
* Socket and task code has been refactored to improve performance.
* QNAME minimization, as described in RFC 7816, is now supported.
* "Root key sentinel" support, enabling validating resolvers to indicate
via a special query which trust anchors are configured for the root zone.
* Secondary zones can now be configured as "mirror" zones; their contents
are transferred in as with traditional slave zones, but are subject to
DNSSEC validation and are not treated as authoritative data when
answering. This makes it easier to configure a local copy of the root
zone as described in RFC 7706.
* The "validate-except" option allows configuration of domains below which
DNSSEC validation should not be performed.
* The default value of "dnssec-validation" is now "auto".
* IDNA2008 is now supported when linking with `libidn2`.
#### BIND 9.12.1
In addition, workarounds that were formerly in place to enable resolution
of domains whose authoritative servers did not respond to EDNS queries
have been removed. See [https://dnsflagday.net](https://dnsflagday.net)
for more details.
BIND 9.12.1 is a maintenance release.
Cryptographic support has been modernized. BIND now uses the
best available pseudo-random number generator for the platform on which
it's built. Very old versions of OpenSSL are no longer supported.
Cryptography is now mandatory: building BIND without DNSSEC is now
longer supported.
#### BIND 9.12.2
BIND 9.12.2 is a maintenance release, and addresses security
vulnerabilities disclosed in CVE-2018-5736, CVE-2018-5737 and
CVE-2018-5738.
Special code to support certain legacy operating systems has also
been removed; see the file [PLATFORMS.md](PLATFORMS.md) for details
of supported platforms. In addition to OpenSSL, BIND now requires
support for IPv6, threads, and standard atomic operations provided
by the C compiler.
### <a name="build"/> Building BIND
BIND requires a UNIX or Linux system with an ANSI C compiler, basic POSIX
support, and a 64-bit integer type. Successful builds have been observed on
many versions of Linux and UNIX, including RedHat, Fedora, Debian, Ubuntu,
SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X, Solaris, HP-UX, AIX,
SCO OpenServer, and OpenWRT.
Minimally, BIND requires a UNIX or Linux system with an ANSI C compiler,
basic POSIX support, and a 64-bit integer type. Successful builds have been
observed on many versions of Linux and UNIX, including RedHat, Fedora,
Debian, Ubuntu, SuSE, Slackware, FreeBSD, NetBSD, OpenBSD, Mac OS X,
Solaris, HP-UX, and OpenWRT.
BIND requires a cryptography provider library such as OpenSSL or a
hardware service module supporting PKCS#11. On Linux, BIND requires
the `libcap` library to set process privileges, though this requirement
can be overridden by disabling capability support at compile time.
See [Compile-time options](#opts) below for details on other libraries
that may be required to support optional features.
BIND is also available for Windows 2008 and higher. See
`win32utils/readme1st.txt` for details on building for Windows
@ -230,10 +235,10 @@ performance on smaller systems.
For the server to support DNSSEC, you need to build it with crypto support.
To use OpenSSL, you should have OpenSSL 1.0.2e or newer installed. If the
OpenSSL library is installed in a nonstandard location, specify the prefix
using "--with-openssl=&lt;PREFIX&gt;" on the configure command line. To use a
using `--with-openssl=<PREFIX>` on the configure command line. To use a
PKCS#11 hardware service module for cryptographic operations, specify the
path to the PKCS#11 provider library using "--with-pkcs11=&lt;PREFIX&gt;", and
configure BIND with "--enable-native-pkcs11".
path to the PKCS#11 provider library using `--with-pkcs11=<PREFIX>`, and
configure BIND with `--enable-native-pkcs11`.
To support the HTTP statistics channel, the server must be linked with at
least one of the following: libxml2
@ -248,18 +253,23 @@ specify the prefix using `--with-zlib=/prefix`.
To support storing configuration data for runtime-added zones in an LMDB
database, the server must be linked with liblmdb. If this is installed in a
nonstandard location, specify the prefix using "with-lmdb=/prefix".
nonstandard location, specify the prefix using `with-lmdb=/prefix`.
To support GeoIP location-based ACLs, the server must be linked with
libGeoIP. This is not turned on by default; BIND must be configured with
"--with-geoip". If the library is installed in a nonstandard location, use
specify the prefix using "--with-geoip=/prefix".
`--with-geoip`. If the library is installed in a nonstandard location,
specify the prefix using `--with-geoip=/prefix`.
For DNSTAP packet logging, you must have installed libfstrm
[https://github.com/farsightsec/fstrm](https://github.com/farsightsec/fstrm)
and libprotobuf-c
[https://developers.google.com/protocol-buffers](https://developers.google.com/protocol-buffers),
and BIND must be configured with "--enable-dnstap".
and BIND must be configured with `--enable-dnstap`.
On Linux, process capabilities are managed in user space using
the `libcap` library, which can be installed on most Linux systems via
the `libcap-dev` or `libcap-devel` module. Process capability support can
also be disabled by configuring with `--disable-linux-caps`.
Portions of BIND that are written in Python, including
`dnssec-keymgr`, `dnssec-coverage`, `dnssec-checkds`, and some of the
@ -276,10 +286,6 @@ specifying `--enable-fixed-rrset` or `--disable-fixed-rrset` on the
configure command line. By default, fixed rrset-order is disabled to
reduce memory footprint.
If your operating system has integrated support for IPv6, it will be used
automatically. If you have installed KAME IPv6 separately, use
`--with-kame[=PATH]` to specify its location.
`make install` will install `named` and the various BIND 9 libraries. By
default, installation is into /usr/local, but this can be changed with the
`--prefix` option when running `configure`.
@ -305,9 +311,10 @@ and will be skipped if these are not available. Some tests require Python
and the 'dnspython' module and will be skipped if these are not available.
See bin/tests/system/README for further details.
Unit tests are implemented using Automated Testing Framework (ATF).
To run them, use `configure --with-atf`, then run `make test` or
`make unit`.
Unit tests are implemented using the CMocka unit testing framework.
To build them, use `configure --with-cmocka`. Execution of tests is done
by the Kyua test execution engine; if the `kyua` command is available,
then unit tests can be run via `make test` or `make unit`.
### <a name="doc"/> Documentation

311
external/mpl/bind/dist/aclocal.m4 vendored
View File

@ -1,17 +1,298 @@
sinclude(libtool.m4/libtool.m4)dnl
sinclude(libtool.m4/ltoptions.m4)dnl
sinclude(libtool.m4/ltsugar.m4)dnl
sinclude(libtool.m4/ltversion.m4)dnl
sinclude(libtool.m4/lt~obsolete.m4)dnl
# generated automatically by aclocal 1.16.1 -*- Autoconf -*-
m4_divert_text(HELP_CANON, [[
NOTE: If PREFIX is not set, then the default values for --sysconfdir
and --localstatedir are /etc and /var, respectively.]])
m4_divert_text(HELP_END, [[
Professional support for BIND is provided by Internet Systems Consortium,
Inc. Information about paid support and training options is available at
https://www.isc.org/support.
# Copyright (C) 1996-2018 Free Software Foundation, Inc.
Help can also often be found on the BIND Users mailing list
(https://lists.isc.org/mailman/listinfo/bind-users) or in the #bind
channel of the Freenode IRC service.]])
# This file is free software; the Free Software Foundation
# gives unlimited permission to copy and/or distribute it,
# with or without modifications, as long as this notice is preserved.
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY, to the extent permitted by law; without
# even the implied warranty of MERCHANTABILITY or FITNESS FOR A
# PARTICULAR PURPOSE.
m4_ifndef([AC_CONFIG_MACRO_DIRS], [m4_defun([_AM_CONFIG_MACRO_DIRS], [])m4_defun([AC_CONFIG_MACRO_DIRS], [_AM_CONFIG_MACRO_DIRS($@)])])
# pkg.m4 - Macros to locate and utilise pkg-config. -*- Autoconf -*-
# serial 12 (pkg-config-0.29.2)
dnl Copyright © 2004 Scott James Remnant <scott@netsplit.com>.
dnl Copyright © 2012-2015 Dan Nicholson <dbn.lists@gmail.com>
dnl
dnl This program is free software; you can redistribute it and/or modify
dnl it under the terms of the GNU General Public License as published by
dnl the Free Software Foundation; either version 2 of the License, or
dnl (at your option) any later version.
dnl
dnl This program is distributed in the hope that it will be useful, but
dnl WITHOUT ANY WARRANTY; without even the implied warranty of
dnl MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU
dnl General Public License for more details.
dnl
dnl You should have received a copy of the GNU General Public License
dnl along with this program; if not, write to the Free Software
dnl Foundation, Inc., 59 Temple Place - Suite 330, Boston, MA
dnl 02111-1307, USA.
dnl
dnl As a special exception to the GNU General Public License, if you
dnl distribute this file as part of a program that contains a
dnl configuration script generated by Autoconf, you may include it under
dnl the same distribution terms that you use for the rest of that
dnl program.
dnl PKG_PREREQ(MIN-VERSION)
dnl -----------------------
dnl Since: 0.29
dnl
dnl Verify that the version of the pkg-config macros are at least
dnl MIN-VERSION. Unlike PKG_PROG_PKG_CONFIG, which checks the user's
dnl installed version of pkg-config, this checks the developer's version
dnl of pkg.m4 when generating configure.
dnl
dnl To ensure that this macro is defined, also add:
dnl m4_ifndef([PKG_PREREQ],
dnl [m4_fatal([must install pkg-config 0.29 or later before running autoconf/autogen])])
dnl
dnl See the "Since" comment for each macro you use to see what version
dnl of the macros you require.
m4_defun([PKG_PREREQ],
[m4_define([PKG_MACROS_VERSION], [0.29.2])
m4_if(m4_version_compare(PKG_MACROS_VERSION, [$1]), -1,
[m4_fatal([pkg.m4 version $1 or higher is required but ]PKG_MACROS_VERSION[ found])])
])dnl PKG_PREREQ
dnl PKG_PROG_PKG_CONFIG([MIN-VERSION])
dnl ----------------------------------
dnl Since: 0.16
dnl
dnl Search for the pkg-config tool and set the PKG_CONFIG variable to
dnl first found in the path. Checks that the version of pkg-config found
dnl is at least MIN-VERSION. If MIN-VERSION is not specified, 0.9.0 is
dnl used since that's the first version where most current features of
dnl pkg-config existed.
AC_DEFUN([PKG_PROG_PKG_CONFIG],
[m4_pattern_forbid([^_?PKG_[A-Z_]+$])
m4_pattern_allow([^PKG_CONFIG(_(PATH|LIBDIR|SYSROOT_DIR|ALLOW_SYSTEM_(CFLAGS|LIBS)))?$])
m4_pattern_allow([^PKG_CONFIG_(DISABLE_UNINSTALLED|TOP_BUILD_DIR|DEBUG_SPEW)$])
AC_ARG_VAR([PKG_CONFIG], [path to pkg-config utility])
AC_ARG_VAR([PKG_CONFIG_PATH], [directories to add to pkg-config's search path])
AC_ARG_VAR([PKG_CONFIG_LIBDIR], [path overriding pkg-config's built-in search path])
if test "x$ac_cv_env_PKG_CONFIG_set" != "xset"; then
AC_PATH_TOOL([PKG_CONFIG], [pkg-config])
fi
if test -n "$PKG_CONFIG"; then
_pkg_min_version=m4_default([$1], [0.9.0])
AC_MSG_CHECKING([pkg-config is at least version $_pkg_min_version])
if $PKG_CONFIG --atleast-pkgconfig-version $_pkg_min_version; then
AC_MSG_RESULT([yes])
else
AC_MSG_RESULT([no])
PKG_CONFIG=""
fi
fi[]dnl
])dnl PKG_PROG_PKG_CONFIG
dnl PKG_CHECK_EXISTS(MODULES, [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
dnl -------------------------------------------------------------------
dnl Since: 0.18
dnl
dnl Check to see whether a particular set of modules exists. Similar to
dnl PKG_CHECK_MODULES(), but does not set variables or print errors.
dnl
dnl Please remember that m4 expands AC_REQUIRE([PKG_PROG_PKG_CONFIG])
dnl only at the first occurence in configure.ac, so if the first place
dnl it's called might be skipped (such as if it is within an "if", you
dnl have to call PKG_CHECK_EXISTS manually
AC_DEFUN([PKG_CHECK_EXISTS],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
if test -n "$PKG_CONFIG" && \
AC_RUN_LOG([$PKG_CONFIG --exists --print-errors "$1"]); then
m4_default([$2], [:])
m4_ifvaln([$3], [else
$3])dnl
fi])
dnl _PKG_CONFIG([VARIABLE], [COMMAND], [MODULES])
dnl ---------------------------------------------
dnl Internal wrapper calling pkg-config via PKG_CONFIG and setting
dnl pkg_failed based on the result.
m4_define([_PKG_CONFIG],
[if test -n "$$1"; then
pkg_cv_[]$1="$$1"
elif test -n "$PKG_CONFIG"; then
PKG_CHECK_EXISTS([$3],
[pkg_cv_[]$1=`$PKG_CONFIG --[]$2 "$3" 2>/dev/null`
test "x$?" != "x0" && pkg_failed=yes ],
[pkg_failed=yes])
else
pkg_failed=untried
fi[]dnl
])dnl _PKG_CONFIG
dnl _PKG_SHORT_ERRORS_SUPPORTED
dnl ---------------------------
dnl Internal check to see if pkg-config supports short errors.
AC_DEFUN([_PKG_SHORT_ERRORS_SUPPORTED],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])
if $PKG_CONFIG --atleast-pkgconfig-version 0.20; then
_pkg_short_errors_supported=yes
else
_pkg_short_errors_supported=no
fi[]dnl
])dnl _PKG_SHORT_ERRORS_SUPPORTED
dnl PKG_CHECK_MODULES(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
dnl [ACTION-IF-NOT-FOUND])
dnl --------------------------------------------------------------
dnl Since: 0.4.0
dnl
dnl Note that if there is a possibility the first call to
dnl PKG_CHECK_MODULES might not happen, you should be sure to include an
dnl explicit call to PKG_PROG_PKG_CONFIG in your configure.ac
AC_DEFUN([PKG_CHECK_MODULES],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
AC_ARG_VAR([$1][_CFLAGS], [C compiler flags for $1, overriding pkg-config])dnl
AC_ARG_VAR([$1][_LIBS], [linker flags for $1, overriding pkg-config])dnl
pkg_failed=no
AC_MSG_CHECKING([for $2])
_PKG_CONFIG([$1][_CFLAGS], [cflags], [$2])
_PKG_CONFIG([$1][_LIBS], [libs], [$2])
m4_define([_PKG_TEXT], [Alternatively, you may set the environment variables $1[]_CFLAGS
and $1[]_LIBS to avoid the need to call pkg-config.
See the pkg-config man page for more details.])
if test $pkg_failed = yes; then
AC_MSG_RESULT([no])
_PKG_SHORT_ERRORS_SUPPORTED
if test $_pkg_short_errors_supported = yes; then
$1[]_PKG_ERRORS=`$PKG_CONFIG --short-errors --print-errors --cflags --libs "$2" 2>&1`
else
$1[]_PKG_ERRORS=`$PKG_CONFIG --print-errors --cflags --libs "$2" 2>&1`
fi
# Put the nasty error message in config.log where it belongs
echo "$$1[]_PKG_ERRORS" >&AS_MESSAGE_LOG_FD
m4_default([$4], [AC_MSG_ERROR(
[Package requirements ($2) were not met:
$$1_PKG_ERRORS
Consider adjusting the PKG_CONFIG_PATH environment variable if you
installed software in a non-standard prefix.
_PKG_TEXT])[]dnl
])
elif test $pkg_failed = untried; then
AC_MSG_RESULT([no])
m4_default([$4], [AC_MSG_FAILURE(
[The pkg-config script could not be found or is too old. Make sure it
is in your PATH or set the PKG_CONFIG environment variable to the full
path to pkg-config.
_PKG_TEXT
To get pkg-config, see <http://pkg-config.freedesktop.org/>.])[]dnl
])
else
$1[]_CFLAGS=$pkg_cv_[]$1[]_CFLAGS
$1[]_LIBS=$pkg_cv_[]$1[]_LIBS
AC_MSG_RESULT([yes])
$3
fi[]dnl
])dnl PKG_CHECK_MODULES
dnl PKG_CHECK_MODULES_STATIC(VARIABLE-PREFIX, MODULES, [ACTION-IF-FOUND],
dnl [ACTION-IF-NOT-FOUND])
dnl ---------------------------------------------------------------------
dnl Since: 0.29
dnl
dnl Checks for existence of MODULES and gathers its build flags with
dnl static libraries enabled. Sets VARIABLE-PREFIX_CFLAGS from --cflags
dnl and VARIABLE-PREFIX_LIBS from --libs.
dnl
dnl Note that if there is a possibility the first call to
dnl PKG_CHECK_MODULES_STATIC might not happen, you should be sure to
dnl include an explicit call to PKG_PROG_PKG_CONFIG in your
dnl configure.ac.
AC_DEFUN([PKG_CHECK_MODULES_STATIC],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
_save_PKG_CONFIG=$PKG_CONFIG
PKG_CONFIG="$PKG_CONFIG --static"
PKG_CHECK_MODULES($@)
PKG_CONFIG=$_save_PKG_CONFIG[]dnl
])dnl PKG_CHECK_MODULES_STATIC
dnl PKG_INSTALLDIR([DIRECTORY])
dnl -------------------------
dnl Since: 0.27
dnl
dnl Substitutes the variable pkgconfigdir as the location where a module
dnl should install pkg-config .pc files. By default the directory is
dnl $libdir/pkgconfig, but the default can be changed by passing
dnl DIRECTORY. The user can override through the --with-pkgconfigdir
dnl parameter.
AC_DEFUN([PKG_INSTALLDIR],
[m4_pushdef([pkg_default], [m4_default([$1], ['${libdir}/pkgconfig'])])
m4_pushdef([pkg_description],
[pkg-config installation directory @<:@]pkg_default[@:>@])
AC_ARG_WITH([pkgconfigdir],
[AS_HELP_STRING([--with-pkgconfigdir], pkg_description)],,
[with_pkgconfigdir=]pkg_default)
AC_SUBST([pkgconfigdir], [$with_pkgconfigdir])
m4_popdef([pkg_default])
m4_popdef([pkg_description])
])dnl PKG_INSTALLDIR
dnl PKG_NOARCH_INSTALLDIR([DIRECTORY])
dnl --------------------------------
dnl Since: 0.27
dnl
dnl Substitutes the variable noarch_pkgconfigdir as the location where a
dnl module should install arch-independent pkg-config .pc files. By
dnl default the directory is $datadir/pkgconfig, but the default can be
dnl changed by passing DIRECTORY. The user can override through the
dnl --with-noarch-pkgconfigdir parameter.
AC_DEFUN([PKG_NOARCH_INSTALLDIR],
[m4_pushdef([pkg_default], [m4_default([$1], ['${datadir}/pkgconfig'])])
m4_pushdef([pkg_description],
[pkg-config arch-independent installation directory @<:@]pkg_default[@:>@])
AC_ARG_WITH([noarch-pkgconfigdir],
[AS_HELP_STRING([--with-noarch-pkgconfigdir], pkg_description)],,
[with_noarch_pkgconfigdir=]pkg_default)
AC_SUBST([noarch_pkgconfigdir], [$with_noarch_pkgconfigdir])
m4_popdef([pkg_default])
m4_popdef([pkg_description])
])dnl PKG_NOARCH_INSTALLDIR
dnl PKG_CHECK_VAR(VARIABLE, MODULE, CONFIG-VARIABLE,
dnl [ACTION-IF-FOUND], [ACTION-IF-NOT-FOUND])
dnl -------------------------------------------
dnl Since: 0.28
dnl
dnl Retrieves the value of the pkg-config variable for the given module.
AC_DEFUN([PKG_CHECK_VAR],
[AC_REQUIRE([PKG_PROG_PKG_CONFIG])dnl
AC_ARG_VAR([$1], [value of $3 for $2, overriding pkg-config])dnl
_PKG_CONFIG([$1], [variable="][$3]["], [$2])
AS_VAR_COPY([$1], [pkg_cv_][$1])
AS_VAR_IF([$1], [""], [$5], [$4])dnl
])dnl PKG_CHECK_VAR
m4_include([m4/ax_check_openssl.m4])
m4_include([m4/ax_posix_shell.m4])
m4_include([m4/ax_pthread.m4])
m4_include([m4/libtool.m4])
m4_include([m4/ltoptions.m4])
m4_include([m4/ltsugar.m4])
m4_include([m4/ltversion.m4])
m4_include([m4/lt~obsolete.m4])

2
external/mpl/bind/dist/autogen.sh vendored
View File

@ -10,4 +10,4 @@
# information regarding copyright ownership.
# Run this script after modifying configure.in to generate configure
autoreconf -i
autoreconf -f -i

2
external/mpl/bind/dist/bin/Makefile.in vendored
View File

@ -12,7 +12,7 @@ VPATH = @srcdir@
top_srcdir = @top_srcdir@
SUBDIRS = named rndc dig delv dnssec tools nsupdate check confgen \
@NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ tests
@NZD_TOOLS@ @PYTHON_TOOLS@ @PKCS11_TOOLS@ plugins tests
TARGETS =
@BIND9_MAKE_RULES@

14
external/mpl/bind/dist/bin/check/Makefile.in vendored
View File

@ -16,15 +16,15 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
CINCLUDES = ${NS_INCLUDES} ${BIND9_INCLUDES} ${DNS_INCLUDES} ${ISCCFG_INCLUDES} \
${ISC_INCLUDES} @DST_OPENSSL_INC@
${ISC_INCLUDES} @OPENSSL_INCLUDES@
CDEFINES = @CRYPTO@ -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
CDEFINES = -DNAMED_CONFFILE=\"${sysconfdir}/named.conf\"
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@
NSLIBS = ../../lib/ns/libns.@A@
@ -66,7 +66,7 @@ named-checkzone.@O@: named-checkzone.c
named-checkconf@EXEEXT@: named-checkconf.@O@ check-tool.@O@ ${ISCDEPLIBS} \
${NSDEPENDLIBS} ${DNSDEPLIBS} ${ISCCFGDEPLIBS} ${BIND9DEPLIBS}
export BASEOBJS="named-checkconf.@O@ check-tool.@O@"; \
export LIBS0="${NSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
export LIBS0="${BIND9LIBS} ${NSLIBS} ${ISCCFGLIBS} ${DNSLIBS}"; \
${FINALBUILDCMD}
named-checkzone@EXEEXT@: named-checkzone.@O@ check-tool.@O@ ${ISCDEPLIBS} \
@ -88,12 +88,12 @@ install:: named-checkconf@EXEEXT@ named-checkzone@EXEEXT@ installdirs
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkconf@EXEEXT@ ${DESTDIR}${sbindir}
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} named-checkzone@EXEEXT@ ${DESTDIR}${sbindir}
(cd ${DESTDIR}${sbindir}; rm -f named-compilezone@EXEEXT@; ${LINK_PROGRAM} named-checkzone@EXEEXT@ named-compilezone@EXEEXT@)
for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8 || exit 1; done
(cd ${DESTDIR}${mandir}/man8; rm -f named-compilezone.8; ${LINK_PROGRAM} named-checkzone.8 named-compilezone.8)
uninstall::
rm -f ${DESTDIR}${mandir}/man8/named-compilezone.8
for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m ; done
for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m || exit 1; done
rm -f ${DESTDIR}${sbindir}/named-compilezone@EXEEXT@
${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-checkconf@EXEEXT@
${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/named-checkzone@EXEEXT@

13
external/mpl/bind/dist/bin/check/named-checkconf.docbook vendored
View File

@ -52,7 +52,7 @@
<refsynopsisdiv>
<cmdsynopsis sepchar=" ">
<command>named-checkconf</command>
<arg choice="opt" rep="norepeat"><option>-hjlvz</option></arg>
<arg choice="opt" rep="norepeat"><option>-chjlvz</option></arg>
<arg choice="opt" rep="norepeat"><option>-p</option>
<arg choice="opt" rep="norepeat"><option>-x</option>
</arg></arg>
@ -114,6 +114,17 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-c</term>
<listitem>
<para>
Check "core" configuration only. This suppresses the loading
of plugin modules, and causes all parameters to
<command>plugin</command> statements to be ignored.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-p</term>
<listitem>

10
external/mpl/bind/dist/bin/check/named-checkconf.html vendored
View File

@ -33,7 +33,7 @@
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p>
<code class="command">named-checkconf</code>
[<code class="option">-hjlvz</code>]
[<code class="option">-chjlvz</code>]
[<code class="option">-p</code>
[<code class="option">-x</code>
]]
@ -88,6 +88,14 @@
(e.g. master or slave).
</p>
</dd>
<dt><span class="term">-c</span></dt>
<dd>
<p>
Check "core" configuration only. This suppresses the loading
of plugin modules, and causes all parameters to
<span class="command"><strong>plugin</strong></span> statements to be ignored.
</p>
</dd>
<dt><span class="term">-p</span></dt>
<dd>
<p>

8
external/mpl/bind/dist/bin/check/win32/checkconf.vcxproj.in vendored
View File

@ -55,7 +55,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -70,7 +70,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -81,7 +81,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -99,7 +99,7 @@
<OptimizeReferences>true</OptimizeReferences>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
</Link>
</ItemDefinitionGroup>

4
external/mpl/bind/dist/bin/check/win32/checktool.vcxproj.in vendored
View File

@ -58,7 +58,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -80,7 +80,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>

8
external/mpl/bind/dist/bin/check/win32/checkzone.vcxproj.in vendored
View File

@ -55,7 +55,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -70,7 +70,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
<PostBuildEvent>
<Command>cd ..\..\..\Build\$(Configuration)
@ -87,7 +87,7 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -105,7 +105,7 @@ copy /Y named-checkzone.ilk named-compilezone.ilk
<OptimizeReferences>true</OptimizeReferences>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@checktool.lib;libisc.lib;libdns.lib;libisccfg.lib;libbind9.lib;libns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
</Link>
<PostBuildEvent>

4
external/mpl/bind/dist/bin/confgen/Makefile.in vendored
View File

@ -27,8 +27,8 @@ CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCCCLIBS = ../../lib/isccc/libisccc.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@

18
external/mpl/bind/dist/bin/confgen/ddns-confgen.docbook vendored
View File

@ -46,7 +46,6 @@
<command>tsig-keygen</command>
<arg choice="opt" rep="norepeat"><option>-a <replaceable class="parameter">algorithm</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-h</option></arg>
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
<arg choice="opt" rep="norepeat">name</arg>
</cmdsynopsis>
<cmdsynopsis sepchar=" ">
@ -157,23 +156,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomfile</replaceable></term>
<listitem>
<para>
Specifies a source of random data for generating the
authorization. If the operating system does not provide a
<filename>/dev/random</filename> or equivalent device, the
default source of randomness is keyboard input.
<filename>randomdev</filename> specifies the name of a
character device or file containing random data to be used
instead of the default. The special value
<filename>keyboard</filename> indicates that keyboard input
should be used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s <replaceable class="parameter">name</replaceable></term>
<listitem>

15
external/mpl/bind/dist/bin/confgen/ddns-confgen.html vendored
View File

@ -35,7 +35,6 @@
<code class="command">tsig-keygen</code>
[<code class="option">-a <em class="replaceable"><code>algorithm</code></em></code>]
[<code class="option">-h</code>]
[<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
[name]
</p></div>
<div class="cmdsynopsis"><p>
@ -136,20 +135,6 @@
This is essentially identical to <span class="command"><strong>tsig-keygen</strong></span>.
</p>
</dd>
<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
<dd>
<p>
Specifies a source of random data for generating the
authorization. If the operating system does not provide a
<code class="filename">/dev/random</code> or equivalent device, the
default source of randomness is keyboard input.
<code class="filename">randomdev</code> specifies the name of a
character device or file containing random data to be used
instead of the default. The special value
<code class="filename">keyboard</code> indicates that keyboard input
should be used.
</p>
</dd>
<dt><span class="term">-s <em class="replaceable"><code>name</code></em></span></dt>
<dd>
<p>

19
external/mpl/bind/dist/bin/confgen/rndc-confgen.docbook vendored
View File

@ -58,7 +58,6 @@
<arg choice="opt" rep="norepeat"><option>-h</option></arg>
<arg choice="opt" rep="norepeat"><option>-k <replaceable class="parameter">keyname</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">port</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomfile</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">address</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">chrootdir</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">user</replaceable></option></arg>
@ -191,24 +190,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomfile</replaceable></term>
<listitem>
<para>
Specifies a source of random data for generating the
authorization. If the operating
system does not provide a <filename>/dev/random</filename>
or equivalent device, the default source of randomness
is keyboard input. <filename>randomdev</filename>
specifies
the name of a character device or file containing random
data to be used instead of the default. The special value
<filename>keyboard</filename> indicates that keyboard
input should be used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s <replaceable class="parameter">address</replaceable></term>
<listitem>

16
external/mpl/bind/dist/bin/confgen/rndc-confgen.html vendored
View File

@ -40,7 +40,6 @@
[<code class="option">-h</code>]
[<code class="option">-k <em class="replaceable"><code>keyname</code></em></code>]
[<code class="option">-p <em class="replaceable"><code>port</code></em></code>]
[<code class="option">-r <em class="replaceable"><code>randomfile</code></em></code>]
[<code class="option">-s <em class="replaceable"><code>address</code></em></code>]
[<code class="option">-t <em class="replaceable"><code>chrootdir</code></em></code>]
[<code class="option">-u <em class="replaceable"><code>user</code></em></code>]
@ -154,21 +153,6 @@
The default is 953.
</p>
</dd>
<dt><span class="term">-r <em class="replaceable"><code>randomfile</code></em></span></dt>
<dd>
<p>
Specifies a source of random data for generating the
authorization. If the operating
system does not provide a <code class="filename">/dev/random</code>
or equivalent device, the default source of randomness
is keyboard input. <code class="filename">randomdev</code>
specifies
the name of a character device or file containing random
data to be used instead of the default. The special value
<code class="filename">keyboard</code> indicates that keyboard
input should be used.
</p>
</dd>
<dt><span class="term">-s <em class="replaceable"><code>address</code></em></span></dt>
<dd>
<p>

4
external/mpl/bind/dist/bin/confgen/win32/ddnsconfgen.vcxproj.in vendored
View File

@ -70,7 +70,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
<PostBuildEvent>
<Command>cd ..\..\..\Build\$(Configuration)
@ -106,7 +106,7 @@ copy /Y ddns-confgen.ilk tsig-keygen.ilk
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
<PostBuildEvent>
<Command>cd ..\..\..\Build\$(Configuration)

4
external/mpl/bind/dist/bin/confgen/win32/rndcconfgen.vcxproj.in vendored
View File

@ -70,7 +70,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -100,7 +100,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@confgentool.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

8
external/mpl/bind/dist/bin/delv/Makefile.in vendored
View File

@ -16,16 +16,16 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} ${ISC_INCLUDES} \
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @DST_OPENSSL_INC@
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @OPENSSL_INCLUDES@
CDEFINES = @CRYPTO@ -DVERSION=\"${VERSION}\" \
CDEFINES = -DVERSION=\"${VERSION}\" \
-DSYSCONFDIR=\"${sysconfdir}\"
CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
IRSLIBS = ../../lib/irs/libirs.@A@
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@

8
external/mpl/bind/dist/bin/delv/win32/delv.vcxproj.in vendored
View File

@ -53,7 +53,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -68,7 +68,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>libisc.lib;libdns.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@libisc.lib;libdns.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -79,7 +79,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -98,7 +98,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>libisc.lib;libdns.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@libisc.lib;libdns.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

20
external/mpl/bind/dist/bin/dig/Makefile.in vendored
View File

@ -19,16 +19,16 @@ READLINE_LIB = @READLINE_LIB@
CINCLUDES = -I${srcdir}/include ${DNS_INCLUDES} \
${BIND9_INCLUDES} ${ISC_INCLUDES} \
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @DST_OPENSSL_INC@
${IRS_INCLUDES} ${ISCCFG_INCLUDES} @LIBIDN2_CFLAGS@ @OPENSSL_INCLUDES@
CDEFINES = -DVERSION=\"${VERSION}\" @CRYPTO@
CDEFINES = -DVERSION=\"${VERSION}\"
CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
IRSLIBS = ../../lib/irs/libirs.@A@
ISCCFGDEPLIBS = ../../lib/isccfg/libisccfg.@A@
@ -41,10 +41,10 @@ DEPLIBS = ${DNSDEPLIBS} ${IRSDEPLIBS} ${BIND9DEPLIBS} \
${ISCDEPLIBS} ${ISCCFGDEPLIBS}
LIBS = ${DNSLIBS} ${IRSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
${ISCLIBS} @IDNKIT_LIBS@ @LIBIDN2_LIBS@ @LIBS@
${ISCLIBS} @LIBIDN2_LIBS@ @LIBS@
NOSYMLIBS = ${DNSLIBS} ${IRSLIBS} ${BIND9LIBS} ${ISCCFGLIBS} \
${ISCNOSYMLIBS} @IDNKIT_LIBS@ @LIBIDN2_LIBS@ @LIBS@
${ISCNOSYMLIBS} @LIBIDN2_LIBS@ @LIBS@
SUBDIRS =
@ -64,6 +64,8 @@ MANOBJS = ${MANPAGES} ${HTMLPAGES}
@BIND9_MAKE_RULES@
LDFLAGS = @LDFLAGS@ @LIBIDN2_LDFLAGS@
dig@EXEEXT@: dig.@O@ dighost.@O@ ${UOBJS} ${DEPLIBS}
export BASEOBJS="dig.@O@ dighost.@O@ ${UOBJS}"; \
export LIBS0="${DNSLIBS} ${IRSLIBS}"; \
@ -99,12 +101,12 @@ install:: dig@EXEEXT@ host@EXEEXT@ nslookup@EXEEXT@ installdirs
${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} \
nslookup@EXEEXT@ ${DESTDIR}${bindir}
for m in ${MANPAGES}; do \
${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1; \
done
${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man1 || exit 1; \
done
uninstall::
for m in ${MANPAGES}; do \
rm -f ${DESTDIR}${mandir}/man1/$$m ; \
rm -f ${DESTDIR}${mandir}/man1/$$m || exit 1; \
done
${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/nslookup@EXEEXT@
${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${bindir}/host@EXEEXT@

76
external/mpl/bind/dist/bin/dig/dig.docbook vendored
View File

@ -131,9 +131,10 @@
<para>
It is possible to set per-user defaults for <command>dig</command> via
<filename>${HOME}/.digrc</filename>. This file is read and
any options in it
are applied before the command line arguments.
<filename>${HOME}/.digrc</filename>. This file is read and any
options in it are applied before the command line arguments.
The <option>-r</option> option disables this feature, for
scripts that need predictable behaviour.
</para>
<para>
@ -271,17 +272,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-i</term>
<listitem>
<para>
Do reverse IPv6 lookups using the obsolete RFC 1886 IP6.INT
domain, which is no longer in use. Obsolete bit string
label queries (RFC 2874) are not attempted.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-k <replaceable class="parameter">keyfile</replaceable></term>
<listitem>
@ -334,6 +324,16 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-r</term>
<listitem>
<para>
Do not read options from <filename>${HOME}/.digrc</filename>.
This is useful for scripts that need predictable behaviour.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-t <replaceable class="parameter">type</replaceable></term>
<listitem>
@ -394,8 +394,7 @@
<literal>94.2.0.192.in-addr.arpa</literal> and sets the
query type and class to PTR and IN respectively. IPv6
addresses are looked up using nibble format under the
IP6.ARPA domain (but see also the <option>-i</option>
option).
IP6.ARPA domain.
</para>
</listitem>
</varlistentry>
@ -789,7 +788,13 @@
<para>
Process [do not process] IDN domain names on input.
This requires IDN SUPPORT to have been enabled at
compile time. The default is to process IDN input.
compile time.
</para>
<para>
The default is to process IDN input when standard output
is a tty. The IDN processing on input is disabled when
dig output is redirected to files, pipes, and other
non-tty file descriptors.
</para>
</listitem>
</varlistentry>
@ -800,7 +805,13 @@
<para>
Convert [do not convert] puny code on output.
This requires IDN SUPPORT to have been enabled at
compile time. The default is to convert output.
compile time.
</para>
<para>
The default is to process puny code on output when
standard output is a tty. The puny code processing on
output is disabled when dig output is redirected to
files, pipes, and other non-tty file descriptors.
</para>
</listitem>
</varlistentry>
@ -895,7 +906,8 @@
attempts to find the authoritative name servers for
the zone containing the name being looked up and
display the SOA record that each name server has for
the zone.
the zone. Addresses of servers that that did not
respond are also printed.
</para>
</listitem>
</varlistentry>
@ -959,6 +971,17 @@
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]raflag</option></term>
<listitem>
<para>
Set [do not set] the RA (Recursion Available) bit in
the query. The default is +noraflag. This bit should
be ignored by the server for QUERY.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]rdflag</option></term>
<listitem>
@ -1102,6 +1125,17 @@
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]tcflag</option></term>
<listitem>
<para>
Set [do not set] the TC (TrunCation) bit in the query.
The default is +notcflag. This bit should be ignored
by the server for QUERY.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><option>+[no]tcp</option></term>
<listitem>
@ -1307,7 +1341,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
reply from the server.
If you'd like to turn off the IDN support for some reason, use
parameters <parameter>+noidnin</parameter> and
<parameter>+noidnout</parameter>.
<parameter>+noidnout</parameter> or define
the <envar>IDN_DISABLE</envar> environment variable.
</para>
</refsection>

64
external/mpl/bind/dist/bin/dig/dig.html vendored
View File

@ -106,9 +106,10 @@
<p>
It is possible to set per-user defaults for <span class="command"><strong>dig</strong></span> via
<code class="filename">${HOME}/.digrc</code>. This file is read and
any options in it
are applied before the command line arguments.
<code class="filename">${HOME}/.digrc</code>. This file is read and any
options in it are applied before the command line arguments.
The <code class="option">-r</code> option disables this feature, for
scripts that need predictable behaviour.
</p>
<p>
@ -227,14 +228,6 @@
<span class="command"><strong>dig</strong></span> using the command-line interface.
</p>
</dd>
<dt><span class="term">-i</span></dt>
<dd>
<p>
Do reverse IPv6 lookups using the obsolete RFC 1886 IP6.INT
domain, which is no longer in use. Obsolete bit string
label queries (RFC 2874) are not attempted.
</p>
</dd>
<dt><span class="term">-k <em class="replaceable"><code>keyfile</code></em></span></dt>
<dd>
<p>
@ -274,6 +267,13 @@
the <em class="parameter"><code>name</code></em> from other arguments.
</p>
</dd>
<dt><span class="term">-r</span></dt>
<dd>
<p>
Do not read options from <code class="filename">${HOME}/.digrc</code>.
This is useful for scripts that need predictable behaviour.
</p>
</dd>
<dt><span class="term">-t <em class="replaceable"><code>type</code></em></span></dt>
<dd>
<p>
@ -324,8 +324,7 @@
<code class="literal">94.2.0.192.in-addr.arpa</code> and sets the
query type and class to PTR and IN respectively. IPv6
addresses are looked up using nibble format under the
IP6.ARPA domain (but see also the <code class="option">-i</code>
option).
IP6.ARPA domain.
</p>
</dd>
<dt><span class="term">-y <em class="replaceable"><code>[<span class="optional">hmac:</span>]keyname:secret</code></em></span></dt>
@ -631,7 +630,13 @@
<p>
Process [do not process] IDN domain names on input.
This requires IDN SUPPORT to have been enabled at
compile time. The default is to process IDN input.
compile time.
</p>
<p>
The default is to process IDN input when standard output
is a tty. The IDN processing on input is disabled when
dig output is redirected to files, pipes, and other
non-tty file descriptors.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]idnout</code></span></dt>
@ -639,7 +644,13 @@
<p>
Convert [do not convert] puny code on output.
This requires IDN SUPPORT to have been enabled at
compile time. The default is to convert output.
compile time.
</p>
<p>
The default is to process puny code on output when
standard output is a tty. The puny code processing on
output is disabled when dig output is redirected to
files, pipes, and other non-tty file descriptors.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]ignore</code></span></dt>
@ -710,7 +721,8 @@
attempts to find the authoritative name servers for
the zone containing the name being looked up and
display the SOA record that each name server has for
the zone.
the zone. Addresses of servers that that did not
respond are also printed.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]onesoa</code></span></dt>
@ -757,6 +769,14 @@
the question section as a comment.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]raflag</code></span></dt>
<dd>
<p>
Set [do not set] the RA (Recursion Available) bit in
the query. The default is +noraflag. This bit should
be ignored by the server for QUERY.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]rdflag</code></span></dt>
<dd>
<p>
@ -867,6 +887,14 @@
this query.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]tcflag</code></span></dt>
<dd>
<p>
Set [do not set] the TC (TrunCation) bit in the query.
The default is +notcflag. This bit should be ignored
by the server for QUERY.
</p>
</dd>
<dt><span class="term"><code class="option">+[no]tcp</code></span></dt>
<dd>
<p>
@ -1044,7 +1072,9 @@ dig +qr www.isc.org any -x 127.0.0.1 isc.org ns +noqr
reply from the server.
If you'd like to turn off the IDN support for some reason, use
parameters <em class="parameter"><code>+noidnin</code></em> and
<em class="parameter"><code>+noidnout</code></em>.
<em class="parameter"><code>+noidnout</code></em> or define
the <code class="envar">IDN_DISABLE</code> environment variable.
</p>
</div>

14
external/mpl/bind/dist/bin/dig/host.docbook vendored
View File

@ -179,18 +179,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-i</term>
<listitem>
<para>
Obsolete.
Use the IP6.INT domain for reverse lookups of IPv6
addresses as defined in RFC1886 and deprecated in RFC4159.
The default is to use IP6.ARPA as specified in RFC3596.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-l</term>
<listitem>
@ -389,7 +377,7 @@
<command>host</command> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
If you'd like to turn off the IDN support for some reason, defines
If you'd like to turn off the IDN support for some reason, define
the <envar>IDN_DISABLE</envar> environment variable.
The IDN support is disabled if the variable is set when
<command>host</command> runs.

11
external/mpl/bind/dist/bin/dig/host.html vendored
View File

@ -138,15 +138,6 @@
Equivalent to the <code class="option">-v</code> verbose option.
</p>
</dd>
<dt><span class="term">-i</span></dt>
<dd>
<p>
Obsolete.
Use the IP6.INT domain for reverse lookups of IPv6
addresses as defined in RFC1886 and deprecated in RFC4159.
The default is to use IP6.ARPA as specified in RFC3596.
</p>
</dd>
<dt><span class="term">-l</span></dt>
<dd>
<p>
@ -311,7 +302,7 @@
<span class="command"><strong>host</strong></span> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
If you'd like to turn off the IDN support for some reason, defines
If you'd like to turn off the IDN support for some reason, define
the <code class="envar">IDN_DISABLE</code> environment variable.
The IDN support is disabled if the variable is set when
<span class="command"><strong>host</strong></span> runs.

16
external/mpl/bind/dist/bin/dig/nslookup.docbook vendored
View File

@ -478,6 +478,22 @@ nslookup -query=hinfo -timeout=10
</para>
</refsection>
<refsection><info><title>IDN SUPPORT</title></info>
<para>
If <command>nslookup</command> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
<command>nslookup</command> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
If you'd like to turn off the IDN support for some reason, define
the <envar>IDN_DISABLE</envar> environment variable.
The IDN support is disabled if the variable is set when
<command>nslookup</command> runs or when the standard output is not
a tty.
</para>
</refsection>
<refsection><info><title>FILES</title></info>
<para><filename>/etc/resolv.conf</filename>

21
external/mpl/bind/dist/bin/dig/nslookup.html vendored
View File

@ -362,14 +362,31 @@ nslookup -query=hinfo -timeout=10
</div>
<div class="refsection">
<a name="id-1.11"></a><h2>FILES</h2>
<a name="id-1.11"></a><h2>IDN SUPPORT</h2>
<p>
If <span class="command"><strong>nslookup</strong></span> has been built with IDN (internationalized
domain name) support, it can accept and display non-ASCII domain names.
<span class="command"><strong>nslookup</strong></span> appropriately converts character encoding of
domain name before sending a request to DNS server or displaying a
reply from the server.
If you'd like to turn off the IDN support for some reason, define
the <code class="envar">IDN_DISABLE</code> environment variable.
The IDN support is disabled if the variable is set when
<span class="command"><strong>nslookup</strong></span> runs or when the standard output is not
a tty.
</p>
</div>
<div class="refsection">
<a name="id-1.12"></a><h2>FILES</h2>
<p><code class="filename">/etc/resolv.conf</code>
</p>
</div>
<div class="refsection">
<a name="id-1.12"></a><h2>SEE ALSO</h2>
<a name="id-1.13"></a><h2>SEE ALSO</h2>
<p><span class="citerefentry">
<span class="refentrytitle">dig</span>(1)

8
external/mpl/bind/dist/bin/dig/win32/dig.vcxproj.in vendored
View File

@ -53,7 +53,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -68,7 +68,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dighost.lib;libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;@IDN_LIB@ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dighost.lib;libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;@IDN_LIB@ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -79,7 +79,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -98,7 +98,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dighost.lib;libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;@IDN_LIB@ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dighost.lib;libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;@IDN_LIB@ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

4
external/mpl/bind/dist/bin/dig/win32/dighost.vcxproj.in vendored
View File

@ -53,7 +53,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -77,7 +77,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>

8
external/mpl/bind/dist/bin/dig/win32/host.vcxproj.in vendored
View File

@ -53,7 +53,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -68,7 +68,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dighost.lib;@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dighost.lib;@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -79,7 +79,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -98,7 +98,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dighost.lib;@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dighost.lib;@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

8
external/mpl/bind/dist/bin/dig/win32/nslookup.vcxproj.in vendored
View File

@ -53,7 +53,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@USE_READLINE_STATIC;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;USE_READLINE_STATIC;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -68,7 +68,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>@READLINE_LIBD@@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@@READLINE_LIBD@@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -79,7 +79,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@USE_READLINE_STATIC;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;USE_READLINE_STATIC;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -98,7 +98,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>@READLINE_LIB@@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@@READLINE_LIB@@IDN_LIB@libisc.lib;libisccfg.lib;libirs.lib;libdns.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

17
external/mpl/bind/dist/bin/dnssec/Makefile.in vendored
View File

@ -15,15 +15,14 @@ VERSION=@BIND9_VERSION@
@BIND9_MAKE_INCLUDES@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} @OPENSSL_INCLUDES@
CDEFINES = -DVERSION=\"${VERSION}\" @USE_PKCS11@ @PKCS11_ENGINE@ \
@CRYPTO@ -DPK11_LIB_LOCATION=\"@PKCS11_PROVIDER@\"
CDEFINES = -DVERSION=\"${VERSION}\"
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
DNSDEPLIBS = ../../lib/dns/libdns.@A@
ISCDEPLIBS = ../../lib/isc/libisc.@A@
@ -116,12 +115,12 @@ installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
install:: ${TARGETS} installdirs
for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir}; done
for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8; done
for t in ${TARGETS}; do ${LIBTOOL_MODE_INSTALL} ${INSTALL_PROGRAM} $$t ${DESTDIR}${sbindir} || exit 1; done
for m in ${MANPAGES}; do ${INSTALL_DATA} ${srcdir}/$$m ${DESTDIR}${mandir}/man8 || exit 1; done
uninstall::
for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m ; done
for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t ; done
for m in ${MANPAGES}; do rm -f ${DESTDIR}${mandir}/man8/$$m || exit 1; done
for t in ${TARGETS}; do ${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${sbindir}/$$t || exit 1; done
clean distclean::
rm -f ${TARGETS}

2
external/mpl/bind/dist/bin/dnssec/dnssec-cds.docbook vendored
View File

@ -144,7 +144,7 @@
</para>
<para>
The <replaceable>algorithm</replaceable> must be one of SHA-1
(SHA1), SHA-256 (SHA256), GOST, or SHA-384 (SHA384). These
(SHA1), SHA-256 (SHA256), or SHA-384 (SHA384). These
values are case insensitive. If no algorithm is specified,
the default is SHA-256.
</para>

2
external/mpl/bind/dist/bin/dnssec/dnssec-cds.html vendored
View File

@ -130,7 +130,7 @@
</p>
<p>
The <em class="replaceable"><code>algorithm</code></em> must be one of SHA-1
(SHA1), SHA-256 (SHA256), GOST, or SHA-384 (SHA384). These
(SHA1), SHA-256 (SHA256), or SHA-384 (SHA384). These
values are case insensitive. If no algorithm is specified,
the default is SHA-256.
</p>

2
external/mpl/bind/dist/bin/dnssec/dnssec-dsfromkey.docbook vendored
View File

@ -117,7 +117,7 @@
<para>
Select the digest algorithm. The value of
<option>algorithm</option> must be one of SHA-1 (SHA1),
SHA-256 (SHA256), GOST or SHA-384 (SHA384).
SHA-256 (SHA256) or SHA-384 (SHA384).
These values are case insensitive.
</para>
</listitem>

2
external/mpl/bind/dist/bin/dnssec/dnssec-dsfromkey.html vendored
View File

@ -97,7 +97,7 @@
<p>
Select the digest algorithm. The value of
<code class="option">algorithm</code> must be one of SHA-1 (SHA1),
SHA-256 (SHA256), GOST or SHA-384 (SHA384).
SHA-256 (SHA256) or SHA-384 (SHA384).
These values are case insensitive.
</p>
</dd>

6
external/mpl/bind/dist/bin/dnssec/dnssec-keyfromlabel.docbook vendored
View File

@ -106,7 +106,7 @@
<para>
Selects the cryptographic algorithm. The value of
<option>algorithm</option> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
</para>
<para>
@ -119,9 +119,9 @@
<para>
These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and
ECDSA384 for ECDSAP384SHA384. If RSASHA1 or DSA is specified
ECDSA384 for ECDSAP384SHA384. If RSASHA1 is specified
along with the <option>-3</option> option, then NSEC3RSASHA1
or NSEC3DSA will be used instead.
will be used instead.
</para>
<para>
As of BIND 9.12.0, this option is mandatory except when using

6
external/mpl/bind/dist/bin/dnssec/dnssec-keyfromlabel.html vendored
View File

@ -90,7 +90,7 @@
<p>
Selects the cryptographic algorithm. The value of
<code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448.
</p>
<p>
@ -103,9 +103,9 @@
<p>
These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and
ECDSA384 for ECDSAP384SHA384. If RSASHA1 or DSA is specified
ECDSA384 for ECDSAP384SHA384. If RSASHA1 is specified
along with the <code class="option">-3</code> option, then NSEC3RSASHA1
or NSEC3DSA will be used instead.
will be used instead.
</p>
<p>
As of BIND 9.12.0, this option is mandatory except when using

65
external/mpl/bind/dist/bin/dnssec/dnssec-keygen.docbook vendored
View File

@ -81,7 +81,6 @@
<arg choice="opt" rep="norepeat"><option>-p <replaceable class="parameter">protocol</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-q</option></arg>
<arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">date/offset</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-S <replaceable class="parameter">key</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">strength</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">type</replaceable></option></arg>
@ -124,34 +123,29 @@
<para>
Selects the cryptographic algorithm. For DNSSEC keys, the value
of <option>algorithm</option> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448. For
TKEY, the value must be DH (Diffie Hellman); specifying
his value will automatically set the <option>-T KEY</option>
option as well.
</para>
<para>
TSIG keys can also be generated by setting the value to
one of HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
HMAC-SHA384, or HMAC-SHA512. As with DH, specifying these
values will automatically set <option>-T KEY</option>. Note,
however, that <command>tsig-keygen</command> produces TSIG keys
in a more useful format. These algorithms have been deprecated
in <command>dnssec-keygen</command>, and will be removed in a
future release.
</para>
<para>
These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and
ECDSA384 for ECDSAP384SHA384. If RSASHA1 or DSA is specified
ECDSA384 for ECDSAP384SHA384. If RSASHA1 is specified
along with the <option>-3</option> option, then NSEC3RSASHA1
or NSEC3DSA will be used instead.
will be used instead.
</para>
<para>
As of BIND 9.12.0, this option is mandatory except when using
the <option>-S</option> option, which copies the algorithm from
the predecessor key. Previously, the default for newly
generated keys was RSASHA1.
This parameter <emphasis>must</emphasis> be specified except
when using the <option>-S</option> option, which copies the
algorithm from the predecessor key.
</para>
<para>
In prior releases, HMAC algorithms could be generated for
use as TSIG keys, but that feature has been removed as of
BIND 9.13.0. Use <command>tsig-keygen</command> to generate
TSIG keys.
</para>
</listitem>
</varlistentry>
@ -354,31 +348,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
<listitem>
<para>
Specifies a source of randomness. Normally, when generating
DNSSEC keys, this option has no effect; the random number
generation function provided by the cryptographic library will
be used.
</para>
<para>
If that behavior is disabled at compile time, however,
the specified file will be used as entropy source
for key generation. <filename>randomdev</filename> is
the name of a character device or file containing random
data to be used. The special value <filename>keyboard</filename>
indicates that keyboard input should be used.
</para>
<para>
The default is <filename>/dev/random</filename> if the
operating system provides it or an equivalent device;
if not, the default source of randomness is keyboard input.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-S <replaceable class="parameter">key</replaceable></term>
<listitem>
@ -636,22 +605,22 @@
<refsection><info><title>EXAMPLE</title></info>
<para>
To generate a 768-bit DSA key for the domain
To generate an ECDSAP256SHA256 key for the domain
<userinput>example.com</userinput>, the following command would be
issued:
</para>
<para><userinput>dnssec-keygen -a DSA -b 768 -n ZONE example.com</userinput>
<para><userinput>dnssec-keygen -a ECDSAP256SHA256 -n ZONE example.com</userinput>
</para>
<para>
The command would print a string of the form:
</para>
<para><userinput>Kexample.com.+003+26160</userinput>
<para><userinput>Kexample.com.+013+26160</userinput>
</para>
<para>
In this example, <command>dnssec-keygen</command> creates
the files <filename>Kexample.com.+003+26160.key</filename>
the files <filename>Kexample.com.+013+26160.key</filename>
and
<filename>Kexample.com.+003+26160.private</filename>.
<filename>Kexample.com.+013+26160.private</filename>.
</para>
</refsection>

62
external/mpl/bind/dist/bin/dnssec/dnssec-keygen.html vendored
View File

@ -57,7 +57,6 @@
[<code class="option">-p <em class="replaceable"><code>protocol</code></em></code>]
[<code class="option">-q</code>]
[<code class="option">-R <em class="replaceable"><code>date/offset</code></em></code>]
[<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>]
[<code class="option">-S <em class="replaceable"><code>key</code></em></code>]
[<code class="option">-s <em class="replaceable"><code>strength</code></em></code>]
[<code class="option">-t <em class="replaceable"><code>type</code></em></code>]
@ -101,34 +100,29 @@
<p>
Selects the cryptographic algorithm. For DNSSEC keys, the value
of <code class="option">algorithm</code> must be one of RSAMD5, RSASHA1,
DSA, NSEC3RSASHA1, NSEC3DSA, RSASHA256, RSASHA512, ECCGOST,
NSEC3RSASHA1, RSASHA256, RSASHA512,
ECDSAP256SHA256, ECDSAP384SHA384, ED25519 or ED448. For
TKEY, the value must be DH (Diffie Hellman); specifying
his value will automatically set the <code class="option">-T KEY</code>
option as well.
</p>
<p>
TSIG keys can also be generated by setting the value to
one of HMAC-MD5, HMAC-SHA1, HMAC-SHA224, HMAC-SHA256,
HMAC-SHA384, or HMAC-SHA512. As with DH, specifying these
values will automatically set <code class="option">-T KEY</code>. Note,
however, that <span class="command"><strong>tsig-keygen</strong></span> produces TSIG keys
in a more useful format. These algorithms have been deprecated
in <span class="command"><strong>dnssec-keygen</strong></span>, and will be removed in a
future release.
</p>
<p>
These values are case insensitive. In some cases, abbreviations
are supported, such as ECDSA256 for ECDSAP256SHA256 and
ECDSA384 for ECDSAP384SHA384. If RSASHA1 or DSA is specified
ECDSA384 for ECDSAP384SHA384. If RSASHA1 is specified
along with the <code class="option">-3</code> option, then NSEC3RSASHA1
or NSEC3DSA will be used instead.
will be used instead.
</p>
<p>
As of BIND 9.12.0, this option is mandatory except when using
the <code class="option">-S</code> option, which copies the algorithm from
the predecessor key. Previously, the default for newly
generated keys was RSASHA1.
This parameter <span class="emphasis"><em>must</em></span> be specified except
when using the <code class="option">-S</code> option, which copies the
algorithm from the predecessor key.
</p>
<p>
In prior releases, HMAC algorithms could be generated for
use as TSIG keys, but that feature has been removed as of
BIND 9.13.0. Use <span class="command"><strong>tsig-keygen</strong></span> to generate
TSIG keys.
</p>
</dd>
<dt><span class="term">-b <em class="replaceable"><code>keysize</code></em></span></dt>
@ -284,28 +278,6 @@
a satisfactory key.
</p>
</dd>
<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
<dd>
<p>
Specifies a source of randomness. Normally, when generating
DNSSEC keys, this option has no effect; the random number
generation function provided by the cryptographic library will
be used.
</p>
<p>
If that behavior is disabled at compile time, however,
the specified file will be used as entropy source
for key generation. <code class="filename">randomdev</code> is
the name of a character device or file containing random
data to be used. The special value <code class="filename">keyboard</code>
indicates that keyboard input should be used.
</p>
<p>
The default is <code class="filename">/dev/random</code> if the
operating system provides it or an equivalent device;
if not, the default source of randomness is keyboard input.
</p>
</dd>
<dt><span class="term">-S <em class="replaceable"><code>key</code></em></span></dt>
<dd>
<p>
@ -526,22 +498,22 @@
<a name="id-1.11"></a><h2>EXAMPLE</h2>
<p>
To generate a 768-bit DSA key for the domain
To generate an ECDSAP256SHA256 key for the domain
<strong class="userinput"><code>example.com</code></strong>, the following command would be
issued:
</p>
<p><strong class="userinput"><code>dnssec-keygen -a DSA -b 768 -n ZONE example.com</code></strong>
<p><strong class="userinput"><code>dnssec-keygen -a ECDSAP256SHA256 -n ZONE example.com</code></strong>
</p>
<p>
The command would print a string of the form:
</p>
<p><strong class="userinput"><code>Kexample.com.+003+26160</code></strong>
<p><strong class="userinput"><code>Kexample.com.+013+26160</code></strong>
</p>
<p>
In this example, <span class="command"><strong>dnssec-keygen</strong></span> creates
the files <code class="filename">Kexample.com.+003+26160.key</code>
the files <code class="filename">Kexample.com.+013+26160.key</code>
and
<code class="filename">Kexample.com.+003+26160.private</code>.
<code class="filename">Kexample.com.+013+26160.private</code>.
</p>
</div>

40
external/mpl/bind/dist/bin/dnssec/dnssec-signzone.docbook vendored
View File

@ -78,10 +78,8 @@
<arg choice="opt" rep="norepeat"><option>-o <replaceable class="parameter">origin</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-O <replaceable class="parameter">output-format</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-P</option></arg>
<arg choice="opt" rep="norepeat"><option>-p</option></arg>
<arg choice="opt" rep="norepeat"><option>-Q</option></arg>
<arg choice="opt" rep="norepeat"><option>-R</option></arg>
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">randomdev</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-S</option></arg>
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">start-time</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-T <replaceable class="parameter">ttl</replaceable></option></arg>
@ -508,18 +506,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-p</term>
<listitem>
<para>
Use pseudo-random data when signing the zone. This is faster,
but less secure, than using real random data. This option
may be useful when signing large zones or when the entropy
source is limited.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-P</term>
<listitem>
@ -571,23 +557,6 @@
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
<listitem>
<para>
Specifies the source of randomness. If the operating
system does not provide a <filename>/dev/random</filename>
or equivalent device, the default source of randomness
is keyboard input. <filename>randomdev</filename>
specifies
the name of a character device or file containing random
data to be used instead of the default. The special value
<filename>keyboard</filename> indicates that keyboard
input should be used.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-S</term>
<listitem>
@ -818,15 +787,16 @@
<para>
The following command signs the <userinput>example.com</userinput>
zone with the DSA key generated by <command>dnssec-keygen</command>
(Kexample.com.+003+17247). Because the <command>-S</command> option
is not being used, the zone's keys must be in the master file
zone with the ECDSAP256SHA256 key generated by key generated by
<command>dnssec-keygen</command> (Kexample.com.+013+17247).
Because the <command>-S</command> option is not being used,
the zone's keys must be in the master file
(<filename>db.example.com</filename>). This invocation looks
for <filename>dsset</filename> files, in the current directory,
so that DS records can be imported from them (<command>-g</command>).
</para>
<programlisting>% dnssec-signzone -g -o example.com db.example.com \
Kexample.com.+003+17247
Kexample.com.+013+17247
db.example.com.signed
%</programlisting>
<para>

34
external/mpl/bind/dist/bin/dnssec/dnssec-signzone.html vendored
View File

@ -54,10 +54,8 @@
[<code class="option">-o <em class="replaceable"><code>origin</code></em></code>]
[<code class="option">-O <em class="replaceable"><code>output-format</code></em></code>]
[<code class="option">-P</code>]
[<code class="option">-p</code>]
[<code class="option">-Q</code>]
[<code class="option">-R</code>]
[<code class="option">-r <em class="replaceable"><code>randomdev</code></em></code>]
[<code class="option">-S</code>]
[<code class="option">-s <em class="replaceable"><code>start-time</code></em></code>]
[<code class="option">-T <em class="replaceable"><code>ttl</code></em></code>]
@ -400,15 +398,6 @@
can be read by release 9.9.0 or higher; the default is 1.
</p>
</dd>
<dt><span class="term">-p</span></dt>
<dd>
<p>
Use pseudo-random data when signing the zone. This is faster,
but less secure, than using real random data. This option
may be useful when signing large zones or when the entropy
source is limited.
</p>
</dd>
<dt><span class="term">-P</span></dt>
<dd>
<p>
@ -453,20 +442,6 @@
("Double Signature Zone Signing Key Rollover").
</p>
</dd>
<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
<dd>
<p>
Specifies the source of randomness. If the operating
system does not provide a <code class="filename">/dev/random</code>
or equivalent device, the default source of randomness
is keyboard input. <code class="filename">randomdev</code>
specifies
the name of a character device or file containing random
data to be used instead of the default. The special value
<code class="filename">keyboard</code> indicates that keyboard
input should be used.
</p>
</dd>
<dt><span class="term">-S</span></dt>
<dd>
<p>
@ -649,15 +624,16 @@
<p>
The following command signs the <strong class="userinput"><code>example.com</code></strong>
zone with the DSA key generated by <span class="command"><strong>dnssec-keygen</strong></span>
(Kexample.com.+003+17247). Because the <span class="command"><strong>-S</strong></span> option
is not being used, the zone's keys must be in the master file
zone with the ECDSAP256SHA256 key generated by key generated by
<span class="command"><strong>dnssec-keygen</strong></span> (Kexample.com.+013+17247).
Because the <span class="command"><strong>-S</strong></span> option is not being used,
the zone's keys must be in the master file
(<code class="filename">db.example.com</code>). This invocation looks
for <code class="filename">dsset</code> files, in the current directory,
so that DS records can be imported from them (<span class="command"><strong>-g</strong></span>).
</p>
<pre class="programlisting">% dnssec-signzone -g -o example.com db.example.com \
Kexample.com.+003+17247
Kexample.com.+013+17247
db.example.com.signed
%</pre>
<p>

4
external/mpl/bind/dist/bin/dnssec/win32/dnssectool.vcxproj.in vendored
View File

@ -61,7 +61,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -84,7 +84,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_LIB;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>

8
external/mpl/bind/dist/bin/dnssec/win32/dsfromkey.vcxproj.in vendored
View File

@ -55,7 +55,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -70,7 +70,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
@IF PYTHON
<PostBuildEvent>
@ -94,7 +94,7 @@ set PYTHONPATH=.
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -113,7 +113,7 @@ set PYTHONPATH=.
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
@IF PYTHON
<PostBuildEvent>

8
external/mpl/bind/dist/bin/dnssec/win32/importkey.vcxproj.in vendored
View File

@ -55,7 +55,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -70,7 +70,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -81,7 +81,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -100,7 +100,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

8
external/mpl/bind/dist/bin/dnssec/win32/keyfromlabel.vcxproj.in vendored
View File

@ -55,7 +55,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -70,7 +70,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -81,7 +81,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -100,7 +100,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

8
external/mpl/bind/dist/bin/dnssec/win32/keygen.vcxproj.in vendored
View File

@ -55,7 +55,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -69,7 +69,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
</ItemDefinitionGroup>
@ -81,7 +81,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -99,7 +99,7 @@
<OptimizeReferences>true</OptimizeReferences>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
</ItemDefinitionGroup>

8
external/mpl/bind/dist/bin/dnssec/win32/revoke.vcxproj.in vendored
View File

@ -55,7 +55,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -70,7 +70,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -81,7 +81,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -100,7 +100,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

8
external/mpl/bind/dist/bin/dnssec/win32/settime.vcxproj.in vendored
View File

@ -55,7 +55,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -69,7 +69,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
</ItemDefinitionGroup>
@ -81,7 +81,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -99,7 +99,7 @@
<OptimizeReferences>true</OptimizeReferences>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
</ItemDefinitionGroup>

8
external/mpl/bind/dist/bin/dnssec/win32/signzone.vcxproj.in vendored
View File

@ -55,7 +55,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -70,7 +70,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -81,7 +81,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -100,7 +100,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

8
external/mpl/bind/dist/bin/dnssec/win32/verify.vcxproj.in vendored
View File

@ -55,7 +55,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(ProjectName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -69,7 +69,7 @@
<SubSystem>Console</SubSystem>
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
</ItemDefinitionGroup>
@ -81,7 +81,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -99,7 +99,7 @@
<OptimizeReferences>true</OptimizeReferences>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalDependencies>dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@dnssectool.lib;libisc.lib;libdns.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
</Link>
</ItemDefinitionGroup>

14
external/mpl/bind/dist/bin/named/Makefile.in vendored
View File

@ -46,17 +46,17 @@ CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${NS_INCLUDES} ${DNS_INCLUDES} \
${BIND9_INCLUDES} ${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \
${ISC_INCLUDES} ${DLZDRIVER_INCLUDES} \
${DBDRIVER_INCLUDES} @DST_OPENSSL_INC@
${DBDRIVER_INCLUDES} @OPENSSL_INCLUDES@
CDEFINES = @CONTRIB_DLZ@ @USE_PKCS11@ @PKCS11_ENGINE@ @CRYPTO@
CDEFINES = @CONTRIB_DLZ@
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCCCLIBS = ../../lib/isccc/libisccc.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@
NSLIBS = ../../lib/ns/libns.@A@
@ -72,11 +72,13 @@ DEPLIBS = ${NSDEPLIBS} ${DNSDEPLIBS} ${BIND9DEPLIBS} \
LIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCLIBS} \
${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBS@
${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBCAP_LIBS@ \
@LIBS@
NOSYMLIBS = ${NSLIBS} ${DNSLIBS} ${BIND9LIBS} \
${ISCCFGLIBS} ${ISCCCLIBS} ${ISCNOSYMLIBS} \
${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBS@
${DLZDRIVER_LIBS} ${DBDRIVER_LIBS} @LIBCAP_LIBS@ \
@LIBS@
SUBDIRS = unix

48
external/mpl/bind/dist/bin/named/bind9.xsl vendored
View File

@ -198,6 +198,25 @@
background-color: #99ddff;
}
table.zones {
border: 1px solid grey;
width: 500px;
}
table.zones th {
text-align: center;
border: 1px solid grey;
}
table.zones td {
text-align: center;
font-family: monospace;
}
table.zones td:nth-child(1) {
text-align: right;
}
table.zones td:nth-child(4) {
text-align: right;
}
.totals {
background-color: rgb(1,169,206);
color: #ffffff;
@ -705,6 +724,35 @@
</table>
<br/>
</xsl:if>
<xsl:for-each select="views/view">
<xsl:if test="zones/zone">
<h3>Zones for View <xsl:value-of select="@name"/></h3>
<table class="zones">
<tr>
<th>Name</th>
<th>Class</th>
<th>Type</th>
<th>Serial</th>
</tr>
<xsl:for-each select="zones/zone">
<tr>
<td>
<xsl:value-of select="@name"/>
</td>
<td>
<xsl:value-of select="@rdataclass"/>
</td>
<td>
<xsl:value-of select="type"/>
</td>
<td>
<xsl:value-of select="serial"/>
</td>
</tr>
</xsl:for-each>
</table>
</xsl:if>
</xsl:for-each>
<xsl:if test="views/view[zones/zone/counters[@type=&quot;qtype&quot;]/counter &gt;0]">
<h2>Received QTYPES per view/zone</h2>
<xsl:for-each select="views/view[zones/zone/counters[@type=&quot;qtype&quot;]/counter &gt;0]">

122
external/mpl/bind/dist/bin/named/named.conf.docbook vendored
View File

@ -13,7 +13,7 @@
<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.named.conf">
<info>
<date>2018-06-21</date>
<date>2018-10-23</date>
</info>
<refentryinfo>
<corpname>ISC</corpname>
@ -206,13 +206,14 @@ options {
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
<replaceable>string</replaceable> ]; ... } ] [ zone-directory <replaceable>quoted_string</replaceable> ] [
in-memory <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>integer</replaceable> ]; ... };
in-memory <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <replaceable>boolean</replaceable>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response
) ( fail | warn | ignore );
check-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore );
check-sibling <replaceable>boolean</replaceable>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
@ -224,9 +225,9 @@ options {
coresize ( default | unlimited | <replaceable>sizeval</replaceable> );
datasize ( default | unlimited | <replaceable>sizeval</replaceable> );
deny-answer-addresses { <replaceable>address_match_element</replaceable>; ... } [
except-from { <replaceable>quoted_string</replaceable>; ... } ];
deny-answer-aliases { <replaceable>quoted_string</replaceable>; ... } [ except-from {
<replaceable>quoted_string</replaceable>; ... } ];
except-from { <replaceable>string</replaceable>; ... } ];
deny-answer-aliases { <replaceable>string</replaceable>; ... } [ except-from { <replaceable>string</replaceable>; ...
} ];
dialup ( notify | notify-passive | passive | refresh | <replaceable>boolean</replaceable> );
directory <replaceable>quoted_string</replaceable>;
disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>;
@ -244,6 +245,7 @@ options {
};
dns64-contact <replaceable>string</replaceable>;
dns64-server <replaceable>string</replaceable>;
dnskey-sig-validity <replaceable>integer</replaceable>;
dnsrps-enable <replaceable>boolean</replaceable>;
dnsrps-options { <replaceable>unspecified-text</replaceable> };
dnssec-accept-expired <replaceable>boolean</replaceable>;
@ -256,14 +258,12 @@ options {
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver ) [ ( query | response ) ]; ... };
dnstap-identity ( <replaceable>quoted_string</replaceable> | none |
hostname );
dnstap-output ( file | unix ) <replaceable>quoted_string</replaceable> [
size ( unlimited | <replaceable>size</replaceable> ) ] [ versions (
unlimited | <replaceable>integer</replaceable> ) ] [ suffix ( increment
| timestamp ) ];
dnstap { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; ... };
dnstap-identity ( <replaceable>quoted_string</replaceable> | none | hostname );
dnstap-output ( file | unix ) <replaceable>quoted_string</replaceable> [ size ( unlimited |
<replaceable>size</replaceable> ) ] [ versions ( unlimited | <replaceable>integer</replaceable> ) ] [ suffix (
increment | timestamp ) ];
dnstap-version ( <replaceable>quoted_string</replaceable> | none );
dscp <replaceable>integer</replaceable>;
dual-stack-servers [ port <replaceable>integer</replaceable> ] { ( <replaceable>quoted_string</replaceable> [ port
@ -292,15 +292,15 @@ options {
fstrm-set-output-notify-threshold <replaceable>integer</replaceable>;
fstrm-set-output-queue-model ( mpsc | spsc );
fstrm-set-output-queue-size <replaceable>integer</replaceable>;
fstrm-set-reopen-interval <replaceable>integer</replaceable>;
fstrm-set-reopen-interval <replaceable>ttlval</replaceable>;
geoip-directory ( <replaceable>quoted_string</replaceable> | none );
geoip-use-ecs <replaceable>boolean</replaceable>;
glue-cache <replaceable>boolean</replaceable>;
heartbeat-interval <replaceable>integer</replaceable>;
hostname ( <replaceable>quoted_string</replaceable> | none );
inline-signing <replaceable>boolean</replaceable>;
interface-interval <replaceable>integer</replaceable>;
ixfr-from-differences ( master | slave | <replaceable>boolean</replaceable> );
interface-interval <replaceable>ttlval</replaceable>;
ixfr-from-differences ( primary | master | secondary | slave |
<replaceable>boolean</replaceable> );
keep-response-order { <replaceable>address_match_element</replaceable>; ... };
key-directory <replaceable>quoted_string</replaceable>;
lame-ttl <replaceable>ttlval</replaceable>;
@ -317,10 +317,10 @@ options {
masterfile-style ( full | relative );
match-mapped-addresses <replaceable>boolean</replaceable>;
max-cache-size ( default | unlimited | <replaceable>sizeval</replaceable> | <replaceable>percentage</replaceable> );
max-cache-ttl <replaceable>integer</replaceable>;
max-cache-ttl <replaceable>ttlval</replaceable>;
max-clients-per-query <replaceable>integer</replaceable>;
max-journal-size ( default | unlimited | <replaceable>sizeval</replaceable> );
max-ncache-ttl <replaceable>integer</replaceable>;
max-ncache-ttl <replaceable>ttlval</replaceable>;
max-records <replaceable>integer</replaceable>;
max-recursion-depth <replaceable>integer</replaceable>;
max-recursion-queries <replaceable>integer</replaceable>;
@ -337,6 +337,8 @@ options {
memstatistics <replaceable>boolean</replaceable>;
memstatistics-file <replaceable>quoted_string</replaceable>;
message-compression <replaceable>boolean</replaceable>;
min-cache-ttl <replaceable>ttlval</replaceable>;
min-ncache-ttl <replaceable>ttlval</replaceable>;
min-refresh-time <replaceable>integer</replaceable>;
min-retry-time <replaceable>integer</replaceable>;
minimal-any <replaceable>boolean</replaceable>;
@ -361,6 +363,7 @@ options {
preferred-glue <replaceable>string</replaceable>;
prefetch <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
provide-ixfr <replaceable>boolean</replaceable>;
qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( <replaceable>ipv4_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv4_address</replaceable> | * ) ]
port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
@ -400,18 +403,18 @@ options {
response-padding { <replaceable>address_match_element</replaceable>; ... } block-size
<replaceable>integer</replaceable>;
response-policy { zone <replaceable>quoted_string</replaceable> [ log <replaceable>boolean</replaceable> ] [
max-policy-ttl <replaceable>integer</replaceable> ] [ min-update-interval <replaceable>integer</replaceable> ] [
max-policy-ttl <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
policy ( cname | disabled | drop | given | no-op | nodata |
nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
nsdname-enable <replaceable>boolean</replaceable> ]; ... } [ break-dnssec <replaceable>boolean</replaceable> ] [
max-policy-ttl <replaceable>integer</replaceable> ] [ min-update-interval <replaceable>integer</replaceable> ] [
max-policy-ttl <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ] [
nsip-enable <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ] [
dnsrps-enable <replaceable>boolean</replaceable> ] [ dnsrps-options { <replaceable>unspecified-text</replaceable>
} ];
root-delegation-only [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
root-delegation-only [ exclude { <replaceable>string</replaceable>; ... } ];
root-key-sentinel <replaceable>boolean</replaceable>;
rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
<replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
@ -461,6 +464,7 @@ options {
use-v4-udp-ports { <replaceable>portrange</replaceable>; ... };
use-v6-udp-ports { <replaceable>portrange</replaceable>; ... };
v6-bias <replaceable>integer</replaceable>;
validate-except { <replaceable>string</replaceable>; ... };
version ( <replaceable>quoted_string</replaceable> | none );
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
@ -557,13 +561,14 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] { ( <replaceable>masters</replaceable> | <replaceable>ipv4_address</replaceable> [
port <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port <replaceable>integer</replaceable> ] ) [ key
<replaceable>string</replaceable> ]; ... } ] [ zone-directory <replaceable>quoted_string</replaceable> ] [
in-memory <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>integer</replaceable> ]; ... };
in-memory <replaceable>boolean</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ]; ... };
check-dup-records ( fail | warn | ignore );
check-integrity <replaceable>boolean</replaceable>;
check-mx ( fail | warn | ignore );
check-mx-cname ( fail | warn | ignore );
check-names ( master | slave | response
) ( fail | warn | ignore );
check-names ( primary | master |
secondary | slave | response ) (
fail | warn | ignore );
check-sibling <replaceable>boolean</replaceable>;
check-spf ( warn | ignore );
check-srv-cname ( fail | warn | ignore );
@ -571,9 +576,9 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
cleaning-interval <replaceable>integer</replaceable>;
clients-per-query <replaceable>integer</replaceable>;
deny-answer-addresses { <replaceable>address_match_element</replaceable>; ... } [
except-from { <replaceable>quoted_string</replaceable>; ... } ];
deny-answer-aliases { <replaceable>quoted_string</replaceable>; ... } [ except-from {
<replaceable>quoted_string</replaceable>; ... } ];
except-from { <replaceable>string</replaceable>; ... } ];
deny-answer-aliases { <replaceable>string</replaceable>; ... } [ except-from { <replaceable>string</replaceable>; ...
} ];
dialup ( notify | notify-passive | passive | refresh | <replaceable>boolean</replaceable> );
disable-algorithms <replaceable>string</replaceable> { <replaceable>string</replaceable>;
... };
@ -594,6 +599,7 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
};
dns64-contact <replaceable>string</replaceable>;
dns64-server <replaceable>string</replaceable>;
dnskey-sig-validity <replaceable>integer</replaceable>;
dnsrps-enable <replaceable>boolean</replaceable>;
dnsrps-options { <replaceable>unspecified-text</replaceable> };
dnssec-accept-expired <replaceable>boolean</replaceable>;
@ -606,8 +612,8 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
dnssec-update-mode ( maintain | no-resign );
dnssec-validation ( yes | no | auto );
dnstap { ( all | auth | client | forwarder |
resolver ) [ ( query | response ) ]; ... };
dnstap { ( all | auth | client | forwarder | resolver | update ) [
( query | response ) ]; ... };
dual-stack-servers [ port <replaceable>integer</replaceable> ] { ( <replaceable>quoted_string</replaceable> [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv4_address</replaceable> [ port
<replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ] | <replaceable>ipv6_address</replaceable> [ port
@ -629,7 +635,8 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
| <replaceable>ipv6_address</replaceable> ) [ port <replaceable>integer</replaceable> ] [ dscp <replaceable>integer</replaceable> ]; ... };
glue-cache <replaceable>boolean</replaceable>;
inline-signing <replaceable>boolean</replaceable>;
ixfr-from-differences ( master | slave | <replaceable>boolean</replaceable> );
ixfr-from-differences ( primary | master | secondary | slave |
<replaceable>boolean</replaceable> );
key <replaceable>string</replaceable> {
algorithm <replaceable>string</replaceable>;
secret <replaceable>string</replaceable>;
@ -646,10 +653,10 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
match-destinations { <replaceable>address_match_element</replaceable>; ... };
match-recursive-only <replaceable>boolean</replaceable>;
max-cache-size ( default | unlimited | <replaceable>sizeval</replaceable> | <replaceable>percentage</replaceable> );
max-cache-ttl <replaceable>integer</replaceable>;
max-cache-ttl <replaceable>ttlval</replaceable>;
max-clients-per-query <replaceable>integer</replaceable>;
max-journal-size ( default | unlimited | <replaceable>sizeval</replaceable> );
max-ncache-ttl <replaceable>integer</replaceable>;
max-ncache-ttl <replaceable>ttlval</replaceable>;
max-records <replaceable>integer</replaceable>;
max-recursion-depth <replaceable>integer</replaceable>;
max-recursion-queries <replaceable>integer</replaceable>;
@ -684,6 +691,7 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
preferred-glue <replaceable>string</replaceable>;
prefetch <replaceable>integer</replaceable> [ <replaceable>integer</replaceable> ];
provide-ixfr <replaceable>boolean</replaceable>;
qname-minimization ( strict | relaxed | disabled | off );
query-source ( ( [ address ] ( <replaceable>ipv4_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] ) | ( [ [ address ] ( <replaceable>ipv4_address</replaceable> | * ) ]
port ( <replaceable>integer</replaceable> | * ) ) ) [ dscp <replaceable>integer</replaceable> ];
@ -718,18 +726,18 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
response-padding { <replaceable>address_match_element</replaceable>; ... } block-size
<replaceable>integer</replaceable>;
response-policy { zone <replaceable>quoted_string</replaceable> [ log <replaceable>boolean</replaceable> ] [
max-policy-ttl <replaceable>integer</replaceable> ] [ min-update-interval <replaceable>integer</replaceable> ] [
max-policy-ttl <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
policy ( cname | disabled | drop | given | no-op | nodata |
nxdomain | passthru | tcp-only <replaceable>quoted_string</replaceable> ) ] [
recursive-only <replaceable>boolean</replaceable> ] [ nsip-enable <replaceable>boolean</replaceable> ] [
nsdname-enable <replaceable>boolean</replaceable> ]; ... } [ break-dnssec <replaceable>boolean</replaceable> ] [
max-policy-ttl <replaceable>integer</replaceable> ] [ min-update-interval <replaceable>integer</replaceable> ] [
max-policy-ttl <replaceable>ttlval</replaceable> ] [ min-update-interval <replaceable>ttlval</replaceable> ] [
min-ns-dots <replaceable>integer</replaceable> ] [ nsip-wait-recurse <replaceable>boolean</replaceable> ] [
qname-wait-recurse <replaceable>boolean</replaceable> ] [ recursive-only <replaceable>boolean</replaceable> ] [
nsip-enable <replaceable>boolean</replaceable> ] [ nsdname-enable <replaceable>boolean</replaceable> ] [
dnsrps-enable <replaceable>boolean</replaceable> ] [ dnsrps-options { <replaceable>unspecified-text</replaceable>
} ];
root-delegation-only [ exclude { <replaceable>quoted_string</replaceable>; ... } ];
root-delegation-only [ exclude { <replaceable>string</replaceable>; ... } ];
root-key-sentinel <replaceable>boolean</replaceable>;
rrset-order { [ class <replaceable>string</replaceable> ] [ type <replaceable>string</replaceable> ] [ name
<replaceable>quoted_string</replaceable> ] <replaceable>string</replaceable> <replaceable>string</replaceable>; ... };
@ -791,6 +799,7 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
update-check-ksk <replaceable>boolean</replaceable>;
use-alt-transfer-source <replaceable>boolean</replaceable>;
v6-bias <replaceable>integer</replaceable>;
validate-except { <replaceable>string</replaceable>; ... };
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zero-no-soa-ttl-cache <replaceable>boolean</replaceable>;
zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
@ -823,6 +832,7 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
dialup ( notify | notify-passive | passive | refresh |
<replaceable>boolean</replaceable> );
dlz <replaceable>string</replaceable>;
dnskey-sig-validity <replaceable>integer</replaceable>;
dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
dnssec-loadkeys-interval <replaceable>integer</replaceable>;
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
@ -868,9 +878,8 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
serial-update-method ( date | increment | unixtime );
server-addresses { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) [
port <replaceable>integer</replaceable> ]; ... };
server-names { <replaceable>quoted_string</replaceable>; ... };
server-addresses { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ); ... };
server-names { <replaceable>string</replaceable>; ... };
sig-signing-nodes <replaceable>integer</replaceable>;
sig-signing-signatures <replaceable>integer</replaceable>;
sig-signing-type <replaceable>integer</replaceable>;
@ -880,14 +889,15 @@ view <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port (
<replaceable>integer</replaceable> | * ) ] [ dscp <replaceable>integer</replaceable> ];
try-tcp-refresh <replaceable>boolean</replaceable>;
type ( delegation-only | forward | hint | master | redirect
| slave | static-stub | stub );
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect |
static-stub | stub );
update-check-ksk <replaceable>boolean</replaceable>;
update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> (
6to4-self | external | krb5-self | krb5-subdomain |
ms-self | ms-subdomain | name | self | selfsub |
selfwild | subdomain | tcp-self | wildcard | zonesub )
[ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
6to4-self | external | krb5-self | krb5-selfsub |
krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |
name | self | selfsub | selfwild | subdomain | tcp-self
| wildcard | zonesub ) [ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
use-alt-transfer-source <replaceable>boolean</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );
@ -928,6 +938,7 @@ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
delegation-only <replaceable>boolean</replaceable>;
dialup ( notify | notify-passive | passive | refresh | <replaceable>boolean</replaceable> );
dlz <replaceable>string</replaceable>;
dnskey-sig-validity <replaceable>integer</replaceable>;
dnssec-dnskey-kskonly <replaceable>boolean</replaceable>;
dnssec-loadkeys-interval <replaceable>integer</replaceable>;
dnssec-secure-to-insecure <replaceable>boolean</replaceable>;
@ -969,9 +980,8 @@ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
request-expire <replaceable>boolean</replaceable>;
request-ixfr <replaceable>boolean</replaceable>;
serial-update-method ( date | increment | unixtime );
server-addresses { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ) [ port
<replaceable>integer</replaceable> ]; ... };
server-names { <replaceable>quoted_string</replaceable>; ... };
server-addresses { ( <replaceable>ipv4_address</replaceable> | <replaceable>ipv6_address</replaceable> ); ... };
server-names { <replaceable>string</replaceable>; ... };
sig-signing-nodes <replaceable>integer</replaceable>;
sig-signing-signatures <replaceable>integer</replaceable>;
sig-signing-type <replaceable>integer</replaceable>;
@ -981,13 +991,15 @@ zone <replaceable>string</replaceable> [ <replaceable>class</replaceable> ] {
transfer-source-v6 ( <replaceable>ipv6_address</replaceable> | * ) [ port ( <replaceable>integer</replaceable> | * )
] [ dscp <replaceable>integer</replaceable> ];
try-tcp-refresh <replaceable>boolean</replaceable>;
type ( delegation-only | forward | hint | master | redirect | slave
| static-stub | stub );
type ( primary | master | secondary | slave | mirror |
delegation-only | forward | hint | redirect | static-stub |
stub );
update-check-ksk <replaceable>boolean</replaceable>;
update-policy ( local | { ( deny | grant ) <replaceable>string</replaceable> ( 6to4-self |
external | krb5-self | krb5-subdomain | ms-self | ms-subdomain
| name | self | selfsub | selfwild | subdomain | tcp-self |
wildcard | zonesub ) [ <replaceable>string</replaceable> ] <replaceable>rrtypelist</replaceable>; ... };
external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self
| ms-selfsub | ms-subdomain | name | self | selfsub | selfwild
| subdomain | tcp-self | wildcard | zonesub ) [ <replaceable>string</replaceable> ]
<replaceable>rrtypelist</replaceable>; ... };
use-alt-transfer-source <replaceable>boolean</replaceable>;
zero-no-soa-ttl <replaceable>boolean</replaceable>;
zone-statistics ( full | terse | none | <replaceable>boolean</replaceable> );

120
external/mpl/bind/dist/bin/named/named.conf.html vendored
View File

@ -194,13 +194,14 @@ options
    <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<br>
    port <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
    <em class="replaceable"><code>string</code></em> ]; ... } ] [ zone-directory <em class="replaceable"><code>quoted_string</code></em> ] [<br>
    in-memory <em class="replaceable"><code>boolean</code></em> ] [ min-update-interval <em class="replaceable"><code>integer</code></em> ]; ... };<br>
    in-memory <em class="replaceable"><code>boolean</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ]; ... };<br>
check-dup-records ( fail | warn | ignore );<br>
check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
check-mx ( fail | warn | ignore );<br>
check-mx-cname ( fail | warn | ignore );<br>
check-names ( master | slave | response<br>
    ) ( fail | warn | ignore );<br>
check-names ( primary | master |<br>
    secondary | slave | response ) (<br>
    fail | warn | ignore );<br>
check-sibling <em class="replaceable"><code>boolean</code></em>;<br>
check-spf ( warn | ignore );<br>
check-srv-cname ( fail | warn | ignore );<br>
@ -212,9 +213,9 @@ options
coresize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
datasize ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
deny-answer-addresses { <em class="replaceable"><code>address_match_element</code></em>; ... } [<br>
    except-from { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
deny-answer-aliases { <em class="replaceable"><code>quoted_string</code></em>; ... } [ except-from {<br>
    <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
    except-from { <em class="replaceable"><code>string</code></em>; ... } ];<br>
deny-answer-aliases { <em class="replaceable"><code>string</code></em>; ... } [ except-from { <em class="replaceable"><code>string</code></em>; ...<br>
    } ];<br>
dialup ( notify | notify-passive | passive | refresh | <em class="replaceable"><code>boolean</code></em> );<br>
directory <em class="replaceable"><code>quoted_string</code></em>;<br>
disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>;<br>
@ -232,6 +233,7 @@ options
};<br>
dns64-contact <em class="replaceable"><code>string</code></em>;<br>
dns64-server <em class="replaceable"><code>string</code></em>;<br>
dnskey-sig-validity <em class="replaceable"><code>integer</code></em>;<br>
dnsrps-enable <em class="replaceable"><code>boolean</code></em>;<br>
dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em> };<br>
dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
@ -244,14 +246,12 @@ options
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode ( maintain | no-resign );<br>
dnssec-validation ( yes | no | auto );<br>
dnstap { ( all | auth | client | forwarder |<br>
    resolver ) [ ( query | response ) ]; ... };<br>
dnstap-identity ( <em class="replaceable"><code>quoted_string</code></em> | none |<br>
    hostname );<br>
dnstap-output ( file | unix ) <em class="replaceable"><code>quoted_string</code></em> [<br>
    size ( unlimited | <em class="replaceable"><code>size</code></em> ) ] [ versions (<br>
    unlimited | <em class="replaceable"><code>integer</code></em> ) ] [ suffix ( increment<br>
    | timestamp ) ];<br>
dnstap { ( all | auth | client | forwarder | resolver | update ) [<br>
    ( query | response ) ]; ... };<br>
dnstap-identity ( <em class="replaceable"><code>quoted_string</code></em> | none | hostname );<br>
dnstap-output ( file | unix ) <em class="replaceable"><code>quoted_string</code></em> [ size ( unlimited |<br>
    <em class="replaceable"><code>size</code></em> ) ] [ versions ( unlimited | <em class="replaceable"><code>integer</code></em> ) ] [ suffix (<br>
    increment | timestamp ) ];<br>
dnstap-version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
dscp <em class="replaceable"><code>integer</code></em>;<br>
dual-stack-servers [ port <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>quoted_string</code></em> [ port<br>
@ -280,15 +280,15 @@ options
fstrm-set-output-notify-threshold <em class="replaceable"><code>integer</code></em>;<br>
fstrm-set-output-queue-model ( mpsc | spsc );<br>
fstrm-set-output-queue-size <em class="replaceable"><code>integer</code></em>;<br>
fstrm-set-reopen-interval <em class="replaceable"><code>integer</code></em>;<br>
fstrm-set-reopen-interval <em class="replaceable"><code>ttlval</code></em>;<br>
geoip-directory ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
geoip-use-ecs <em class="replaceable"><code>boolean</code></em>;<br>
glue-cache <em class="replaceable"><code>boolean</code></em>;<br>
heartbeat-interval <em class="replaceable"><code>integer</code></em>;<br>
hostname ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
inline-signing <em class="replaceable"><code>boolean</code></em>;<br>
interface-interval <em class="replaceable"><code>integer</code></em>;<br>
ixfr-from-differences ( master | slave | <em class="replaceable"><code>boolean</code></em> );<br>
interface-interval <em class="replaceable"><code>ttlval</code></em>;<br>
ixfr-from-differences ( primary | master | secondary | slave |<br>
    <em class="replaceable"><code>boolean</code></em> );<br>
keep-response-order { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
key-directory <em class="replaceable"><code>quoted_string</code></em>;<br>
lame-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
@ -305,10 +305,10 @@ options
masterfile-style ( full | relative );<br>
match-mapped-addresses <em class="replaceable"><code>boolean</code></em>;<br>
max-cache-size ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> | <em class="replaceable"><code>percentage</code></em> );<br>
max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
max-cache-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
max-clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
max-journal-size ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
max-ncache-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
max-records <em class="replaceable"><code>integer</code></em>;<br>
max-recursion-depth <em class="replaceable"><code>integer</code></em>;<br>
max-recursion-queries <em class="replaceable"><code>integer</code></em>;<br>
@ -325,6 +325,8 @@ options
memstatistics <em class="replaceable"><code>boolean</code></em>;<br>
memstatistics-file <em class="replaceable"><code>quoted_string</code></em>;<br>
message-compression <em class="replaceable"><code>boolean</code></em>;<br>
min-cache-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
min-ncache-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
min-refresh-time <em class="replaceable"><code>integer</code></em>;<br>
min-retry-time <em class="replaceable"><code>integer</code></em>;<br>
minimal-any <em class="replaceable"><code>boolean</code></em>;<br>
@ -349,6 +351,7 @@ options
preferred-glue <em class="replaceable"><code>string</code></em>;<br>
prefetch <em class="replaceable"><code>integer</code></em> [ <em class="replaceable"><code>integer</code></em> ];<br>
provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
qname-minimization ( strict | relaxed | disabled | off );<br>
query-source ( ( [ address ] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [ port (<br>
    <em class="replaceable"><code>integer</code></em> | * ) ] ) | ( [ [ address ] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) ]<br>
    port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
@ -388,18 +391,18 @@ options
response-padding { <em class="replaceable"><code>address_match_element</code></em>; ... } block-size<br>
    <em class="replaceable"><code>integer</code></em>;<br>
response-policy { zone <em class="replaceable"><code>quoted_string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [<br>
    max-policy-ttl <em class="replaceable"><code>integer</code></em> ] [ min-update-interval <em class="replaceable"><code>integer</code></em> ] [<br>
    max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
    policy ( cname | disabled | drop | given | no-op | nodata |<br>
    nxdomain | passthru | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [<br>
    recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
    nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [ break-dnssec <em class="replaceable"><code>boolean</code></em> ] [<br>
    max-policy-ttl <em class="replaceable"><code>integer</code></em> ] [ min-update-interval <em class="replaceable"><code>integer</code></em> ] [<br>
    max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
    min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
    qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
    nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
    dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em><br>
    } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>string</code></em>; ... } ];<br>
root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
@ -449,6 +452,7 @@ options
use-v4-udp-ports { <em class="replaceable"><code>portrange</code></em>; ... };<br>
use-v6-udp-ports { <em class="replaceable"><code>portrange</code></em>; ... };<br>
v6-bias <em class="replaceable"><code>integer</code></em>;<br>
validate-except { <em class="replaceable"><code>string</code></em>; ... };<br>
version ( <em class="replaceable"><code>quoted_string</code></em> | none );<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
@ -549,13 +553,14 @@ view
    <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>masters</code></em> | <em class="replaceable"><code>ipv4_address</code></em> [<br>
    port <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port <em class="replaceable"><code>integer</code></em> ] ) [ key<br>
    <em class="replaceable"><code>string</code></em> ]; ... } ] [ zone-directory <em class="replaceable"><code>quoted_string</code></em> ] [<br>
    in-memory <em class="replaceable"><code>boolean</code></em> ] [ min-update-interval <em class="replaceable"><code>integer</code></em> ]; ... };<br>
    in-memory <em class="replaceable"><code>boolean</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ]; ... };<br>
check-dup-records ( fail | warn | ignore );<br>
check-integrity <em class="replaceable"><code>boolean</code></em>;<br>
check-mx ( fail | warn | ignore );<br>
check-mx-cname ( fail | warn | ignore );<br>
check-names ( master | slave | response<br>
    ) ( fail | warn | ignore );<br>
check-names ( primary | master |<br>
    secondary | slave | response ) (<br>
    fail | warn | ignore );<br>
check-sibling <em class="replaceable"><code>boolean</code></em>;<br>
check-spf ( warn | ignore );<br>
check-srv-cname ( fail | warn | ignore );<br>
@ -563,9 +568,9 @@ view
cleaning-interval <em class="replaceable"><code>integer</code></em>;<br>
clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
deny-answer-addresses { <em class="replaceable"><code>address_match_element</code></em>; ... } [<br>
    except-from { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
deny-answer-aliases { <em class="replaceable"><code>quoted_string</code></em>; ... } [ except-from {<br>
    <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
    except-from { <em class="replaceable"><code>string</code></em>; ... } ];<br>
deny-answer-aliases { <em class="replaceable"><code>string</code></em>; ... } [ except-from { <em class="replaceable"><code>string</code></em>; ...<br>
    } ];<br>
dialup ( notify | notify-passive | passive | refresh | <em class="replaceable"><code>boolean</code></em> );<br>
disable-algorithms <em class="replaceable"><code>string</code></em> { <em class="replaceable"><code>string</code></em>;<br>
    ... };<br>
@ -586,6 +591,7 @@ view
};<br>
dns64-contact <em class="replaceable"><code>string</code></em>;<br>
dns64-server <em class="replaceable"><code>string</code></em>;<br>
dnskey-sig-validity <em class="replaceable"><code>integer</code></em>;<br>
dnsrps-enable <em class="replaceable"><code>boolean</code></em>;<br>
dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em> };<br>
dnssec-accept-expired <em class="replaceable"><code>boolean</code></em>;<br>
@ -598,8 +604,8 @@ view
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-update-mode ( maintain | no-resign );<br>
dnssec-validation ( yes | no | auto );<br>
dnstap { ( all | auth | client | forwarder |<br>
    resolver ) [ ( query | response ) ]; ... };<br>
dnstap { ( all | auth | client | forwarder | resolver | update ) [<br>
    ( query | response ) ]; ... };<br>
dual-stack-servers [ port <em class="replaceable"><code>integer</code></em> ] { ( <em class="replaceable"><code>quoted_string</code></em> [ port<br>
    <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv4_address</code></em> [ port<br>
    <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ] | <em class="replaceable"><code>ipv6_address</code></em> [ port<br>
@ -621,7 +627,8 @@ view
    | <em class="replaceable"><code>ipv6_address</code></em> ) [ port <em class="replaceable"><code>integer</code></em> ] [ dscp <em class="replaceable"><code>integer</code></em> ]; ... };<br>
glue-cache <em class="replaceable"><code>boolean</code></em>;<br>
inline-signing <em class="replaceable"><code>boolean</code></em>;<br>
ixfr-from-differences ( master | slave | <em class="replaceable"><code>boolean</code></em> );<br>
ixfr-from-differences ( primary | master | secondary | slave |<br>
    <em class="replaceable"><code>boolean</code></em> );<br>
key <em class="replaceable"><code>string</code></em> {<br>
algorithm <em class="replaceable"><code>string</code></em>;<br>
secret <em class="replaceable"><code>string</code></em>;<br>
@ -638,10 +645,10 @@ view
match-destinations { <em class="replaceable"><code>address_match_element</code></em>; ... };<br>
match-recursive-only <em class="replaceable"><code>boolean</code></em>;<br>
max-cache-size ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> | <em class="replaceable"><code>percentage</code></em> );<br>
max-cache-ttl <em class="replaceable"><code>integer</code></em>;<br>
max-cache-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
max-clients-per-query <em class="replaceable"><code>integer</code></em>;<br>
max-journal-size ( default | unlimited | <em class="replaceable"><code>sizeval</code></em> );<br>
max-ncache-ttl <em class="replaceable"><code>integer</code></em>;<br>
max-ncache-ttl <em class="replaceable"><code>ttlval</code></em>;<br>
max-records <em class="replaceable"><code>integer</code></em>;<br>
max-recursion-depth <em class="replaceable"><code>integer</code></em>;<br>
max-recursion-queries <em class="replaceable"><code>integer</code></em>;<br>
@ -676,6 +683,7 @@ view
preferred-glue <em class="replaceable"><code>string</code></em>;<br>
prefetch <em class="replaceable"><code>integer</code></em> [ <em class="replaceable"><code>integer</code></em> ];<br>
provide-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
qname-minimization ( strict | relaxed | disabled | off );<br>
query-source ( ( [ address ] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) [ port (<br>
    <em class="replaceable"><code>integer</code></em> | * ) ] ) | ( [ [ address ] ( <em class="replaceable"><code>ipv4_address</code></em> | * ) ]<br>
    port ( <em class="replaceable"><code>integer</code></em> | * ) ) ) [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
@ -710,18 +718,18 @@ view
response-padding { <em class="replaceable"><code>address_match_element</code></em>; ... } block-size<br>
    <em class="replaceable"><code>integer</code></em>;<br>
response-policy { zone <em class="replaceable"><code>quoted_string</code></em> [ log <em class="replaceable"><code>boolean</code></em> ] [<br>
    max-policy-ttl <em class="replaceable"><code>integer</code></em> ] [ min-update-interval <em class="replaceable"><code>integer</code></em> ] [<br>
    max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
    policy ( cname | disabled | drop | given | no-op | nodata |<br>
    nxdomain | passthru | tcp-only <em class="replaceable"><code>quoted_string</code></em> ) ] [<br>
    recursive-only <em class="replaceable"><code>boolean</code></em> ] [ nsip-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
    nsdname-enable <em class="replaceable"><code>boolean</code></em> ]; ... } [ break-dnssec <em class="replaceable"><code>boolean</code></em> ] [<br>
    max-policy-ttl <em class="replaceable"><code>integer</code></em> ] [ min-update-interval <em class="replaceable"><code>integer</code></em> ] [<br>
    max-policy-ttl <em class="replaceable"><code>ttlval</code></em> ] [ min-update-interval <em class="replaceable"><code>ttlval</code></em> ] [<br>
    min-ns-dots <em class="replaceable"><code>integer</code></em> ] [ nsip-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [<br>
    qname-wait-recurse <em class="replaceable"><code>boolean</code></em> ] [ recursive-only <em class="replaceable"><code>boolean</code></em> ] [<br>
    nsip-enable <em class="replaceable"><code>boolean</code></em> ] [ nsdname-enable <em class="replaceable"><code>boolean</code></em> ] [<br>
    dnsrps-enable <em class="replaceable"><code>boolean</code></em> ] [ dnsrps-options { <em class="replaceable"><code>unspecified-text</code></em><br>
    } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>quoted_string</code></em>; ... } ];<br>
root-delegation-only [ exclude { <em class="replaceable"><code>string</code></em>; ... } ];<br>
root-key-sentinel <em class="replaceable"><code>boolean</code></em>;<br>
rrset-order { [ class <em class="replaceable"><code>string</code></em> ] [ type <em class="replaceable"><code>string</code></em> ] [ name<br>
    <em class="replaceable"><code>quoted_string</code></em> ] <em class="replaceable"><code>string</code></em> <em class="replaceable"><code>string</code></em>; ... };<br>
@ -783,6 +791,7 @@ view
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
v6-bias <em class="replaceable"><code>integer</code></em>;<br>
validate-except { <em class="replaceable"><code>string</code></em>; ... };<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl-cache <em class="replaceable"><code>boolean</code></em>;<br>
zone <em class="replaceable"><code>string</code></em> [ <em class="replaceable"><code>class</code></em> ] {<br>
@ -815,6 +824,7 @@ view
dialup ( notify | notify-passive | passive | refresh |<br>
    <em class="replaceable"><code>boolean</code></em> );<br>
dlz <em class="replaceable"><code>string</code></em>;<br>
dnskey-sig-validity <em class="replaceable"><code>integer</code></em>;<br>
dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
@ -860,9 +870,8 @@ view
request-expire <em class="replaceable"><code>boolean</code></em>;<br>
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
serial-update-method ( date | increment | unixtime );<br>
server-addresses { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [<br>
    port <em class="replaceable"><code>integer</code></em> ]; ... };<br>
server-names { <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
server-addresses { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ); ... };<br>
server-names { <em class="replaceable"><code>string</code></em>; ... };<br>
sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
@ -872,14 +881,15 @@ view
transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port (<br>
    <em class="replaceable"><code>integer</code></em> | * ) ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
type ( delegation-only | forward | hint | master | redirect<br>
    | slave | static-stub | stub );<br>
type ( primary | master | secondary | slave | mirror |<br>
    delegation-only | forward | hint | redirect |<br>
    static-stub | stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> (<br>
    6to4-self | external | krb5-self | krb5-subdomain |<br>
    ms-self | ms-subdomain | name | self | selfsub |<br>
    selfwild | subdomain | tcp-self | wildcard | zonesub )<br>
    [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
    6to4-self | external | krb5-self | krb5-selfsub |<br>
    krb5-subdomain | ms-self | ms-selfsub | ms-subdomain |<br>
    name | self | selfsub | selfwild | subdomain | tcp-self<br>
    | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>
@ -921,6 +931,7 @@ zone
delegation-only <em class="replaceable"><code>boolean</code></em>;<br>
dialup ( notify | notify-passive | passive | refresh | <em class="replaceable"><code>boolean</code></em> );<br>
dlz <em class="replaceable"><code>string</code></em>;<br>
dnskey-sig-validity <em class="replaceable"><code>integer</code></em>;<br>
dnssec-dnskey-kskonly <em class="replaceable"><code>boolean</code></em>;<br>
dnssec-loadkeys-interval <em class="replaceable"><code>integer</code></em>;<br>
dnssec-secure-to-insecure <em class="replaceable"><code>boolean</code></em>;<br>
@ -962,9 +973,8 @@ zone
request-expire <em class="replaceable"><code>boolean</code></em>;<br>
request-ixfr <em class="replaceable"><code>boolean</code></em>;<br>
serial-update-method ( date | increment | unixtime );<br>
server-addresses { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ) [ port<br>
    <em class="replaceable"><code>integer</code></em> ]; ... };<br>
server-names { <em class="replaceable"><code>quoted_string</code></em>; ... };<br>
server-addresses { ( <em class="replaceable"><code>ipv4_address</code></em> | <em class="replaceable"><code>ipv6_address</code></em> ); ... };<br>
server-names { <em class="replaceable"><code>string</code></em>; ... };<br>
sig-signing-nodes <em class="replaceable"><code>integer</code></em>;<br>
sig-signing-signatures <em class="replaceable"><code>integer</code></em>;<br>
sig-signing-type <em class="replaceable"><code>integer</code></em>;<br>
@ -974,13 +984,15 @@ zone
transfer-source-v6 ( <em class="replaceable"><code>ipv6_address</code></em> | * ) [ port ( <em class="replaceable"><code>integer</code></em> | * )<br>
    ] [ dscp <em class="replaceable"><code>integer</code></em> ];<br>
try-tcp-refresh <em class="replaceable"><code>boolean</code></em>;<br>
type ( delegation-only | forward | hint | master | redirect | slave<br>
    | static-stub | stub );<br>
type ( primary | master | secondary | slave | mirror |<br>
    delegation-only | forward | hint | redirect | static-stub |<br>
    stub );<br>
update-check-ksk <em class="replaceable"><code>boolean</code></em>;<br>
update-policy ( local | { ( deny | grant ) <em class="replaceable"><code>string</code></em> ( 6to4-self |<br>
    external | krb5-self | krb5-subdomain | ms-self | ms-subdomain<br>
    | name | self | selfsub | selfwild | subdomain | tcp-self |<br>
    wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ] <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
    external | krb5-self | krb5-selfsub | krb5-subdomain | ms-self<br>
    | ms-selfsub | ms-subdomain | name | self | selfsub | selfwild<br>
    | subdomain | tcp-self | wildcard | zonesub ) [ <em class="replaceable"><code>string</code></em> ]<br>
    <em class="replaceable"><code>rrtypelist</code></em>; ... };<br>
use-alt-transfer-source <em class="replaceable"><code>boolean</code></em>;<br>
zero-no-soa-ttl <em class="replaceable"><code>boolean</code></em>;<br>
zone-statistics ( full | terse | none | <em class="replaceable"><code>boolean</code></em> );<br>

4
external/mpl/bind/dist/bin/named/unix/Makefile.in vendored
View File

@ -15,9 +15,9 @@ top_srcdir = @top_srcdir@
CINCLUDES = -I${srcdir}/include -I${srcdir}/../include \
${ISCCFG_INCLUDES} ${ISCCC_INCLUDES} \
${DNS_INCLUDES} ${ISC_INCLUDES} @DST_OPENSSL_INC@
${DNS_INCLUDES} ${ISC_INCLUDES} @OPENSSL_INCLUDES@
CDEFINES = @CRYPTO@
CDEFINES =
CWARNINGS =
OBJS = os.@O@ dlz_dlopen_driver.@O@

5
external/mpl/bind/dist/bin/named/win32/named.vcxproj.filters.in vendored
View File

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<?xml version="1.0" encoding="utf-8"?>
<Project ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup>
<Filter Include="Source Files">
@ -99,9 +99,6 @@
<ClInclude Include="..\include\named\main.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\named\seccomp.h">
<Filter>Header Files</Filter>
</ClInclude>
<ClInclude Include="..\include\named\server.h">
<Filter>Header Files</Filter>
</ClInclude>

11
external/mpl/bind/dist/bin/named/win32/named.vcxproj.in vendored
View File

@ -1,4 +1,4 @@
<?xml version="1.0" encoding="utf-8"?>
<?xml version="1.0" encoding="utf-8"?>
<Project DefaultTargets="Build" ToolsVersion="4.0" xmlns="http://schemas.microsoft.com/developer/msbuild/2003">
<ItemGroup Label="ProjectConfigurations">
<ProjectConfiguration Include="Debug|@PLATFORM@">
@ -53,7 +53,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@@USE_GSSAPI@BUILDER="Visual Studio";_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;@USE_GSSAPI@BUILDER="Visual Studio";_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -68,7 +68,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>@LIBXML2_LIB@@OPENSSL_LIB@@GSSAPI_LIB@@GEOIP_LIB@libisc.lib;libdns.lib;libisccc.lib;libisccfg.lib;libbind9.lib;libns.lib;version.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@@LIBXML2_LIB@@GSSAPI_LIB@@GEOIP_LIB@libisc.lib;libdns.lib;libisccc.lib;libisccfg.lib;libbind9.lib;libns.lib;version.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -79,7 +79,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@@USE_GSSAPI@BUILDER="Visual Studio";NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;@USE_GSSAPI@BUILDER="Visual Studio";NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -98,7 +98,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\ns\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>@LIBXML2_LIB@@OPENSSL_LIB@@GSSAPI_LIB@@GEOIP_LIB@libisc.lib;libdns.lib;libisccc.lib;libisccfg.lib;libbind9.lib;libns.lib;version.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@@LIBXML2_LIB@@GSSAPI_LIB@@GEOIP_LIB@libisc.lib;libdns.lib;libisccc.lib;libisccfg.lib;libbind9.lib;libns.lib;version.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>
@ -132,7 +132,6 @@
<ClInclude Include="..\include\named\log.h" />
<ClInclude Include="..\include\named\logconf.h" />
<ClInclude Include="..\include\named\main.h" />
<ClInclude Include="..\include\named\seccomp.h" />
<ClInclude Include="..\include\named\server.h" />
<ClInclude Include="..\include\named\statschannel.h" />
<ClInclude Include="..\include\named\tkeyconf.h" />

8
external/mpl/bind/dist/bin/nsupdate/Makefile.in vendored
View File

@ -21,15 +21,15 @@ DST_GSSAPI_INC = @DST_GSSAPI_INC@
CINCLUDES = ${DNS_INCLUDES} ${BIND9_INCLUDES} ${ISC_INCLUDES} \
${ISCCFG_INCLUDES} ${IRS_INCLUDES} ${DST_GSSAPI_INC} \
@DST_OPENSSL_INC@
@OPENSSL_INCLUDES@
CDEFINES = -DVERSION=\"${VERSION}\" @CRYPTO@ @USE_GSSAPI@
CDEFINES = -DVERSION=\"${VERSION}\" @USE_GSSAPI@
CWARNINGS =
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
IRSLIBS = ../../lib/irs/libirs.@A@

17
external/mpl/bind/dist/bin/nsupdate/nsupdate.docbook vendored
View File

@ -70,7 +70,6 @@
<arg choice="opt" rep="norepeat"><option>-t <replaceable class="parameter">timeout</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-u <replaceable class="parameter">udptimeout</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">udpretries</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-R <replaceable class="parameter">randomdev</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-v</option></arg>
<arg choice="opt" rep="norepeat"><option>-T</option></arg>
<arg choice="opt" rep="norepeat"><option>-P</option></arg>
@ -269,22 +268,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-R <replaceable class="parameter">randomdev</replaceable></term>
<listitem>
<para>
Where to obtain randomness. If the operating system
does not provide a <filename>/dev/random</filename> or
equivalent device, the default source of randomness is keyboard
input. <filename>randomdev</filename> specifies the name of
a character device or file containing random data to be used
instead of the default. The special value
<filename>keyboard</filename> indicates that keyboard input
should be used. This option may be specified multiple times.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-t <replaceable class="parameter">timeout</replaceable></term>
<listitem>

14
external/mpl/bind/dist/bin/nsupdate/nsupdate.html vendored
View File

@ -46,7 +46,6 @@
[<code class="option">-t <em class="replaceable"><code>timeout</code></em></code>]
[<code class="option">-u <em class="replaceable"><code>udptimeout</code></em></code>]
[<code class="option">-r <em class="replaceable"><code>udpretries</code></em></code>]
[<code class="option">-R <em class="replaceable"><code>randomdev</code></em></code>]
[<code class="option">-v</code>]
[<code class="option">-T</code>]
[<code class="option">-P</code>]
@ -214,19 +213,6 @@
one update request will be made.
</p>
</dd>
<dt><span class="term">-R <em class="replaceable"><code>randomdev</code></em></span></dt>
<dd>
<p>
Where to obtain randomness. If the operating system
does not provide a <code class="filename">/dev/random</code> or
equivalent device, the default source of randomness is keyboard
input. <code class="filename">randomdev</code> specifies the name of
a character device or file containing random data to be used
instead of the default. The special value
<code class="filename">keyboard</code> indicates that keyboard input
should be used. This option may be specified multiple times.
</p>
</dd>
<dt><span class="term">-t <em class="replaceable"><code>timeout</code></em></span></dt>
<dd>
<p>

8
external/mpl/bind/dist/bin/nsupdate/win32/nsupdate.vcxproj.in vendored
View File

@ -53,7 +53,7 @@
</PrecompiledHeader>
<WarningLevel>Level3</WarningLevel>
<Optimization>Disabled</Optimization>
<PreprocessorDefinitions>WIN32;@CRYPTO@@USE_GSSAPI@USE_READLINE_STATIC;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;@USE_GSSAPI@USE_READLINE_STATIC;_DEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<FunctionLevelLinking>true</FunctionLevelLinking>
<PrecompiledHeaderOutputFile>.\$(Configuration)\$(TargetName).pch</PrecompiledHeaderOutputFile>
<AssemblerListingLocation>.\$(Configuration)\</AssemblerListingLocation>
@ -68,7 +68,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>@READLINE_LIBD@@GSSAPI_LIB@@KRB5_LIB@libisc.lib;libdns.lib;libbind9.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@@READLINE_LIBD@@GSSAPI_LIB@@KRB5_LIB@libisc.lib;libdns.lib;libbind9.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -79,7 +79,7 @@
<Optimization>MaxSpeed</Optimization>
<FunctionLevelLinking>true</FunctionLevelLinking>
<IntrinsicFunctions>@INTRINSIC@</IntrinsicFunctions>
<PreprocessorDefinitions>WIN32;@CRYPTO@@USE_GSSAPI@USE_READLINE_STATIC;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<PreprocessorDefinitions>WIN32;@USE_GSSAPI@USE_READLINE_STATIC;NDEBUG;_CONSOLE;%(PreprocessorDefinitions)</PreprocessorDefinitions>
<InlineFunctionExpansion>OnlyExplicitInline</InlineFunctionExpansion>
<WholeProgramOptimization>false</WholeProgramOptimization>
<StringPooling>true</StringPooling>
@ -98,7 +98,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\irs\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>@READLINE_LIB@@GSSAPI_LIB@@KRB5_LIB@libisc.lib;libdns.lib;libbind9.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@@READLINE_LIB@@GSSAPI_LIB@@KRB5_LIB@libisc.lib;libdns.lib;libbind9.lib;libisccfg.lib;libirs.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

2
external/mpl/bind/dist/bin/pkcs11/Makefile.in vendored
View File

@ -17,7 +17,7 @@ CINCLUDES = ${ISC_INCLUDES}
CDEFINES =
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
ISCDEPLIBS = ../../lib/isc/libisc.@A@

4
external/mpl/bind/dist/bin/pkcs11/win32/pk11destroy.vcxproj.in vendored
View File

@ -70,7 +70,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -100,7 +100,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

4
external/mpl/bind/dist/bin/pkcs11/win32/pk11keygen.vcxproj.in vendored
View File

@ -70,7 +70,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -100,7 +100,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

4
external/mpl/bind/dist/bin/pkcs11/win32/pk11list.vcxproj.in vendored
View File

@ -70,7 +70,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -100,7 +100,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

4
external/mpl/bind/dist/bin/pkcs11/win32/pk11tokens.vcxproj.in vendored
View File

@ -70,7 +70,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -100,7 +100,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@libisc.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

72
external/mpl/bind/dist/bin/plugins/Makefile.in vendored Normal file
View File

@ -0,0 +1,72 @@
# Copyright (C) Internet Systems Consortium, Inc. ("ISC")
#
# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
#
# See the COPYRIGHT file distributed with this work for additional
# information regarding copyright ownership.
srcdir = @srcdir@
VPATH = @srcdir@
top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
CINCLUDES = -I${srcdir}/include -I${srcdir}/unix/include -I. \
${NS_INCLUDES} ${DNS_INCLUDES} \
${ISCCFG_INCLUDES} ${ISC_INCLUDES}
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
NSLIBS = ../../lib/ns/libns.@A@
LIBS =
SO_TARGETS = lib/filter-aaaa.@SO@
TARGETS = @SO_TARGETS@
SO_OBJS = filter-aaaa.@O@
SO_SRCS = filter-aaaa.c
CFLAGS = @CFLAGS@ @SO_CFLAGS@
SO_LDFLAGS = @LDFLAGS@ @SO_LDFLAGS@
MANPAGES = filter-aaaa.8
HTMLPAGES = filter-aaaa.html
MANOBJS = ${MANPAGES} ${HTMLPAGES}
@BIND9_MAKE_RULES@
lib/filter-aaaa.@SO@: filter-aaaa.@SO@
$(SHELL) ${top_srcdir}/mkinstalldirs `pwd`/lib
${LIBTOOL_MODE_INSTALL} ${INSTALL} filter-aaaa.@SO@ `pwd`/lib
filter-aaaa.@SO@: filter-aaaa.@O@
${LIBTOOL_MODE_LINK} @SO_LD@ ${SO_LDFLAGS} -o $@ \
filter-aaaa.@O@ ${LIBS}
doc man:: ${MANOBJS}
docclean manclean maintainer-clean::
rm -f ${MANOBJS}
clean distclean::
rm -f filter-aaaa.so
rm -f ${TARGETS} ${OBJS}
installdirs:
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${libdir}
$(SHELL) ${top_srcdir}/mkinstalldirs ${DESTDIR}${mandir}/man8
install:: filter-aaaa.@SO@ installdirs
${LIBTOOL_MODE_INSTALL} ${INSTALL_LIBRARY} filter-aaaa.@SO@ \
${DESTDIR}${libdir}
${INSTALL_DATA} ${srcdir}/filter-aaaa.8 ${DESTDIR}${mandir}/man8
uninstall::
${LIBTOOL_MODE_UNINSTALL} rm -f ${DESTDIR}${libdir}/filter-aaaa.@SO@
rm -f ${DESTDIR}${mandir}/man8/filter-aaaa.8

118
external/mpl/bind/dist/bin/plugins/filter-aaaa.8 vendored Normal file
View File

@ -0,0 +1,118 @@
.\" $NetBSD: filter-aaaa.8,v 1.1.1.1 2019/01/09 16:48:15 christos Exp $
.\"
.\" Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC")
.\"
.\" This Source Code Form is subject to the terms of the Mozilla Public
.\" License, v. 2.0. If a copy of the MPL was not distributed with this
.\" file, You can obtain one at http://mozilla.org/MPL/2.0/.
.\"
.hy 0
.ad l
'\" t
.\" Title: filter-aaaa.so
.\" Author:
.\" Generator: DocBook XSL Stylesheets v1.78.1 <http://docbook.sf.net/>
.\" Date: 2018-08-13
.\" Manual: BIND9
.\" Source: ISC
.\" Language: English
.\"
.TH "FILTER\-AAAA\&.SO" "8" "2018\-08\-13" "ISC" "BIND9"
.\" -----------------------------------------------------------------
.\" * Define some portability stuff
.\" -----------------------------------------------------------------
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.\" http://bugs.debian.org/507673
.\" http://lists.gnu.org/archive/html/groff/2009-02/msg00013.html
.\" ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
.ie \n(.g .ds Aq \(aq
.el .ds Aq '
.\" -----------------------------------------------------------------
.\" * set default formatting
.\" -----------------------------------------------------------------
.\" disable hyphenation
.nh
.\" disable justification (adjust text to left margin only)
.ad l
.\" -----------------------------------------------------------------
.\" * MAIN CONTENT STARTS HERE *
.\" -----------------------------------------------------------------
.SH "NAME"
filter-aaaa.so \- filter AAAA in DNS responses when A is present
.SH "SYNOPSIS"
.HP \w'\fBplugin\ query\ "filter\-aaaa\&.so"\fR\ 'u
\fBplugin query "filter\-aaaa\&.so"\fR [\fI{\ parameters\ }\fR];
.SH "DESCRIPTION"
.PP
\fBfilter\-aaaa\&.so\fR
is a query plugin module for
\fBnamed\fR, enabling
\fBnamed\fR
to omit some IPv6 addresses when responding to clients\&.
.PP
Until BIND 9\&.12, this feature was implemented natively in
\fBnamed\fR
and enabled with the
\fBfilter\-aaaa\fR
ACL and the
\fBfilter\-aaaa\-on\-v4\fR
and
\fBfilter\-aaaa\-on\-v6\fR
options\&. These options are now deprecated in
named\&.conf, but can be passed as parameters to the
\fBfilter\-aaaa\&.so\fR
plugin, for example:
.sp
.if n \{\
.RS 4
.\}
.nf
plugin query "/usr/local/lib/filter\-aaaa\&.so" {
filter\-aaaa\-on\-v4 yes;
filter\-aaaa\-on\-v6 yes;
filter\-aaaa { 192\&.0\&.2\&.1; 2001:db8:2::1; };
};
.fi
.if n \{\
.RE
.\}
.PP
This module is intended to aid transition from IPv4 to IPv6 by withholding IPv6 addresses from DNS clients which are not connected to the IPv6 Internet, when the name being looked up has an IPv4 address available\&. Use of this module is not recommended unless absolutely necessary\&.
.PP
Note: This mechanism can erroneously cause other servers not to give AAAA records to their clients\&. If a recursing server with both IPv6 and IPv4 network connections queries an authoritative server using this mechanism via IPv4, it will be denied AAAA records even if its client is using IPv6\&.
.SH "OPTIONS"
.PP
\fBfilter\-aaaa\fR
.RS 4
Specifies a list of client addresses for which AAAA filtering is to be applied\&. The default is
\fBany\fR\&.
.RE
.PP
\fBfilter\-aaaa\-on\-v4\fR
.RS 4
If set to
\fByes\fR, the DNS client is at an IPv4 address, in
\fBfilter\-aaaa\fR, and if the response does not include DNSSEC signatures, then all AAAA records are deleted from the response\&. This filtering applies to all responses and not only authoritative responses\&.
.sp
If set to
\fBbreak\-dnssec\fR, then AAAA records are deleted even when DNSSEC is enabled\&. As suggested by the name, this causes the response to fail to verify, because the DNSSEC protocol is designed to detect deletions\&.
.sp
This mechanism can erroneously cause other servers not to give AAAA records to their clients\&. A recursing server with both IPv6 and IPv4 network connections that queries an authoritative server using this mechanism via IPv4 will be denied AAAA records even if its client is using IPv6\&.
.RE
.PP
\fBfilter\-aaaa\-on\-v6\fR
.RS 4
Identical to
\fBfilter\-aaaa\-on\-v4\fR, except it filters AAAA responses to queries from IPv6 clients instead of IPv4 clients\&. To filter all responses, set both options to
\fByes\fR\&.
.RE
.SH "SEE ALSO"
.PP
BIND 9 Administrator Reference Manual\&.
.SH "AUTHOR"
.PP
\fBInternet Systems Consortium, Inc\&.\fR
.SH "COPYRIGHT"
.br
Copyright \(co 2018 Internet Systems Consortium, Inc. ("ISC")
.br

927
external/mpl/bind/dist/bin/plugins/filter-aaaa.c vendored Normal file
View File

@ -0,0 +1,927 @@
/* $NetBSD: filter-aaaa.c,v 1.1.1.1 2019/01/09 16:48:15 christos Exp $ */
/*
* Copyright (C) Internet Systems Consortium, Inc. ("ISC")
*
* This Source Code Form is subject to the terms of the Mozilla Public
* License, v. 2.0. If a copy of the MPL was not distributed with this
* file, You can obtain one at http://mozilla.org/MPL/2.0/.
*
* See the COPYRIGHT file distributed with this work for additional
* information regarding copyright ownership.
*/
/*! \file */
#include <config.h>
#include <inttypes.h>
#include <stdbool.h>
#include <string.h>
#include <isc/buffer.h>
#include <isc/hash.h>
#include <isc/ht.h>
#include <isc/lib.h>
#include <isc/log.h>
#include <isc/mem.h>
#include <isc/netaddr.h>
#include <isc/result.h>
#include <isc/types.h>
#include <isc/util.h>
#include <isccfg/aclconf.h>
#include <isccfg/cfg.h>
#include <isccfg/grammar.h>
#include <ns/client.h>
#include <ns/hooks.h>
#include <ns/log.h>
#include <ns/query.h>
#include <ns/types.h>
#include <dns/acl.h>
#include <dns/db.h>
#include <dns/enumtype.h>
#include <dns/log.h>
#include <dns/message.h>
#include <dns/rdataset.h>
#include <dns/result.h>
#include <dns/types.h>
#include <dns/view.h>
#define CHECK(op) \
do { \
result = (op); \
if (result != ISC_R_SUCCESS) { \
goto cleanup; \
} \
} while (0)
/*
* Possible values for the settings of filter-aaaa-on-v4 and
* filter-aaaa-on-v6: "no" is NONE, "yes" is FILTER, "break-dnssec"
* is BREAK_DNSSEC.
*/
typedef enum {
NONE = 0,
FILTER = 1,
BREAK_DNSSEC = 2
} filter_aaaa_t;
/*
* Persistent data for use by this module. This will be associated
* with client object address in the hash table, and will remain
* accessible until the client object is detached.
*/
typedef struct filter_data {
filter_aaaa_t mode;
uint32_t flags;
} filter_data_t;
typedef struct filter_instance {
ns_plugin_t *module;
isc_mem_t *mctx;
/*
* Memory pool for use with persistent data.
*/
isc_mempool_t *datapool;
/*
* Hash table associating a client object with its persistent data.
*/
isc_ht_t *ht;
/*
* Values configured when the module is loaded.
*/
filter_aaaa_t v4_aaaa;
filter_aaaa_t v6_aaaa;
dns_acl_t *aaaa_acl;
} filter_instance_t;
/*
* Per-client flags set by this module
*/
#define FILTER_AAAA_RECURSING 0x0001 /* Recursing for A */
#define FILTER_AAAA_FILTERED 0x0002 /* AAAA was removed from answer */
/*
* Client attribute tests.
*/
#define WANTDNSSEC(c) (((c)->attributes & NS_CLIENTATTR_WANTDNSSEC) != 0)
#define RECURSIONOK(c) (((c)->query.attributes & \
NS_QUERYATTR_RECURSIONOK) != 0)
/*
* Forward declarations of functions referenced in install_hooks().
*/
static ns_hookresult_t
filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp);
static ns_hookresult_t
filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp);
static ns_hookresult_t
filter_respond_any_found(void *arg, void *cbdata, isc_result_t *resp);
static ns_hookresult_t
filter_prep_response_begin(void *arg, void *cbdata, isc_result_t *resp);
static ns_hookresult_t
filter_query_done_send(void *arg, void *cbdata, isc_result_t *resp);
static ns_hookresult_t
filter_qctx_destroy(void *arg, void *cbdata, isc_result_t *resp);
/*%
* Register the functions to be called at each hook point in 'hooktable', using
* memory context 'mctx' for allocating copies of stack-allocated structures
* passed to ns_hook_add(). Make sure 'inst' will be passed as the 'cbdata'
* argument to every callback.
*/
static void
install_hooks(ns_hooktable_t *hooktable, isc_mem_t *mctx,
filter_instance_t *inst)
{
const ns_hook_t filter_init = {
.action = filter_qctx_initialize,
.action_data = inst,
};
const ns_hook_t filter_respbegin = {
.action = filter_respond_begin,
.action_data = inst,
};
const ns_hook_t filter_respanyfound = {
.action = filter_respond_any_found,
.action_data = inst,
};
const ns_hook_t filter_prepresp = {
.action = filter_prep_response_begin,
.action_data = inst,
};
const ns_hook_t filter_donesend = {
.action = filter_query_done_send,
.action_data = inst,
};
const ns_hook_t filter_destroy = {
.action = filter_qctx_destroy,
.action_data = inst,
};
ns_hook_add(hooktable, mctx, -
NS_QUERY_QCTX_INITIALIZED, &filter_init);
ns_hook_add(hooktable, mctx,
NS_QUERY_RESPOND_BEGIN, &filter_respbegin);
ns_hook_add(hooktable, mctx,
NS_QUERY_RESPOND_ANY_FOUND, &filter_respanyfound);
ns_hook_add(hooktable, mctx,
NS_QUERY_PREP_RESPONSE_BEGIN, &filter_prepresp);
ns_hook_add(hooktable, mctx,
NS_QUERY_DONE_SEND, &filter_donesend);
ns_hook_add(hooktable, mctx,
NS_QUERY_QCTX_DESTROYED, &filter_destroy);
}
/**
** Support for parsing of parameters and configuration of the module.
**/
/*
* Support for parsing of parameters.
*/
static const char *filter_aaaa_enums[] = { "break-dnssec", NULL };
static isc_result_t
parse_filter_aaaa(cfg_parser_t *pctx, const cfg_type_t *type, cfg_obj_t **ret) {
return (cfg_parse_enum_or_other(pctx, type, &cfg_type_boolean, ret));
}
static void
doc_filter_aaaa(cfg_printer_t *pctx, const cfg_type_t *type) {
cfg_doc_enum_or_other(pctx, type, &cfg_type_boolean);
}
static cfg_type_t cfg_type_filter_aaaa = {
"filter_aaaa", parse_filter_aaaa, cfg_print_ustring,
doc_filter_aaaa, &cfg_rep_string, filter_aaaa_enums,
};
static cfg_clausedef_t param_clauses[] = {
{ "filter-aaaa", &cfg_type_bracketed_aml, 0 },
{ "filter-aaaa-on-v4", &cfg_type_filter_aaaa, 0 },
{ "filter-aaaa-on-v6", &cfg_type_filter_aaaa, 0 },
};
static cfg_clausedef_t *param_clausesets[] = {
param_clauses,
NULL
};
static cfg_type_t cfg_type_parameters = {
"filter-aaaa-params", cfg_parse_mapbody, cfg_print_mapbody,
cfg_doc_mapbody, &cfg_rep_map, param_clausesets
};
static isc_result_t
parse_filter_aaaa_on(const cfg_obj_t *param_obj, const char *param_name,
filter_aaaa_t *dstp)
{
const cfg_obj_t *obj = NULL;
isc_result_t result;
result = cfg_map_get(param_obj, param_name, &obj);
if (result != ISC_R_SUCCESS) {
return (ISC_R_SUCCESS);
}
if (cfg_obj_isboolean(obj)) {
if (cfg_obj_asboolean(obj)) {
*dstp = FILTER;
} else {
*dstp = NONE;
}
} else if (strcasecmp(cfg_obj_asstring(obj), "break-dnssec") == 0) {
*dstp = BREAK_DNSSEC;
} else {
result = ISC_R_UNEXPECTED;
}
return (result);
}
static isc_result_t
check_syntax(cfg_obj_t *fmap, const void *cfg,
isc_mem_t *mctx, isc_log_t *lctx, void *actx)
{
isc_result_t result = ISC_R_SUCCESS;
const cfg_obj_t *aclobj = NULL;
dns_acl_t *acl = NULL;
filter_aaaa_t f4 = NONE, f6 = NONE;
cfg_map_get(fmap, "filter-aaaa", &aclobj);
if (aclobj == NULL) {
return (result);
}
CHECK(cfg_acl_fromconfig(aclobj, (const cfg_obj_t *) cfg,
lctx, (cfg_aclconfctx_t *) actx,
mctx, 0, &acl));
CHECK(parse_filter_aaaa_on(fmap, "filter-aaaa-on-v4", &f4));
CHECK(parse_filter_aaaa_on(fmap, "filter-aaaa-on-v6", &f6));
if ((f4 != NONE || f6 != NONE) && dns_acl_isnone(acl)) {
cfg_obj_log(aclobj, lctx, ISC_LOG_WARNING,
"\"filter-aaaa\" is 'none;' but "
"either filter-aaaa-on-v4 or filter-aaaa-on-v6 "
"is enabled");
result = ISC_R_FAILURE;
} else if (f4 == NONE && f6 == NONE && !dns_acl_isnone(acl)) {
cfg_obj_log(aclobj, lctx, ISC_LOG_WARNING,
"\"filter-aaaa\" is set but "
"neither filter-aaaa-on-v4 or filter-aaaa-on-v6 "
"is enabled");
result = ISC_R_FAILURE;
}
cleanup:
if (acl != NULL) {
dns_acl_detach(&acl);
}
return (result);
}
static isc_result_t
parse_parameters(filter_instance_t *inst, const char *parameters,
const void *cfg, const char *cfg_file, unsigned long cfg_line,
isc_mem_t *mctx, isc_log_t *lctx, void *actx)
{
isc_result_t result = ISC_R_SUCCESS;
cfg_parser_t *parser = NULL;
cfg_obj_t *param_obj = NULL;
const cfg_obj_t *obj = NULL;
isc_buffer_t b;
CHECK(cfg_parser_create(mctx, lctx, &parser));
isc_buffer_constinit(&b, parameters, strlen(parameters));
isc_buffer_add(&b, strlen(parameters));
CHECK(cfg_parse_buffer4(parser, &b, cfg_file, cfg_line,
&cfg_type_parameters, 0, &param_obj));
CHECK(check_syntax(param_obj, cfg, mctx, lctx, actx));
CHECK(parse_filter_aaaa_on(param_obj, "filter-aaaa-on-v4",
&inst->v4_aaaa));
CHECK(parse_filter_aaaa_on(param_obj, "filter-aaaa-on-v6",
&inst->v6_aaaa));
result = cfg_map_get(param_obj, "filter-aaaa", &obj);
if (result == ISC_R_SUCCESS) {
CHECK(cfg_acl_fromconfig(obj, (const cfg_obj_t *) cfg,
lctx, (cfg_aclconfctx_t *) actx,
mctx, 0, &inst->aaaa_acl));
} else {
CHECK(dns_acl_any(mctx, &inst->aaaa_acl));
}
cleanup:
if (param_obj != NULL) {
cfg_obj_destroy(parser, &param_obj);
}
if (parser != NULL) {
cfg_parser_destroy(&parser);
}
return (result);
}
/**
** Mandatory plugin API functions:
**
** - plugin_destroy
** - plugin_register
** - plugin_version
** - plugin_check
**/
/*
* Called by ns_plugin_register() to initialize the plugin and
* register hook functions into the view hook table.
*/
isc_result_t
plugin_register(const char *parameters,
const void *cfg, const char *cfg_file, unsigned long cfg_line,
isc_mem_t *mctx, isc_log_t *lctx, void *actx,
ns_hooktable_t *hooktable, void **instp)
{
filter_instance_t *inst = NULL;
isc_result_t result;
isc_log_write(lctx, NS_LOGCATEGORY_GENERAL,
NS_LOGMODULE_HOOKS, ISC_LOG_INFO,
"registering 'filter-aaaa' "
"module from %s:%lu, %s parameters",
cfg_file, cfg_line, parameters != NULL ? "with" : "no");
inst = isc_mem_get(mctx, sizeof(*inst));
memset(inst, 0, sizeof(*inst));
isc_mem_attach(mctx, &inst->mctx);
if (parameters != NULL) {
CHECK(parse_parameters(inst, parameters, cfg, cfg_file,
cfg_line, mctx, lctx, actx));
}
CHECK(isc_mempool_create(mctx, sizeof(filter_data_t),
&inst->datapool));
CHECK(isc_ht_init(&inst->ht, mctx, 16));
/*
* Fill the mempool with 1K filter_aaaa state objects at
* a time; ideally after a single allocation, the mempool will
* have enough to handle all the simultaneous queries the system
* requires and it won't be necessary to allocate more.
*
* We don't set any limit on the number of free state objects
* so that they'll always be returned to the pool and not
* freed until the pool is destroyed on shutdown.
*/
isc_mempool_setfillcount(inst->datapool, 1024);
isc_mempool_setfreemax(inst->datapool, UINT_MAX);
/*
* Set hook points in the view's hooktable.
*/
install_hooks(hooktable, mctx, inst);
*instp = inst;
cleanup:
if (result != ISC_R_SUCCESS && inst != NULL) {
plugin_destroy((void **) &inst);
}
return (result);
}
isc_result_t
plugin_check(const char *parameters,
const void *cfg, const char *cfg_file, unsigned long cfg_line,
isc_mem_t *mctx, isc_log_t *lctx, void *actx)
{
isc_result_t result = ISC_R_SUCCESS;
cfg_parser_t *parser = NULL;
cfg_obj_t *param_obj = NULL;
isc_buffer_t b;
CHECK(cfg_parser_create(mctx, lctx, &parser));
isc_buffer_constinit(&b, parameters, strlen(parameters));
isc_buffer_add(&b, strlen(parameters));
CHECK(cfg_parse_buffer4(parser, &b, cfg_file, cfg_line,
&cfg_type_parameters, 0, &param_obj));
CHECK(check_syntax(param_obj, cfg, mctx, lctx, actx));
cleanup:
if (param_obj != NULL) {
cfg_obj_destroy(parser, &param_obj);
}
if (parser != NULL) {
cfg_parser_destroy(&parser);
}
return (result);
}
/*
* Called by ns_plugins_free(); frees memory allocated by
* the module when it was registered.
*/
void
plugin_destroy(void **instp) {
filter_instance_t *inst = (filter_instance_t *) *instp;
if (inst->ht != NULL) {
isc_ht_destroy(&inst->ht);
}
if (inst->datapool != NULL) {
isc_mempool_destroy(&inst->datapool);
}
if (inst->aaaa_acl != NULL) {
dns_acl_detach(&inst->aaaa_acl);
}
isc_mem_putanddetach(&inst->mctx, inst, sizeof(*inst));
*instp = NULL;
return;
}
/*
* Returns plugin API version for compatibility checks.
*/
int
plugin_version(void) {
return (NS_PLUGIN_VERSION);
}
/**
** "filter-aaaa" feature implementation begins here.
**/
/*%
* Structure describing the filtering to be applied by process_section().
*/
typedef struct section_filter {
query_ctx_t * qctx;
filter_aaaa_t mode;
dns_section_t section;
const dns_name_t * name;
dns_rdatatype_t type;
bool only_if_a_exists;
} section_filter_t;
/*
* Check whether this is an IPv4 client.
*/
static bool
is_v4_client(ns_client_t *client) {
if (isc_sockaddr_pf(&client->peeraddr) == AF_INET) {
return (true);
}
if (isc_sockaddr_pf(&client->peeraddr) == AF_INET6 &&
IN6_IS_ADDR_V4MAPPED(&client->peeraddr.type.sin6.sin6_addr))
{
return (true);
}
return (false);
}
/*
* Check whether this is an IPv6 client.
*/
static bool
is_v6_client(ns_client_t *client) {
if (isc_sockaddr_pf(&client->peeraddr) == AF_INET6 &&
!IN6_IS_ADDR_V4MAPPED(&client->peeraddr.type.sin6.sin6_addr))
{
return (true);
}
return (false);
}
static filter_data_t *
client_state_get(const query_ctx_t *qctx, filter_instance_t *inst) {
filter_data_t *client_state = NULL;
isc_result_t result;
result = isc_ht_find(inst->ht, (const unsigned char *)&qctx->client,
sizeof(qctx->client), (void **)&client_state);
return (result == ISC_R_SUCCESS ? client_state : NULL);
}
static void
client_state_create(const query_ctx_t *qctx, filter_instance_t *inst) {
filter_data_t *client_state;
isc_result_t result;
client_state = isc_mempool_get(inst->datapool);
if (client_state == NULL) {
return;
}
client_state->mode = NONE;
client_state->flags = 0;
result = isc_ht_add(inst->ht, (const unsigned char *)&qctx->client,
sizeof(qctx->client), client_state);
RUNTIME_CHECK(result == ISC_R_SUCCESS);
}
static void
client_state_destroy(const query_ctx_t *qctx, filter_instance_t *inst) {
filter_data_t *client_state = client_state_get(qctx, inst);
isc_result_t result;
if (client_state == NULL) {
return;
}
result = isc_ht_delete(inst->ht, (const unsigned char *)&qctx->client,
sizeof(qctx->client));
RUNTIME_CHECK(result == ISC_R_SUCCESS);
isc_mempool_put(inst->datapool, client_state);
}
/*%
* Mark 'rdataset' and 'sigrdataset' as rendered, gracefully handling NULL
* pointers and non-associated rdatasets.
*/
static void
mark_as_rendered(dns_rdataset_t *rdataset, dns_rdataset_t *sigrdataset) {
if (rdataset != NULL && dns_rdataset_isassociated(rdataset)) {
rdataset->attributes |= DNS_RDATASETATTR_RENDERED;
}
if (sigrdataset != NULL && dns_rdataset_isassociated(sigrdataset)) {
sigrdataset->attributes |= DNS_RDATASETATTR_RENDERED;
}
}
/*%
* Check whether an RRset of given 'type' is present at given 'name'. If
* it is found and either it is not signed or the combination of query
* flags and configured processing 'mode' allows it, mark the RRset and its
* associated signatures as already rendered to prevent them from appearing
* in the response message stored in 'qctx'. If 'only_if_a_exists' is
* true, an RRset of type A must also exist at 'name' in order for the
* above processing to happen.
*/
static bool
process_name(query_ctx_t *qctx, filter_aaaa_t mode, const dns_name_t *name,
dns_rdatatype_t type, bool only_if_a_exists)
{
dns_rdataset_t *rdataset = NULL, *sigrdataset = NULL;
isc_result_t result;
bool modified = false;
if (only_if_a_exists) {
CHECK(dns_message_findtype(name, dns_rdatatype_a, 0, NULL));
}
dns_message_findtype(name, type, 0, &rdataset);
dns_message_findtype(name, dns_rdatatype_rrsig, type, &sigrdataset);
if (rdataset != NULL &&
(sigrdataset == NULL || !WANTDNSSEC(qctx->client) ||
mode == BREAK_DNSSEC))
{
/*
* An RRset of given 'type' was found at 'name' and at least
* one of the following is true:
*
* - the RRset is not signed,
* - the client did not set the DO bit in its request,
* - configuration allows us to tamper with signed responses.
*
* This means it is okay to filter out this RRset and its
* signatures, if any, from the response.
*/
mark_as_rendered(rdataset, sigrdataset);
modified = true;
}
cleanup:
return (modified);
}
/*%
* Apply the requested section filter, i.e. prevent (when possible, as
* determined by process_name()) RRsets of given 'type' from being rendered
* in the given 'section' of the response message stored in 'qctx'. Clear
* the AD bit if the answer and/or authority section was modified. If
* 'name' is NULL, all names in the given 'section' are processed;
* otherwise, only 'name' is. 'only_if_a_exists' is passed through to
* process_name().
*/
static void
process_section(const section_filter_t *filter) {
query_ctx_t *qctx = filter->qctx;
filter_aaaa_t mode = filter->mode;
dns_section_t section = filter->section;
const dns_name_t *name = filter->name;
dns_rdatatype_t type = filter->type;
bool only_if_a_exists = filter->only_if_a_exists;
dns_message_t *message = qctx->client->message;
isc_result_t result;
for (result = dns_message_firstname(message, section);
result == ISC_R_SUCCESS;
result = dns_message_nextname(message, section))
{
dns_name_t *cur = NULL;
dns_message_currentname(message, section, &cur);
if (name != NULL && !dns_name_equal(name, cur)) {
/*
* We only want to process 'name' and this is not it.
*/
continue;
}
if (!process_name(qctx, mode, cur, type, only_if_a_exists)) {
/*
* Response was not modified, do not touch the AD bit.
*/
continue;
}
if (section == DNS_SECTION_ANSWER ||
section == DNS_SECTION_AUTHORITY)
{
message->flags &= ~DNS_MESSAGEFLAG_AD;
}
}
}
/*
* Initialize filter state, fetching it from a memory pool and storing it
* in a hash table keyed according to the client object; this enables us to
* retrieve persistent data related to a client query for as long as the
* object persists.
*/
static ns_hookresult_t
filter_qctx_initialize(void *arg, void *cbdata, isc_result_t *resp) {
query_ctx_t *qctx = (query_ctx_t *) arg;
filter_instance_t *inst = (filter_instance_t *) cbdata;
filter_data_t *client_state;
*resp = ISC_R_UNSET;
client_state = client_state_get(qctx, inst);
if (client_state == NULL) {
client_state_create(qctx, inst);
}
return (NS_HOOK_CONTINUE);
}
/*
* Determine whether this client should have AAAA filtered or not, based on
* the client address family and the settings of filter-aaaa-on-v4 and
* filter-aaaa-on-v6.
*/
static ns_hookresult_t
filter_prep_response_begin(void *arg, void *cbdata, isc_result_t *resp) {
query_ctx_t *qctx = (query_ctx_t *) arg;
filter_instance_t *inst = (filter_instance_t *) cbdata;
filter_data_t *client_state = client_state_get(qctx, inst);
isc_result_t result;
*resp = ISC_R_UNSET;
if (client_state == NULL) {
return (NS_HOOK_CONTINUE);
}
if (inst->v4_aaaa != NONE || inst->v6_aaaa != NONE) {
result = ns_client_checkaclsilent(qctx->client, NULL,
inst->aaaa_acl, true);
if (result == ISC_R_SUCCESS &&
inst->v4_aaaa != NONE &&
is_v4_client(qctx->client))
{
client_state->mode = inst->v4_aaaa;
} else if (result == ISC_R_SUCCESS &&
inst->v6_aaaa != NONE &&
is_v6_client(qctx->client))
{
client_state->mode = inst->v6_aaaa;
}
}
return (NS_HOOK_CONTINUE);
}
/*
* Hide AAAA rrsets if there is a matching A. Trigger recursion if
* necessary to find out whether an A exists.
*
* (This version is for processing answers to explicit AAAA queries; ANY
* queries are handled in filter_respond_any_found().)
*/
static ns_hookresult_t
filter_respond_begin(void *arg, void *cbdata, isc_result_t *resp) {
query_ctx_t *qctx = (query_ctx_t *) arg;
filter_instance_t *inst = (filter_instance_t *) cbdata;
filter_data_t *client_state = client_state_get(qctx, inst);
isc_result_t result = ISC_R_UNSET;
*resp = ISC_R_UNSET;
if (client_state == NULL) {
return (NS_HOOK_CONTINUE);
}
if (client_state->mode != BREAK_DNSSEC &&
(client_state->mode != FILTER ||
(WANTDNSSEC(qctx->client) && qctx->sigrdataset != NULL &&
dns_rdataset_isassociated(qctx->sigrdataset))))
{
return (NS_HOOK_CONTINUE);
}
if (qctx->qtype == dns_rdatatype_aaaa) {
dns_rdataset_t *trdataset;
trdataset = ns_client_newrdataset(qctx->client);
result = dns_db_findrdataset(qctx->db, qctx->node,
qctx->version,
dns_rdatatype_a, 0,
qctx->client->now,
trdataset, NULL);
if (dns_rdataset_isassociated(trdataset)) {
dns_rdataset_disassociate(trdataset);
}
ns_client_putrdataset(qctx->client, &trdataset);
/*
* We found an AAAA. If we also found an A, then the AAAA
* must not be rendered.
*
* If the A is not in our cache, then any result other than
* DNS_R_DELEGATION or ISC_R_NOTFOUND means there is no A,
* and so AAAAs are okay.
*
* We assume there is no A if we can't recurse for this
* client. That might be the wrong answer, but what else
* can we do? Besides, the fact that we have the AAAA and
* are using this mechanism in the first place suggests
* that we care more about As than AAAAs, and would have
* cached an A if it existed.
*/
if (result == ISC_R_SUCCESS) {
mark_as_rendered(qctx->rdataset, qctx->sigrdataset);
qctx->client->message->flags &= ~DNS_MESSAGEFLAG_AD;
client_state->flags |= FILTER_AAAA_FILTERED;
} else if (!qctx->authoritative &&
RECURSIONOK(qctx->client) &&
(result == DNS_R_DELEGATION ||
result == ISC_R_NOTFOUND))
{
/*
* This is an ugly kludge to recurse
* for the A and discard the result.
*
* Continue to add the AAAA now.
* We'll make a note to not render it
* if the recursion for the A succeeds.
*/
result = ns_query_recurse(qctx->client,
dns_rdatatype_a,
qctx->client->query.qname,
NULL, NULL, qctx->resuming);
if (result == ISC_R_SUCCESS) {
client_state->flags |= FILTER_AAAA_RECURSING;
qctx->client->query.attributes |=
NS_QUERYATTR_RECURSING;
}
}
} else if (qctx->qtype == dns_rdatatype_a &&
(client_state->flags & FILTER_AAAA_RECURSING) != 0)
{
const section_filter_t filter_answer = {
.qctx = qctx,
.mode = client_state->mode,
.section = DNS_SECTION_ANSWER,
.name = qctx->fname,
.type = dns_rdatatype_aaaa,
};
process_section(&filter_answer);
client_state->flags &= ~FILTER_AAAA_RECURSING;
result = ns_query_done(qctx);
*resp = result;
return (NS_HOOK_RETURN);
}
*resp = result;
return (NS_HOOK_CONTINUE);
}
/*
* When answering an ANY query, remove AAAA if A is present.
*/
static ns_hookresult_t
filter_respond_any_found(void *arg, void *cbdata, isc_result_t *resp) {
query_ctx_t *qctx = (query_ctx_t *) arg;
filter_instance_t *inst = (filter_instance_t *) cbdata;
filter_data_t *client_state = client_state_get(qctx, inst);
*resp = ISC_R_UNSET;
if (client_state != NULL && client_state->mode != NONE) {
/*
* If we are authoritative, require an A record to be
* present before filtering out AAAA records; otherwise,
* just assume an A record exists even if it was not in the
* cache (and therefore is not in the response message),
* thus proceeding with filtering out AAAA records.
*/
const section_filter_t filter_answer = {
.qctx = qctx,
.mode = client_state->mode,
.section = DNS_SECTION_ANSWER,
.name = qctx->tname,
.type = dns_rdatatype_aaaa,
.only_if_a_exists = qctx->authoritative,
};
process_section(&filter_answer);
}
return (NS_HOOK_CONTINUE);
}
/*
* Hide AAAA rrsets in the additional section if there is a matching A, and
* hide NS in the authority section if AAAA was filtered in the answer
* section.
*/
static ns_hookresult_t
filter_query_done_send(void *arg, void *cbdata, isc_result_t *resp) {
query_ctx_t *qctx = (query_ctx_t *) arg;
filter_instance_t *inst = (filter_instance_t *) cbdata;
filter_data_t *client_state = client_state_get(qctx, inst);
*resp = ISC_R_UNSET;
if (client_state != NULL && client_state->mode != NONE) {
const section_filter_t filter_additional = {
.qctx = qctx,
.mode = client_state->mode,
.section = DNS_SECTION_ADDITIONAL,
.type = dns_rdatatype_aaaa,
.only_if_a_exists = true,
};
process_section(&filter_additional);
if ((client_state->flags & FILTER_AAAA_FILTERED) != 0) {
const section_filter_t filter_authority = {
.qctx = qctx,
.mode = client_state->mode,
.section = DNS_SECTION_AUTHORITY,
.type = dns_rdatatype_ns,
};
process_section(&filter_authority);
}
}
return (NS_HOOK_CONTINUE);
}
/*
* If the client is being detached, then we can delete our persistent data
* from hash table and return it to the memory pool.
*/
static ns_hookresult_t
filter_qctx_destroy(void *arg, void *cbdata, isc_result_t *resp) {
query_ctx_t *qctx = (query_ctx_t *) arg;
filter_instance_t *inst = (filter_instance_t *) cbdata;
*resp = ISC_R_UNSET;
if (!qctx->detach_client) {
return (NS_HOOK_CONTINUE);
}
client_state_destroy(qctx, inst);
return (NS_HOOK_CONTINUE);
}

146
external/mpl/bind/dist/bin/plugins/filter-aaaa.docbook vendored Normal file
View File

@ -0,0 +1,146 @@
<!--
- Copyright (C) Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-
- See the COPYRIGHT file distributed with this work for additional
- information regarding copyright ownership.
-->
<!-- Converted by db4-upgrade version 1.0 -->
<refentry xmlns:db="http://docbook.org/ns/docbook" version="5.0" xml:id="man.filter-aaaa">
<info>
<date>2018-08-13</date>
</info>
<refentryinfo>
<corpname>ISC</corpname>
<corpauthor>Internet Systems Consortium, Inc.</corpauthor>
</refentryinfo>
<refmeta>
<refentrytitle><application>filter-aaaa.so</application></refentrytitle>
<manvolnum>8</manvolnum>
<refmiscinfo>BIND9</refmiscinfo>
</refmeta>
<refnamediv>
<refname><application>filter-aaaa.so</application></refname>
<refpurpose>filter AAAA in DNS responses when A is present</refpurpose>
</refnamediv>
<docinfo>
<copyright>
<year>2018</year>
<holder>Internet Systems Consortium, Inc. ("ISC")</holder>
</copyright>
</docinfo>
<refsynopsisdiv>
<cmdsynopsis sepchar=" ">
<command>plugin query "filter-aaaa.so"</command>
<arg choice="opt" rep="norepeat"><replaceable class="parameter">{ parameters }</replaceable></arg>;
</cmdsynopsis>
</refsynopsisdiv>
<refsection><info><title>DESCRIPTION</title></info>
<para>
<command>filter-aaaa.so</command> is a query plugin module for
<command>named</command>, enabling <command>named</command>
to omit some IPv6 addresses when responding to clients.
</para>
<para>
Until BIND 9.12, this feature was implemented natively in
<command>named</command> and enabled with the
<command>filter-aaaa</command> ACL and the
<command>filter-aaaa-on-v4</command> and
<command>filter-aaaa-on-v6</command> options. These options are
now deprecated in <filename>named.conf</filename>, but can be
passed as parameters to the <command>filter-aaaa.so</command>
plugin, for example:
</para>
<programlisting>
plugin query "/usr/local/lib/filter-aaaa.so" {
filter-aaaa-on-v4 yes;
filter-aaaa-on-v6 yes;
filter-aaaa { 192.0.2.1; 2001:db8:2::1; };
};
</programlisting>
<para>
This module is intended to aid transition from IPv4 to IPv6 by
withholding IPv6 addresses from DNS clients which are not connected
to the IPv6 Internet, when the name being looked up has an IPv4
address available. Use of this module is not recommended unless
absolutely necessary.
</para>
<para>
Note: This mechanism can erroneously cause other servers not to
give AAAA records to their clients. If a recursing server with
both IPv6 and IPv4 network connections queries an authoritative
server using this mechanism via IPv4, it will be denied AAAA
records even if its client is using IPv6.
</para>
</refsection>
<refsection><info><title>OPTIONS</title></info>
<variablelist>
<varlistentry>
<term><command>filter-aaaa</command></term>
<listitem>
<para>
Specifies a list of client addresses for which AAAA
filtering is to be applied. The default is
<userinput>any</userinput>.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>filter-aaaa-on-v4</command></term>
<listitem>
<para>
If set to <userinput>yes</userinput>, the DNS client is
at an IPv4 address, in <command>filter-aaaa</command>,
and if the response does not include DNSSEC signatures,
then all AAAA records are deleted from the response.
This filtering applies to all responses and not only
authoritative responses.
</para>
<para>
If set to <userinput>break-dnssec</userinput>,
then AAAA records are deleted even when DNSSEC is
enabled. As suggested by the name, this causes the
response to fail to verify, because the DNSSEC protocol is
designed to detect deletions.
</para>
<para>
This mechanism can erroneously cause other servers not to
give AAAA records to their clients. A recursing server with
both IPv6 and IPv4 network connections that queries an
authoritative server using this mechanism via IPv4 will be
denied AAAA records even if its client is using IPv6.
</para>
</listitem>
</varlistentry>
<varlistentry>
<term><command>filter-aaaa-on-v6</command></term>
<listitem>
<para>
Identical to <command>filter-aaaa-on-v4</command>,
except it filters AAAA responses to queries from IPv6
clients instead of IPv4 clients. To filter all
responses, set both options to <userinput>yes</userinput>.
</para>
</listitem>
</varlistentry>
</variablelist>
</refsection>
<refsection><info><title>SEE ALSO</title></info>
<para>
<citetitle>BIND 9 Administrator Reference Manual</citetitle>.
</para>
</refsection>
</refentry>

135
external/mpl/bind/dist/bin/plugins/filter-aaaa.html vendored Normal file
View File

@ -0,0 +1,135 @@
<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN" "http://www.w3.org/TR/html4/loose.dtd">
<!--
- Copyright (C) 2018 Internet Systems Consortium, Inc. ("ISC")
-
- This Source Code Form is subject to the terms of the Mozilla Public
- License, v. 2.0. If a copy of the MPL was not distributed with this
- file, You can obtain one at http://mozilla.org/MPL/2.0/.
-->
<html lang="en">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=ISO-8859-1">
<title>filter-aaaa.so</title>
<meta name="generator" content="DocBook XSL Stylesheets V1.78.1">
</head>
<body bgcolor="white" text="black" link="#0000FF" vlink="#840084" alink="#0000FF"><div class="refentry">
<a name="man.filter-aaaa"></a><div class="titlepage"></div>
<div class="refnamediv">
<h2>Name</h2>
<p>
<span class="application">filter-aaaa.so</span>
&#8212; filter AAAA in DNS responses when A is present
</p>
</div>
<div class="refsynopsisdiv">
<h2>Synopsis</h2>
<div class="cmdsynopsis"><p>
<code class="command">plugin query "filter-aaaa.so"</code>
[<em class="replaceable"><code>{ parameters }</code></em>];
</p></div>
</div>
<div class="refsection">
<a name="id-1.7"></a><h2>DESCRIPTION</h2>
<p>
<span class="command"><strong>filter-aaaa.so</strong></span> is a query plugin module for
<span class="command"><strong>named</strong></span>, enabling <span class="command"><strong>named</strong></span>
to omit some IPv6 addresses when responding to clients.
</p>
<p>
Until BIND 9.12, this feature was implemented natively in
<span class="command"><strong>named</strong></span> and enabled with the
<span class="command"><strong>filter-aaaa</strong></span> ACL and the
<span class="command"><strong>filter-aaaa-on-v4</strong></span> and
<span class="command"><strong>filter-aaaa-on-v6</strong></span> options. These options are
now deprecated in <code class="filename">named.conf</code>, but can be
passed as parameters to the <span class="command"><strong>filter-aaaa.so</strong></span>
plugin, for example:
</p>
<pre class="programlisting">
plugin query "/usr/local/lib/filter-aaaa.so" {
filter-aaaa-on-v4 yes;
filter-aaaa-on-v6 yes;
filter-aaaa { 192.0.2.1; 2001:db8:2::1; };
};
</pre>
<p>
This module is intended to aid transition from IPv4 to IPv6 by
withholding IPv6 addresses from DNS clients which are not connected
to the IPv6 Internet, when the name being looked up has an IPv4
address available. Use of this module is not recommended unless
absolutely necessary.
</p>
<p>
Note: This mechanism can erroneously cause other servers not to
give AAAA records to their clients. If a recursing server with
both IPv6 and IPv4 network connections queries an authoritative
server using this mechanism via IPv4, it will be denied AAAA
records even if its client is using IPv6.
</p>
</div>
<div class="refsection">
<a name="id-1.8"></a><h2>OPTIONS</h2>
<div class="variablelist"><dl class="variablelist">
<dt><span class="term"><span class="command"><strong>filter-aaaa</strong></span></span></dt>
<dd>
<p>
Specifies a list of client addresses for which AAAA
filtering is to be applied. The default is
<strong class="userinput"><code>any</code></strong>.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>filter-aaaa-on-v4</strong></span></span></dt>
<dd>
<p>
If set to <strong class="userinput"><code>yes</code></strong>, the DNS client is
at an IPv4 address, in <span class="command"><strong>filter-aaaa</strong></span>,
and if the response does not include DNSSEC signatures,
then all AAAA records are deleted from the response.
This filtering applies to all responses and not only
authoritative responses.
</p>
<p>
If set to <strong class="userinput"><code>break-dnssec</code></strong>,
then AAAA records are deleted even when DNSSEC is
enabled. As suggested by the name, this causes the
response to fail to verify, because the DNSSEC protocol is
designed to detect deletions.
</p>
<p>
This mechanism can erroneously cause other servers not to
give AAAA records to their clients. A recursing server with
both IPv6 and IPv4 network connections that queries an
authoritative server using this mechanism via IPv4 will be
denied AAAA records even if its client is using IPv6.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>filter-aaaa-on-v6</strong></span></span></dt>
<dd>
<p>
Identical to <span class="command"><strong>filter-aaaa-on-v4</strong></span>,
except it filters AAAA responses to queries from IPv6
clients instead of IPv4 clients. To filter all
responses, set both options to <strong class="userinput"><code>yes</code></strong>.
</p>
</dd>
</dl></div>
</div>
<div class="refsection">
<a name="id-1.9"></a><h2>SEE ALSO</h2>
<p>
<em class="citetitle">BIND 9 Administrator Reference Manual</em>.
</p>
</div>
</div></body>
</html>

16
external/mpl/bind/dist/bin/python/dnssec-keymgr.docbook vendored
View File

@ -49,7 +49,6 @@
<arg choice="opt" rep="norepeat"><option>-v</option></arg>
<arg choice="opt" rep="norepeat"><option>-z</option></arg>
<arg choice="opt" rep="norepeat"><option>-g <replaceable class="parameter">path</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-r <replaceable class="parameter">path</replaceable></option></arg>
<arg choice="opt" rep="norepeat"><option>-s <replaceable class="parameter">path</replaceable></option></arg>
<arg choice="opt" rep="repeat">zone</arg>
</cmdsynopsis>
@ -187,18 +186,6 @@
</listitem>
</varlistentry>
<varlistentry>
<term>-r <replaceable class="parameter">randomdev</replaceable></term>
<listitem>
<para>
Specifies a path to a file containing random data.
This is passed to the <command>dnssec-keygen</command> binary
using its <option>-r</option> option.
<!-- TODO: what to do about "-r keyboard"? -->
</para>
</listitem>
</varlistentry>
<varlistentry>
<term>-s <replaceable class="parameter">settime-path</replaceable></term>
<listitem>
@ -312,8 +299,7 @@
Takes two arguments: keytype (eihter "zsk" or "ksk") and size.
A default value for this option can be set in algorithm policies
as well as in policy classes or zone policies. If no policy is
configured, the default is 1024 bits for DSA keys and 2048 for
RSA.
configured, the default is 2048 bits for RSA keys.
</para>
</listitem>
</varlistentry>

13
external/mpl/bind/dist/bin/python/dnssec-keymgr.html vendored
View File

@ -41,7 +41,6 @@
[<code class="option">-v</code>]
[<code class="option">-z</code>]
[<code class="option">-g <em class="replaceable"><code>path</code></em></code>]
[<code class="option">-r <em class="replaceable"><code>path</code></em></code>]
[<code class="option">-s <em class="replaceable"><code>path</code></em></code>]
[zone...]
</p></div>
@ -160,15 +159,6 @@
and <span class="command"><strong>dnssec-settime</strong></span>.
</p>
</dd>
<dt><span class="term">-r <em class="replaceable"><code>randomdev</code></em></span></dt>
<dd>
<p>
Specifies a path to a file containing random data.
This is passed to the <span class="command"><strong>dnssec-keygen</strong></span> binary
using its <code class="option">-r</code> option.
</p>
</dd>
<dt><span class="term">-s <em class="replaceable"><code>settime-path</code></em></span></dt>
<dd>
<p>
@ -268,8 +258,7 @@
Takes two arguments: keytype (eihter "zsk" or "ksk") and size.
A default value for this option can be set in algorithm policies
as well as in policy classes or zone policies. If no policy is
configured, the default is 1024 bits for DSA keys and 2048 for
RSA.
configured, the default is 2048 bits for RSA keys.
</p>
</dd>
<dt><span class="term"><span class="command"><strong>keyttl</strong></span></span></dt>

6
external/mpl/bind/dist/bin/python/isc/dnskey.py.in vendored
View File

@ -30,7 +30,7 @@ class dnskey:
'Revoke', 'DSPublish', 'SyncPublish', 'SyncDelete')
_OPTS = (None, '-P', '-A', '-I', '-D', '-R', None, '-Psync', '-Dsync')
_ALGNAMES = (None, 'RSAMD5', 'DH', 'DSA', 'ECC', 'RSASHA1',
_ALGNAMES = (None, 'RSAMD5', 'DH', 'DSA', None, 'RSASHA1',
'NSEC3DSA', 'NSEC3RSASHA1', 'RSASHA256', None,
'RSASHA512', None, 'ECCGOST', 'ECDSAP256SHA256',
'ECDSAP384SHA384', 'ED25519', 'ED448')
@ -452,6 +452,10 @@ class dnskey:
if timespan is None:
timespan = self.ttl
if timespan is None:
output("WARNING: Key %s using default TTL." % repr(self))
timespan = (60*60*24)
now = time.time()
d = self.delete()
i = self.inactive()

5
external/mpl/bind/dist/bin/python/isc/keymgr.py.in vendored
View File

@ -76,7 +76,7 @@ def parse_args():
help='Path to \'dnssec-keygen\'',
metavar='path')
parser.add_argument('-r', dest='randomdev', type=str, default=None,
help='Path to a file containing random data to pass to \'dnssec-keygen\'',
help='DEPRECATED',
metavar='path')
parser.add_argument('-s', dest='settime', default=settime, type=str,
help='Path to \'dnssec-settime\'',
@ -97,6 +97,9 @@ def parse_args():
args = parser.parse_args()
if args.randomdev:
fatal("ERROR: -r option has been deprecated.")
if args.no_zsk and args.no_ksk:
fatal("ERROR: -z and -k cannot be used together.")

37
external/mpl/bind/dist/bin/python/isc/policy.py.in vendored
View File

@ -71,7 +71,7 @@ class PolicyLex:
return t
def t_ALGNAME(self, t):
r'(?i)\b(RSAMD5|DH|DSA|NSEC3DSA|ECC|RSASHA1|NSEC3RSASHA1|RSASHA256|RSASHA512|ECCGOST|ECDSAP256SHA256|ECDSAP384SHA384|ED25519|ED448)\b'
r'(?i)\b(RSAMD5|DH|ECC|RSASHA1|NSEC3RSASHA1|RSASHA256|RSASHA512|ECDSAP256SHA256|ECDSAP384SHA384|ED25519|ED448)\b'
t.value = t.value.upper()
return t
@ -132,14 +132,11 @@ class Policy:
keyttl = None
coverage = None
directory = None
valid_key_sz_per_algo = {'DSA': [512, 1024],
'NSEC3DSA': [512, 1024],
'RSAMD5': [1024, 4096],
valid_key_sz_per_algo = {'RSAMD5': [1024, 4096],
'RSASHA1': [1024, 4096],
'NSEC3RSASHA1': [512, 4096],
'RSASHA256': [1024, 4096],
'RSASHA512': [1024, 4096],
'ECCGOST': None,
'ECDSAP256SHA256': None,
'ECDSAP384SHA384': None,
'ED25519': None,
@ -265,21 +262,7 @@ class Policy:
return False, 'ZSK key size %d outside valid range %s' \
% (self.zsk_keysize, key_sz_range)
# Specific check for DSA keys
if self.algorithm in ['DSA', 'NSEC3DSA'] and \
self.ksk_keysize % 64 != 0:
return False, \
('KSK key size %d not divisible by 64 ' +
'as required for DSA') % self.ksk_keysize
if self.algorithm in ['DSA', 'NSEC3DSA'] and \
self.zsk_keysize % 64 != 0:
return False, \
('ZSK key size %d not divisible by 64 ' +
'as required for DSA') % self.zsk_keysize
if self.algorithm in ['ECCGOST', \
'ECDSAP256SHA256', \
if self.algorithm in ['ECDSAP256SHA256', \
'ECDSAP384SHA384', \
'ED25519', \
'ED448']:
@ -337,16 +320,6 @@ class dnssec_policy:
p.zsk_keysize = 2048;
# set default algorithm policies
# these need a lower default key size:
self.alg_policy['DSA'] = copy(p)
self.alg_policy['DSA'].algorithm = "DSA"
self.alg_policy['DSA'].name = "DSA"
self.alg_policy['DSA'].ksk_keysize = 1024;
self.alg_policy['NSEC3DSA'] = copy(p)
self.alg_policy['NSEC3DSA'].algorithm = "NSEC3DSA"
self.alg_policy['NSEC3DSA'].name = "NSEC3DSA"
self.alg_policy['NSEC3DSA'].ksk_keysize = 1024;
# these can use default settings
self.alg_policy['RSAMD5'] = copy(p)
@ -369,10 +342,6 @@ class dnssec_policy:
self.alg_policy['RSASHA512'].algorithm = "RSASHA512"
self.alg_policy['RSASHA512'].name = "RSASHA512"
self.alg_policy['ECCGOST'] = copy(p)
self.alg_policy['ECCGOST'].algorithm = "ECCGOST"
self.alg_policy['ECCGOST'].name = "ECCGOST"
self.alg_policy['ECDSAP256SHA256'] = copy(p)
self.alg_policy['ECDSAP256SHA256'].algorithm = "ECDSAP256SHA256"
self.alg_policy['ECDSAP256SHA256'].name = "ECDSAP256SHA256"

9
external/mpl/bind/dist/bin/python/isc/tests/policy_test.py.in vendored
View File

@ -25,15 +25,6 @@ class PolicyTest(unittest.TestCase):
self.assertEqual(p.constructed(), False)
self.assertEqual(p.validate(), (True, ""))
p = pol.policy('good_dsa.test', novalidate=True)
self.assertEqual(p.get_name(), "good_dsa.test")
self.assertEqual(p.constructed(), False)
self.assertEqual(p.validate(), (True, ""))
p = pol.policy('bad_dsa.test', novalidate=True)
self.assertEqual(p.validate(),
(False, 'ZSK key size 769 not divisible by 64 as required for DSA'))
def test_prepublish(self):
pol = policy.dnssec_policy()
pol.load('test-policies/02-prepublish.pol')

4
external/mpl/bind/dist/bin/rndc/Makefile.in vendored
View File

@ -23,8 +23,8 @@ CWARNINGS =
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
ISCCCLIBS = ../../lib/isccc/libisccc.@A@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
BIND9LIBS = ../../lib/bind9/libbind9.@A@

30
external/mpl/bind/dist/bin/rndc/rndc.docbook vendored
View File

@ -575,7 +575,7 @@
<varlistentry>
<term><userinput>nta
<optional>( -d | -f | -r | -l <replaceable>duration</replaceable>)</optional>
<optional>( -class <replaceable>class</replaceable> | -dump | -force | -remove | -lifetime <replaceable>duration</replaceable>)</optional>
<replaceable>domain</replaceable>
<optional><replaceable>view</replaceable></optional>
</userinput></term>
@ -623,7 +623,7 @@
is equivalent to <option>-remove</option>.
</para>
<para>
If <option>-dump</option> is used, any other arguments
If the <option>-dump</option> is used, any other arguments
are ignored, and a list of existing NTAs is printed
(note that this may include NTAs that are expired but
have not yet been cleaned up).
@ -640,10 +640,21 @@
lifetime, regardless of whether data could be
validated if the NTA were not present.
</para>
<para>
The view class can be specified with <option>-class</option>.
The default is class <userinput>IN</userinput>, which is
the only class for which DNSSEC is currently supported.
</para>
<para>
All of these options can be shortened, i.e., to
<option>-l</option>, <option>-r</option>, <option>-d</option>,
and <option>-f</option>.
<option>-f</option>, and <option>-c</option>.
</para>
<para>
Unrecognized options are treated as errors. To reference
a domain or view name that begins with a hyphen,
use a double-hyphen on the command line to indicate the
end of options.
</para>
</listitem>
</varlistentry>
@ -1065,11 +1076,14 @@
<listitem>
<para>
Enable, disable, or check the current status of
DNSSEC validation.
Note <command>dnssec-enable</command> also needs to be
set to <userinput>yes</userinput> or
<userinput>auto</userinput> to be effective.
It defaults to enabled.
DNSSEC validation. By default, validation is enabled.
(Note that <command>dnssec-enable</command> must also be
<userinput>yes</userinput> (the default value) for signatures
to be returned along with validated data. If validation is
enabled while <command>dnssec-enable</command> is set to
<userinput>no</userinput>, the server will validate internally,
but will not supply clients with the necessary records to allow
validity to be confirmed.)
</para>
</listitem>
</varlistentry>

30
external/mpl/bind/dist/bin/rndc/rndc.html vendored
View File

@ -484,7 +484,7 @@
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>nta
[<span class="optional">( -d | -f | -r | -l <em class="replaceable"><code>duration</code></em>)</span>]
[<span class="optional">( -class <em class="replaceable"><code>class</code></em> | -dump | -force | -remove | -lifetime <em class="replaceable"><code>duration</code></em>)</span>]
<em class="replaceable"><code>domain</code></em>
[<span class="optional"><em class="replaceable"><code>view</code></em></span>]
</code></strong></span></dt>
@ -532,7 +532,7 @@
is equivalent to <code class="option">-remove</code>.
</p>
<p>
If <code class="option">-dump</code> is used, any other arguments
If the <code class="option">-dump</code> is used, any other arguments
are ignored, and a list of existing NTAs is printed
(note that this may include NTAs that are expired but
have not yet been cleaned up).
@ -549,10 +549,21 @@
lifetime, regardless of whether data could be
validated if the NTA were not present.
</p>
<p>
The view class can be specified with <code class="option">-class</code>.
The default is class <strong class="userinput"><code>IN</code></strong>, which is
the only class for which DNSSEC is currently supported.
</p>
<p>
All of these options can be shortened, i.e., to
<code class="option">-l</code>, <code class="option">-r</code>, <code class="option">-d</code>,
and <code class="option">-f</code>.
<code class="option">-f</code>, and <code class="option">-c</code>.
</p>
<p>
Unrecognized options are treated as errors. To reference
a domain or view name that begins with a hyphen,
use a double-hyphen on the command line to indicate the
end of options.
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>querylog</code></strong> [<span class="optional"> on | off </span>] </span></dt>
@ -902,11 +913,14 @@
<dd>
<p>
Enable, disable, or check the current status of
DNSSEC validation.
Note <span class="command"><strong>dnssec-enable</strong></span> also needs to be
set to <strong class="userinput"><code>yes</code></strong> or
<strong class="userinput"><code>auto</code></strong> to be effective.
It defaults to enabled.
DNSSEC validation. By default, validation is enabled.
(Note that <span class="command"><strong>dnssec-enable</strong></span> must also be
<strong class="userinput"><code>yes</code></strong> (the default value) for signatures
to be returned along with validated data. If validation is
enabled while <span class="command"><strong>dnssec-enable</strong></span> is set to
<strong class="userinput"><code>no</code></strong>, the server will validate internally,
but will not supply clients with the necessary records to allow
validity to be confirmed.)
</p>
</dd>
<dt><span class="term"><strong class="userinput"><code>zonestatus <em class="replaceable"><code>zone</code></em> [<span class="optional"><em class="replaceable"><code>class</code></em> [<span class="optional"><em class="replaceable"><code>view</code></em></span>]</span>]</code></strong></span></dt>

4
external/mpl/bind/dist/bin/rndc/win32/rndc.vcxproj.in vendored
View File

@ -68,7 +68,7 @@
<GenerateDebugInformation>true</GenerateDebugInformation>
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>util.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@util.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemDefinitionGroup Condition="'$(Configuration)|$(Platform)'=='Release|@PLATFORM@'">
@ -98,7 +98,7 @@
<OutputFile>..\..\..\Build\$(Configuration)\$(TargetName)$(TargetExt)</OutputFile>
<LinkTimeCodeGeneration>Default</LinkTimeCodeGeneration>
<AdditionalLibraryDirectories>$(Configuration);..\..\..\lib\isc\win32\$(Configuration);..\..\..\lib\dns\win32\$(Configuration);..\..\..\lib\isccfg\win32\$(Configuration);..\..\..\lib\isccc\win32\$(Configuration);..\..\..\lib\bind9\win32\$(Configuration);%(AdditionalLibraryDirectories)</AdditionalLibraryDirectories>
<AdditionalDependencies>util.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
<AdditionalDependencies>@OPENSSL_LIB@util.lib;libisc.lib;libdns.lib;libisccfg.lib;libisccc.lib;libbind9.lib;ws2_32.lib;%(AdditionalDependencies)</AdditionalDependencies>
</Link>
</ItemDefinitionGroup>
<ItemGroup>

10
external/mpl/bind/dist/bin/tests/Makefile.in vendored
View File

@ -14,15 +14,15 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
@DST_OPENSSL_INC@
@OPENSSL_INCLUDES@
CDEFINES = @CRYPTO@
CDEFINES =
CWARNINGS =
BACKTRACECFLAGS = @BACKTRACECFLAGS@
DNSLIBS = ../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
ISCCFGLIBS = ../../lib/isccfg/libisccfg.@A@
DNSDEPLIBS = ../../lib/dns/libdns.@A@
@ -79,7 +79,7 @@ clean distclean::
check: test
test:
@for dir in $(SUBDIRS) ;\
@for dir in $(TESTDIRS) ;\
do \
( cd $$dir; $(MAKE) test ) ;\
done

2
external/mpl/bind/dist/bin/tests/named.conf vendored
View File

@ -46,6 +46,7 @@ options {
memstatistics-file "named.memstats"; // _PATH_MEMSTATS
max-cache-ttl 999;
min-cache-ttl 66;
auth-nxdomain yes; // always set AA on NXDOMAIN.
// don't set this to 'no' unless
// you know what you're doing -- older
@ -148,6 +149,7 @@ options {
min-refresh-time 777;
max-ncache-ttl 333;
min-ncache-ttl 22;
min-roots 15;
serial-queries 34;

5
external/mpl/bind/dist/bin/tests/optional/Kchild.example.+005+33180.key vendored Normal file
View File

@ -0,0 +1,5 @@
; This is a zone-signing key, keyid 33180, for child.example.
; Created: 20181025104746 (Thu Oct 25 12:47:46 2018)
; Publish: 20181025104746 (Thu Oct 25 12:47:46 2018)
; Activate: 20181025104746 (Thu Oct 25 12:47:46 2018)
child.example. IN DNSKEY 256 3 5 AwEAAb9eatC8ASzDnRApcZuxyBrvJRANRQjCXQ1FWK+8vEyXV5NIE9Km hKIV2wbq2tLBPfjNQz4BTJ9RmDINf1RayDlt6L+IQV1JCaDaMjd1zU3n SQK18Y7fMu0ww4AMKOnoVRbkIxa3zlA0chImXcfPE0q2AvKBYLzPfkPO cfplAuRkLcGUxdADCipNzCOakpcd5gfm9Sa2HlaXcw3gyI1WcE8=

13
external/mpl/bind/dist/bin/tests/optional/Kchild.example.+005+33180.private vendored Normal file
View File

@ -0,0 +1,13 @@
Private-key-format: v1.3
Algorithm: 5 (RSASHA1)
Modulus: v15q0LwBLMOdEClxm7HIGu8lEA1FCMJdDUVYr7y8TJdXk0gT0qaEohXbBura0sE9+M1DPgFMn1GYMg1/VFrIOW3ov4hBXUkJoNoyN3XNTedJArXxjt8y7TDDgAwo6ehVFuQjFrfOUDRyEiZdx88TSrYC8oFgvM9+Q85x+mUC5GQtwZTF0AMKKk3MI5qSlx3mB+b1JrYeVpdzDeDIjVZwTw==
PublicExponent: AQAB
PrivateExponent: WDsn9GU6BXGLENCK2MX3BLQN2oDDu24hiOTYJu5VwtpkPjuVKCIuNKzu9xmBGnqOIBBDWGsw8KOmEC247yOL/S53iRdBS8lI7yiqznc52RhlmrdPKXbNpVnPwil8wocw+oQYa7uvdPYxI2Yy3B/tRgUxlxSlc/LW/dr0BX2L7qr/aeOBeGSRUlCpc7tYU9a2RUaLpVxF6SlqicCpC91MAQ==
Prime1: 466f+JL66Bl4qYnkj0s9+1N3pYmdcM9Ja1AN66X4VLslA9Cm1JEaC5V9HOptfcXUk0XYEVnKeKM2lIQnvcLG0yuQHIa+pGi7P8vgQfdaRUE=
Prime2: 1yuUkTVRSbUWeUreEcHgeeBBJ61UshX7t07gnGgIr3artGdo2CVEb5//+2Mvj5bgjCQBvjBbmHNZrR0jKDRBTIGtqbBerOuhEN4AXdAEgY8=
Exponent1: KzUXbJ/P973ltR7S/hKEV66WVRbRhvf/cdsGWULs5n+BXcD59/r1W19qF9OxJZ4mYjBt+ZT1pIEsuXB+7jcJbkelGJTFlwO9DTVOgJZFTkE=
Exponent2: FTPsLertGbBIiKdB/sn2Dsx0Xy6LXAkihsu1AnSV9oRhIyPVhwcVGVLQ7Lq3YxThB648pbsqK3miapamcj3D+YAF1uTUT4Hgm0LlEll/OC0=
Coefficient: Vulw9kmmjKc+wmOukLdzheoA2hNPDVtgiynfzHybyXdqvapCoK+ZVmNFzjO0M41ATcpvya3iX0bekMQqYnBhLURNZUIyqz2nGskOjV8I5Jg=
Created: 20181025104746
Publish: 20181025104746
Activate: 20181025104746

27
external/mpl/bind/dist/bin/tests/optional/Makefile.in vendored
View File

@ -14,16 +14,17 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
CINCLUDES = ${DNS_INCLUDES} ${ISC_INCLUDES} ${ISCCFG_INCLUDES} \
@DST_OPENSSL_INC@ @DST_GSSAPI_INC@
@OPENSSL_INCLUDES@ @DST_GSSAPI_INC@
CDEFINES = @CRYPTO@ @USE_GSSAPI@
CDEFINES = @USE_GSSAPI@
CWARNINGS =
BACKTRACECFLAGS = @BACKTRACECFLAGS@
PTHREAD_CFLAGS = @PTHREAD_CFLAGS@
DNSLIBS = ../../../lib/dns/libdns.@A@ @DNS_CRYPTO_LIBS@
ISCLIBS = ../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCNOSYMLIBS = ../../../lib/isc/libisc-nosymtbl.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
ISCNOSYMLIBS = ../../../lib/isc/libisc-nosymtbl.@A@ @OPENSSL_LIBS@
ISCCFGLIBS = ../../../lib/isccfg/libisccfg.@A@
DNSDEPLIBS = ../../../lib/dns/libdns.@A@
@ -47,13 +48,9 @@ XTARGETS = adb_test@EXEEXT@ \
byname_test@EXEEXT@ \
db_test@EXEEXT@ \
dst_test@EXEEXT@ \
entropy_test@EXEEXT@ \
entropy2_test@EXEEXT@ \
gsstest@EXEEXT@ \
hash_test@EXEEXT@ \
fsaccess_test@EXEEXT@ \
inter_test@EXEEXT@ \
keyboard_test@EXEEXT@ \
lex_test@EXEEXT@ \
lfsr_test@EXEEXT@ \
log_test@EXEEXT@ \
@ -80,13 +77,9 @@ XSRCS = adb_test.c \
byname_test.c \
db_test.c \
dst_test.c \
entropy_test.c \
entropy2_test.c \
hash_test.c \
fsaccess_test.c \
gsstest.c \
inter_test.c \
keyboard_test.c \
lex_test.c \
lfsr_test.c \
log_test.c \
@ -110,7 +103,7 @@ XSRCS = adb_test.c \
# disable optimization for backtrace test to get the expected result
BTTEST_CFLAGS = ${BACKTRACECFLAGS} ${EXT_CFLAGS} ${ALL_CPPFLAGS} -g \
${ALWAYS_WARNINGS} ${STD_CWARNINGS} ${CWARNINGS}
${ALWAYS_WARNINGS} ${STD_CWARNINGS} ${CWARNINGS} ${PTHREAD_CFLAGS}
all_tests: ${XTARGETS}
@ -172,10 +165,6 @@ name_test@EXEEXT@: name_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ name_test.@O@ \
${DNSLIBS} ${ISCLIBS} ${LIBS}
hash_test@EXEEXT@: hash_test.@O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ hash_test.@O@ \
${ISCLIBS} ${LIBS}
entropy_test@EXEEXT@: entropy_test.@O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ entropy_test.@O@ \
${ISCLIBS} ${LIBS}
@ -244,10 +233,6 @@ inter_test@EXEEXT@: inter_test.@O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ inter_test.@O@ \
${ISCLIBS} ${LIBS}
keyboard_test@EXEEXT@: keyboard_test.@O@ ${ISCDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ keyboard_test.@O@ \
${ISCLIBS} ${LIBS}
sig0_test@EXEEXT@: sig0_test.@O@ ${ISCDEPLIBS} ${DNSDEPLIBS}
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${CFLAGS} ${LDFLAGS} -o $@ sig0_test.@O@ \
${DNSLIBS} ${ISCLIBS} ${LIBS}

18
external/mpl/bind/dist/bin/tests/pkcs11/Makefile.in vendored
View File

@ -13,31 +13,17 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
PROVIDER = @PKCS11_PROVIDER@
CINCLUDES = ${ISC_INCLUDES}
CDEFINES =
CDEFINES = -DPK11_LIB_LOCATION=\"${PROVIDER}\"
ISCLIBS = ../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
LIBS = ${ISCLIBS} @LIBS@
SUBDIRS = benchmarks
TARGETS = pkcs11-md5sum@EXEEXT@ pkcs11-hmacmd5@EXEEXT@
SRCS = pkcs11-md5sum.c pkcs11-hmacmd5.c
@BIND9_MAKE_RULES@
pkcs11-md5sum@EXEEXT@: @srcdir@/pkcs11-md5sum.c
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
-o $@ @srcdir@/pkcs11-md5sum.c ${LIBS}
pkcs11-hmacmd5@EXEEXT@: @srcdir@/pkcs11-hmacmd5.c
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
-o $@ @srcdir@/pkcs11-hmacmd5.c ${LIBS}
test:
clean distclean::

21
external/mpl/bind/dist/bin/tests/pkcs11/benchmarks/Makefile.in vendored
View File

@ -13,24 +13,21 @@ top_srcdir = @top_srcdir@
@BIND9_MAKE_INCLUDES@
PROVIDER = @PKCS11_PROVIDER@
CINCLUDES = ${ISC_INCLUDES}
CDEFINES =
CDEFINES = -DPK11_LIB_LOCATION=\"${PROVIDER}\"
ISCLIBS = ../../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
LIBS = ${ISCLIBS} @LIBS@
SUBDIRS =
TARGETS = session@EXEEXT@ login@EXEEXT@ random@EXEEXT@ \
sha1@EXEEXT@ create@EXEEXT@ find@EXEEXT@ \
TARGETS = session@EXEEXT@ login@EXEEXT@ \
create@EXEEXT@ find@EXEEXT@ \
pubrsa@EXEEXT@ privrsa@EXEEXT@ genrsa@EXEEXT@ \
sign@EXEEXT@ verify@EXEEXT@
SRCS = session.c login.c random.c sha1.c create.c find.c \
SRCS = session.c login.c create.c find.c \
pubrsa.c privrsa.c genrsa.c sign.c verify.c
@BIND9_MAKE_RULES@
@ -43,14 +40,6 @@ login@EXEEXT@: @srcdir@/login.c
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
-o $@ @srcdir@/login.c ${LIBS}
random@EXEEXT@: @srcdir@/random.c
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
-o $@ @srcdir@/random.c ${LIBS}
sha1@EXEEXT@: @srcdir@/sha1.c
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
-o $@ @srcdir@/sha1.c ${LIBS}
create@EXEEXT@: @srcdir@/create.c
${LIBTOOL_MODE_LINK} ${PURIFY} ${CC} ${ALL_CFLAGS} ${LDFLAGS} \
-o $@ @srcdir@/create.c ${LIBS}

10
external/mpl/bind/dist/bin/tests/system/Makefile.in vendored
View File

@ -23,7 +23,7 @@ CDEFINES = @USE_GSSAPI@
CWARNINGS =
DNSLIBS =
ISCLIBS = ../../../lib/isc/libisc.@A@ @ISC_OPENSSL_LIBS@
ISCLIBS = ../../../lib/isc/libisc.@A@ @OPENSSL_LIBS@
DNSDEPLIBS =
ISCDEPLIBS =
@ -49,7 +49,7 @@ feature-test@EXEEXT@: feature-test.@O@
# Define the tests that can be run in parallel. This should be identical to
# the definition of PARALLELDIRS in conf.sh. Note: longer-running tests
# such as serve-stale and rpzrecurse are scheduled first to get more
# such as serve-stale and rpzrecurse stale are scheduled first to get more
# benefit from parallelism.
PARALLEL = rpzrecurse serve-stale dnssec \
acl additional addzone allow-query auth autosign \
@ -62,14 +62,14 @@ PARALLEL = rpzrecurse serve-stale dnssec \
fetchlimit filter-aaaa formerr forward \
geoip glue idna inline integrity ixfr keepalive \
legacy limits logfileconfig \
masterfile masterformat metadata mkeys \
masterfile masterformat metadata mirror mkeys \
names notify nslookup nsupdate nzd2nzf \
padding pending pipelined \
padding pending pipelined qmin \
reclimit redirect resolver rndc rootkeysentinel rpz \
rrchecker rrl rrsetorder rsabigexponent runtime \
sfcache smartsign sortlist \
spf staticstub statistics statschannel stub synthfromdnssec \
tcp tools tsig tsiggss \
tcp tools tsig tsiggss ttl \
unknown upforwd verify views wildcard \
xfer xferquota zero zonechecks

1
external/mpl/bind/dist/bin/tests/system/acl/clean.sh vendored
View File

@ -21,3 +21,4 @@ rm -f */named.run
rm -f ns*/named.lock
rm -f ns*/_default.nzf
rm -f ns*/_default.nzd*
rm -f ns*/managed-keys.bind* ns*/*.mkeys*

30
external/mpl/bind/dist/bin/tests/system/acl/tests.sh vendored
View File

@ -144,36 +144,6 @@ $DIG -p ${PORT} +tcp soa example. \
@10.53.0.2 -b 10.53.0.3 > dig.out.${t}
grep "status: NOERROR" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
echo_i "testing EDNS client-subnet ACL processing"
copy_setports ns2/named6.conf.in ns2/named.conf
$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i
sleep 5
# should fail
t=`expr $t + 1`
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.2 axfr > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 || { echo_i "test $t failed" ; status=1; }
# should succeed
t=`expr $t + 1`
$DIG $DIGOPTS tsigzone. \
@10.53.0.2 -b 10.53.0.2 +subnet="10.53.0/24" axfr > dig.out.${t}
grep "^;" dig.out.${t} > /dev/null 2>&1 && { echo_i "test $t failed" ; status=1; }
echo_i "testing EDNS client-subnet response scope"
copy_setports ns2/named7.conf.in ns2/named.conf
$RNDCCMD 10.53.0.2 reload 2>&1 | sed 's/^/ns2 /' | cat_i
sleep 5
t=`expr $t + 1`
$DIG -p ${PORT} example. soa @10.53.0.2 +subnet="10.53.0.1/32" > dig.out.${t}
grep "CLIENT-SUBNET.*10.53.0.1/32/0" dig.out.${t} > /dev/null || { echo_i "test $t failed" ; status=1; }
t=`expr $t + 1`
$DIG -p ${PORT} example. soa @10.53.0.2 +subnet="192.0.2.128/32" > dig.out.${t}
grep "CLIENT-SUBNET.*192.0.2.128/32/24" dig.out.${t} > /dev/null || { echo_i "test $t failed" ; status=1; }
# AXFR tests against ns3
echo_i "testing allow-transfer ACLs against ns3 (no existing zones)"

1
external/mpl/bind/dist/bin/tests/system/additional/clean.sh vendored
View File

@ -18,3 +18,4 @@ rm -f */named.memstats
rm -f */named.conf
rm -f */named.run
rm -f ns*/named.lock
rm -f ns*/managed-keys.bind*

1
external/mpl/bind/dist/bin/tests/system/additional/ns1/named1.conf.in vendored
View File

@ -14,6 +14,7 @@ options {
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
recursion no;
dnssec-validation no;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.1; };

1
external/mpl/bind/dist/bin/tests/system/additional/ns1/named2.conf.in vendored
View File

@ -14,6 +14,7 @@ options {
notify-source 10.53.0.1;
transfer-source 10.53.0.1;
recursion no;
dnssec-validation no;
port @PORT@;
pid-file "named.pid";
listen-on { 10.53.0.1; };

Some files were not shown because too many files have changed in this diff Show More